Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

Can I Have XDR Without EDR?

Yes, extended detection and response is possible without endpoint detection and response, but here's why having both is helpful.

Al Huger, Vice President and General Manager of Cisco Security Platform & Response

November 17, 2021

1 Min Read
Image of a knot
Source: via Adobe Stock

Question: Can I have extended detection and response (XDR) without implementing endpoint detection and response (EDR) first?

Al Huger, vice president and general manager of Cisco Security Platform & Response: You can absolutely have XDR without first implementing EDR. Keep in mind that any XDR solution is more useful by leveraging endpoint visibility and the capability to respond. Ultimately, most threats are headed toward an endpoint. However, tying any part of that narrative together, including the network, user, and application, and then acting on it is still very powerful – just more so for an endpoint.

Most security teams find EDR data provides essential visibility to threats, and they correlate network detection data (NDR) to complete their visibility. Hence, it is valuable to begin with EDR. However, EDR covers only managed endpoints, whereas many threats originate on cloud workloads, IoT devices, on-premises servers, and unmanaged devices – places where EDR coverage is often incomplete. Security teams with mature network visibility and response but limited EDR visibility can build their XDR from their network detection and response (NDR) capability and layer in EDR as it matures in their environments. They can manage and respond to threats via dynamic network routing and block lists, a native capability of NDR into XDR.

About the Author(s)

Al Huger

Vice President and General Manager of Cisco Security Platform & Response

Al Huger is Vice President and the General Manager of the Security Platform and Response (SP&R) business unit at Cisco, focused on delivering a world-class platform to experience Cisco's Security offerings and lead the industry in end-user protection and security analytics.

Under Al's leadership, SP&R continues to dramatically simplify SecOps' experience with industry-leading innovations and extraordinary progress in the emerging market Cisco pioneered: Extended Detection and Response (XDR). In addition to building the first-to-market integrated security platform--SecureX--Al's portfolio includes AMP for Endpoints, AMP for Networks, Email Security (Cloud Email Security, Email Security Appliance, Cloud Mailbox Defense) and Stealthwatch Analytics (Cloud and Enterprise).

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights