Definition
Extended Detection and Response (XDR) is the evolution of EDR into a multi-source detection platform. Instead of analyzing endpoint telemetry in isolation, XDR correlates signals across endpoint, email, identity, cloud, and network - surfacing attack chains that span multiple layers. The promise: attackers who compromise a workstation (endpoint) then pivot to email (lateral movement) then exfiltrate from cloud (data theft) leave breadcrumbs in three different tools today; XDR sees them as one campaign. Implementations vary widely: native XDR (single vendor across all layers, like Symantec, Microsoft, Palo Alto) versus open XDR (vendor-agnostic platform consuming telemetry from any source). The category is still maturing; most "XDR" products in 2026 are EDR with additional integrations rather than purpose-built cross-layer platforms. Symantec's approach: combine SES Complete EDR + Email Security + DLP + CloudSOC into a coordinated detection stack.
Related terms
- EDR (Endpoint Detection and Response) - Endpoint security capability focused on detection, investigation, and response to threats that have evaded prevention.
- SIEM (Security Information and Event Management) - Platform that aggregates security events from across the environment for correlation, search, and alerting.
- SOC (Security Operations Center) - Centralized team responsible for monitoring, detecting, investigating, and responding to security incidents.