An organisation\u2019s ability to stay ahead of the security curve depends on two things: effective tools and capable security analysts. Unfortunately, balancing technology and human capital tends to be difficult.\nDetection and prevention technologies generate hundreds or thousands of daily alerts, exceeding the amount security teams can handle. These alerts come from many disconnected sources, leaving analysts to piece the puzzle together. There\u2019s only time to address the highest priority alerts. Low priority alerts are neglected.\nAs the threat landscape intensifies, organisations find they can\u2019t manage the high volume of security alerts. Can the next generation of tools help? \u00a0\nThe use of APIs and SIEMs\nMany organisations use APIs to integrate detection and response data. This generally involves using an expensive SIEM as the centrepiece of their security operations, which aggregates log data by parsing and normalising it, stripping away much of the valuable context.\nThis option is not perfect. What\u2019s really needed is a set of technologies to reduce the total number of alerts while also allowing analysts to efficiently assess threats so that only high-priority alerts are escalated.\nThe introduction of security response tools\nAn array of logging, detection, and response tools has come to market to help. These include Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), and Security Information and Event Management (SIEM). Each of these tools has strengths and weaknesses and can be useful against simple attacks, such as attacks that threaten just one part of the infrastructure. Most, however, are tuned for a single purpose, ill-suited to handle complex campaigns on its own.\nNewer tools such as Network Detection and Response (NDR) and User and Entity Behaviour Analytics (UEBA) are designed to address some of these shortfalls. These use Machine Learning (ML) to look for anomalies against a baseline of activity. This overcomes the challenges of detecting unknown attacks using SIEM.\nThe limitations of network-based tools\nThese tools also have limitations. Network-based products cannot monitor or track local events, like process information gathered on the endpoints. NDR also has limited depth; if EDR is deep and narrow, NDR is wide and shallow. UEBA tools are reliant on third-party logs to monitor and detect threats and analyse them to assign risk scores. However, if the third-party tools fail in their detections, or aren\u2019t logging a piece of infrastructure, then the UEBA is rendered ineffective.\nThis situation further exacerbates the skills gap. It\u2019s evident that companies need to look for tools that help security teams be more effective, automate repetitive tasks and simplify investigations.\nNext generation level XDR security\nA next generation of incident response tools has emerged to meet the need for more sophisticated extended detection and response. Known as XDR, (where the \u2018X\u2019 stands for \u2018extended\u2019 and can represent any data source) it recognises that it\u2019s inefficient to look at individual infrastructure components in isolation. XDR uses machine learning and dynamic analysis techniques to combine the capabilities and outcomes of SIEM, UEBA, NDR, and EDR.\nXDRs stitch together data from the endpoint, network, and cloud in a robust data lake. Above all, XDR provides broader visibility with more effective machine learning analytics and integrated remediation to fundamentally change threat hunting, detection, investigation, and response.\nTo learn more about how Cortex XDR is redefining SecOps read Palo Alto Networks\u2019 \u2018The Essential Guide to XDR\u2019.