Extended Detection and Response

(XDR) Checklist
Today, threat actors are not just targeting individual, single machines; of security tools to improve visibility, reduce the time to detect even
they are targeting an organization as a whole. The first machine to further and then respond quickly.
be compromised is just the starting point. From that initial entry,
XDR is a strategy that helps organizations broaden their security
the attacker can conduct further surveillance and move through the
program while recognizing the need for an expanded scope of visibility,
network to identify valuable data before stealing it. Whilst Endpoint
detection, response, and automation. Enterprise CISOs and security
Detection and Response (EDR) tools are very effective, there only needs
practitioners are invited to leverage this questionnaire as they plan
to be one weak link for the attacker to exploit. Extended Detection and
their XDR journey to stay ahead of the increasingly complex and
Response (XDR) goes beyond just the endpoint and enables security
constantly evolving cyber threats.
teams to integrate and correlate events and alerts across a wide range

Reduced Security Risk

How many core security solutions, including endpoint Does my endpoint security solution provide full
security, does my team operate today? How well and MITRE coverage?
sustainably do they integrate?
Does my endpoint security solution provide full rollback
Do we have cross-stack visibility and actionability of all the capabilities? How quickly can this action be performed
different security data streams? across multiple devices?

How many different agents/modules are required to achieve Are we adequately securing cloud workloads with behavioral
endpoint protection? What is the overhead of all these run time protection and detection?
processes on my systems?
Are we protecting and detecting threats against Identity
Are the alerts we receive high-fidelity and actionable across beyond traditional access and rights management? Do our
my security stack? security solutions provide us with the ability to effectively
retain years of historical event/alert telemetry, often required
Are we equally protected from threats across Windows,
for retrospective threat hunting but also for compliance?
Linux, MacOS, and Mobile?

Empowered Security Teams

How much time does my security team spend manually Are we able to effectively have a concise and converged
investigating and triaging alerts? view of all activities associated with a threat?

How often does my security team have to perform repetitive Are we able to make automated remediation decisions
work in responding to cyber threats? without the need for analyst intervention?

How do we automate incident response playbooks today, Does my solution provide a single, concise view of all
across our security stack, without analyst intervention in a activities associated with a threat, or are we flooded with
scalable and efficient manner? multiple discrete events about each suspicious activity?

© SentinelOne 2023 S1-XDR-Checklist-03152023

 Breaking Data Silos TCO Reduction

Do we have a single unified data lake that converges across Can we integrate additional third-party security tools
our multiple security products? (like threat intelligence and sandbox capabilities) into our
Endpoint, Identity, and Cloud threat triage and
How many resources are dedicated to maintaining my
response workflow?
security data platforms?
Is integrating with other technologies simple
Has my SIEM become a ‘dumping ground’ for security event
and frictionless?
data with little actionable value?
How much data do we ingest into our current security
Does my existing SIEM provide integrated response
data lake/SIEM? Does that include high-fidelity (and
capabilities without complex workflow creation?
high-volume) EDR data? Are there specific regulatory
How many consoles does my security team operate? requirements we must comply with for data visibility
and retention?
How easily can my security analysts find critical signals
through all the noise? What is our data retention and storage cost?

Can my security tools automatically map alerts to MITRE How many resources are dedicated to maintaining the
techniques? security data platforms?

How much time does my security team spend on the

manual correlation of data?

CISOs must take a close look at organizational objectives as well as their

current technology capabilities when selecting the best XDR solution
for their particular needs. Doing so will help ensure they receive the
most value from their investment in an XDR solution. Once a CISO
understands the strengths and process gaps related to their existing
security stack, they can use this information to qualify the capabilities
READY FOR A DEMO?
Experience the market’s leading XDR suite.
of competing security offerings. We encourage organizations to look
at how an XDR solution automates and empowers security teams,
LEARN MORE
breaks down data silos as well as provides comprehensive coverage
from endpoints to identity and multi-cloud environments.

Innovative. Trusted. Recognized.

A Leader in the 2022 Magic Record Breaking ATT&CK Evaluation 96% of Gartner Peer InsightsTM
Quadrant for Endpoint • 100% Protection. 100% Detection EDR Reviewers Recommend
Protection Platforms • Top Analytic Coverage, 3 Years Running SentinelOne Singularity
• 100% Real-time with Zero Delays

About SentinelOne sentinelone.com

SentinelOne (NYSE:S) is pioneering autonomous cybersecurity to prevent, detect, and respond to cyber attacks at faster speed, greater scale and [email protected]
higher accuracy than human-powered technology alone. The Singularity Platform offers real-time visibility and intelligent AI-powered response. + 1 855 868 3733
Achieve more capability with less complexity.

© SentinelOne 2023 S1-XDR-Checklist-03152023