Security analytics is at the core of XDR, to address the challenge of the many diverse telemetry feeds that come from different protocols, different products, and different security layers. XDR typically includes activity data coming from many different vectors – email, endpoints, servers, cloud workloads, and networks in particular.
A security analytics engine then processes that data and triggers an alert based on defined filters, rules, or models. Analytics are what ties the information coming into the XDR platform together to identify security events and their severity.
XDR uses the best analytical technique or combination of techniques to make a detection – whether that is machine learning, data stacking, or other big data analysis. XDR analytics examines activity data and looks for different behavioral patterns across security layers to identify complex, multi-step attacks.