* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/) * [Secure the Future](https://origin-researchcenter.paloaltonetworks.com/blog/category/secure-the-future/) * What Is XDR? # What Is XDR? [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fcortex-what-is-xdr%2F) [](https://twitter.com/share?text=What+Is+XDR%3F&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fcortex-what-is-xdr%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fcortex-what-is-xdr%2F&title=What+Is+XDR%3F&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2019/12/cortex-what-is-xdr/&ts=markdown) \[\](mailto:?subject=What Is XDR?) Link copied By [Mark Brozek](https://www.paloaltonetworks.com/blog/author/mark-brozek/?ts=markdown "Posts by Mark Brozek") Dec 06, 2019 3 minutes [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown) [XDR](https://www.paloaltonetworks.com/blog/tag/xdr/?ts=markdown) This post is also available in: [简体中文 (Chinese (Simplified))](https://origin-researchcenter.paloaltonetworks.com/blog/2020/05/cortex-what-is-xdr/?lang=zh-hans "Switch to Chinese (Simplified)(简体中文)") [繁體中文 (Chinese (Traditional))](https://origin-researchcenter.paloaltonetworks.com/blog/2020/05/cortex-what-is-xdr/?lang=zh-hant "Switch to Chinese (Traditional)(繁體中文)") [日本語 (Japanese)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/12/cortex-what-is-xdr/?lang=ja "Switch to Japanese(日本語)") [한국어 (Korean)](https://origin-researchcenter.paloaltonetworks.com/blog/2020/05/cortex-what-is-xdr/?lang=ko "Switch to Korean(한국어)") ![The diagram shows how Cortex XDR relates to network, endpoint, cloud and Cortex Data Lake.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/12/Top-image.png) There's been a lot of buzz about XDR as of late -- and not just from us. Analysts, competitors, seemingly everyone is talking about XDR these days. However, in the classic security industry problem of every product sounding basically the same, we are often asked to clarify. What is XDR? How does it differ from, complement and/or integrate with endpoint detection and response (EDR), endpoint protection platforms (EPP), network traffic analysis (NTA) or name-your-other-security-tool? What are the key criteria to look for when evaluating an XDR product? The short answer is that the "X" in XDR is a variable that stands for "anything," meaning XDR solutions, at their core, are detection and response platforms that can take good data from network sensors, endpoint sensors and cloud sensors, and perform analysis on that data in a central location. Our visionary CTO and co-founder Nir Zuk [coined this category](https://www.youtube.com/watch?v=c71uPTimW_A&feature=youtu.be&t=2677) in 2018, recognizing that the existing detection and response tools on the market were too narrowly focused to serve security teams' evolving needs. XDR products are designed to detect and stitch together all the available information on any threats that have evaded prevention to provide security analysts with detailed analysis of any attack that is underway. This information allows a security team to react to and resolve incidents quicker, and also allows the team to be more proactive with threat hunting. For the long answer, [read the book "XDR: Enterprise-Scale Detection and Response,"](https://start.paloaltonetworks.com/xdr-enterprise-scale-detection-and-response.html) which you can download for free. This goes into everything you need to know about what an XDR solution is and how to evaluate it for inclusion in your security toolkit, including: * Shortcomings of legacy detection and response products, and how XDR addresses them. * Required capabilities of XDR to protect against attackers who have used cloud and automation to become more powerful and sophisticated. * The definition and defining characteristics of XDR solutions. * Key use cases for XDR and how to use it to refine your overall security operations. * A detailed RFP checklist for evaluating XDR tools. ![The image breaks down how Cortex XDR and Cortex XSOAR help protect an organization.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/12/XSOAR-image.png)We truly embrace the principles outlined in this book as we continue to improve upon our own industry-leading XDR product, Cortex XDR. With Cortex XDR, we are able to automate huge chunks of triage, investigation and response processes and give analysts all the information that they need to make informed decisions on the stuff that can't be automated. We've been able to group disparate alerts into "incidents" to reduce the alert load by 50x, and we, on average, speed up the investigation process by 8x. Compared to the old incident response process, which centered around a log collector and a pile of siloed analysis tools, we've seen that XDR is dramatically more efficient, effective and scalable. That's just the start. [Cortex XDR 2.5](https://www.paloaltonetworks.com/blog/2020/09/cortex-xdr-2-5/) has taken several additional powerful steps toward eliminating blindspots, reducing alert fatigue and simplifying management. Learn more about how we're leading the way to better security operations. *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Cortex XDR 3.4: Elevating SecOps with SmartScore \& Single Sign-on](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/cortex-xdr-3-4-elevating-management-scale-security/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [#### Moving Beyond Traditional EDR](https://origin-researchcenter.paloaltonetworks.com/blog/2020/10/secops-beyond-traditional-edr/) ### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [#### XDR Listed as a Top Security and Risk Management Trend by Gartner](https://origin-researchcenter.paloaltonetworks.com/blog/2020/04/cortex-security-and-risk-management/) ### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [#### Keep Adversaries at Bay with Managed Detection and Response](https://origin-researchcenter.paloaltonetworks.com/blog/2020/04/cortex-managed-detection-and-response/) ### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Busted by Cortex XDR: a True Story of Human Intuition and AI](https://origin-researchcenter.paloaltonetworks.com/blog/2020/03/cortex-ai/) ### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown) [#### New Cortex XDR 2.0 Features Increase Flexibility](https://origin-researchcenter.paloaltonetworks.com/blog/2019/12/cortex-xdr-2-0-features/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language