"The core requirement of XDR systems is a centralized collection of historic and real-time event data in common data formats. Event data must be available for fast indexed searches for indeﬁnite periods in scalable and high-performance storage. Another requirement is to use multiple detection techniques to combine weak signals from multiple products into strong evidence of malicious activity. In addition, XDRs are designed to enable a faster, more efﬁcient response capability aided by automation."
Gartner, Market Guide for Managed Detection and Response Services, Toby Bussa, Kelly Kavanagh, Pete Shoard, John Collins, Craig Lawson, Mitchell Schneider, 26 August 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.