Extended Detection and Response (XDR)

This functionality is part of the Advanced Security + XDR protection pack, which in turn is part of the Cyber Protection service. Note that you must enable Endpoint Detection and Response (EDR) functionality in a protection plan for XDR to work.

XDR uses EDR for event correlation and identifying advanced attacks on endpoints, and then extends that functionality by identifying advanced threats across endpoints, email, identity, and beyond.

By using the XDR graph across multiple XDR integrations (including Perception Point and Microsoft Entra ID), you can also respond to incidents with specific actions available for each type of integration, such as blocking email senders or suspending users.

XDR is compatible with workstations, servers, virtual machines, and web hosting servers.