Extended detection and response (XDR) is a natural extension of the endpoint detection and response (EDR) concept, in which activities that occur after the threat prevention controls are further inspected for a potentially malicious, suspicious, or risky activity that warrants mitigation. The difference is the place (endpoint or beyond) where the actions occur. XDR solutions are progressively popular as organizations recognize the inefficiencies and, in many cases, the ineffectiveness of security infrastructures composed of many individuals´ “best-of-breed“ security products stationed in the different vendors over time. Common problems resulting from this point-product approach include Gaps in security: with each product operating in its silo, opportunities often arise for cyberattacks to enter in between. Too much security information: with each product creating individual alerts and other information, security teams can easily miss signs of cyberattacks. Uncoordinated response: with each product operating independently, it falls on the human operator to share information and coordinate response actions.