XDR technology is the natural evolution of antivirus solutions to be able to detect and respond to threats where an antivirus is not sufficient. Currently, antiviruses are limited to their knowledge bases to detect malware. Further, they cannot detect if a virus that has not been catalogued by the antivirus solution infects your environment or if the threat extends beyond malware (e.g. insiders, cybercriminals or other malicious actors), where it isn’t necessary to analyse a binary but rather a complete behaviour.
XDR technology is installed on endpoints (and other sources of network activity logs) to collect all logs and send it to a centralised platform, where it is converted into telemetry, which is analysed by the XDR to identify whether it corresponds to a threat or not.
It should be noted that XDR is the direct extension of EDR technology. The difference between the two is that the capabilities of an XDR extend beyond endpoints to further enrich both the telemetry it collects and the threat response capabilities.