Trend No. 1: Extended Detection and

趋势1：新兴的扩展检测和响应功能正在不断涌现，以<br>提高检测准确性和安全性<br>XDR描述了一种安全事件检测和响应平台，该平台可自动收集和<br>核对来自多个安全产品的数据。它是概念驱动端点<br>检测和响应（EDR）解决方案的扩展（请参阅“端点检测和响应<br>解决方案市场指南”）。领先的XDR工具由安全解决方案提供商提供，这些解决方案提供商拥有广泛<br>的产品组合，并且选择了由XDR控制台统一的合作伙伴产品。当前的XDR重点<br>主要是保护最终用户及其使用的应用程序和数据，早期的候选者包括<br>思科，Fortinet，迈克菲，微软，帕洛阿尔托网络，趋势科技和赛门铁克。尽管XDR<br>工具在功能上与SIEM，安全协调，自动化和响应（SOAR）<br>工具相似，但它们的主要区别在于部署时的集成级别以及对<br>事件响应的关注。XDR系统的两个主要要求是标准化<br>数据的集中化和集中的事件响应功能，该功能可以<br>在补救过程中更改单个安全产品的状态（请参见图1）。XDR解决方案的主要目标是<br>通过将威胁情报和信号跨多个安全性进行核对来提高检测准确性。<br>解决方案，并提高了安全运营效率和生产率。

Trend No. 1: Extended Detection and Response Capabilities Are Emerging to<br>Improve Detection Accuracy and Security Productivity<br>XDR describes a security incident detection and response platform that automatically collects and<br>corelates data from multiple security products. It is an expansion of the concept driving endpoint<br>detection and response (EDR) solutions (see “Market Guide for Endpoint Detection and Response<br>Solutions”). Pioneering XDR tools are delivered by security solution providers that have a broad<br>portfolio of products and select partners’ products unified by the XDR console. Current XDR focus<br>is primarily on protecting end users and the apps and data they consume, Early candidates include<br>Cisco, Fortinet, McAfee, Microsoft, Palo Alto Networks, Trend Micro and Symantec. Although XDR<br>tools are similar in function to SIEM and security orchestration, automation and response (SOAR)<br>tools, they are primarily differentiated by the level of integration at deployment and the focus on<br>incident response. The two primary requirements of an XDR system are centralization of normalized<br>data and a centralized incident response capability that can change the state of individual security<br>products as part of the remediation process (see Figure 1). The primary goals of an XDR solution are<br>to increase detection accuracy by corelating threat intelligence and signals across multiple security<br>solutions, and improved security operations efficiency and productivity.

趋势1：扩展检测和响应能力<br>提高检测精度和安全生产效率<br>XDR描述了一个安全事件检测和响应平台，它自动收集和<br>从多个安全产品中提取数据。它是驱动端点概念的扩展<br>检测和响应（EDR）解决方案（参见“端点检测和响应市场指南<br>解决方案”）。开创性的XDR工具是由安全解决方案提供商提供的，他们拥有广泛的<br>由XDR控制台统一的产品组合和选定合作伙伴的产品。当前XDR焦点<br>主要是保护终端用户以及他们使用的应用程序和数据，早期的候选人包括<br>Cisco、Fortinet、McAfee、Microsoft、Palo Alto Networks、Trend Micro和Symantec。尽管XDR<br>工具在功能上类似于SIEM和安全编排、自动化和响应（SOAR）<br>工具，它们主要根据部署时的集成级别和<br>事件响应。XDR系统的两个主要需求是标准化的集中化<br>数据和集中事件响应能力，可改变个人安全状态<br>产品作为修复过程的一部分（见图1）。XDR的主要目标是<br>通过将威胁情报和信号集中到多个安全区域来提高检测精度<br>解决方案，提高安全运营效率和生产力。<br>