PARTNERS

eXtended Detection and Response (XDR)

eXtended Detection and Response (XDR) is a cross-endpoint event correlation component, capable of detecting advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS). As part of our comprehensive and integrated Environment Protection Platform, XDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.

Through Bitdefender Endpoint Security Tools , you can deploy the Incidents Sensor on your managed endpoints, to gather hardware and operating system data. Following a client-server framework, the metadata is collected and processed on both sides, and the Security Analytics component correlates the events into rich format incidents, ready for investigation in the Incidents page.

This component brings detailed information of the detected incidents, an interactive incident map, remediation actions, and integration with Sandbox Analyzer and HyperDetect.

For enhanced accuracy, XDR can integrate metadata collected by the Network Sensor, which listens to the network traffic on your environment, gathering and pre-processing metadata and sending it to the Security Analytics component to correlate it and generate extended incidents.

Note

The Network Sensor requires separate installation and activation:

See Install Network Sensor using vSphere client for details on how to deploy the Network Sensor in your environment using vSphere.

See Install Network Sensor using Hyper-V Manager for details on how to deploy the Network Sensor in your environment using Hyper-V.

In the Sensors Management tab of the Configuration menu you can set up and manage additional sensors that process data from any major cloud or local service platform your company uses. XDR interprets this data and correlates it with events from the Incidents and Network sensors to enhance the level of details in extended incidents and deliver more accurate detections.

Important

The Network Sensor, as well as the productivity, identity and cloud sensors available for integration in the Sensors Management area require a separate license key for activation.