Long time listener, first time caller here. Added to the “other" list I would say XDR = modern implementations of defense in depth. I’m only being slightly tongue in cheek when I say this. The problem with SIEM wasn’t just about marketing promises under delivering but users not feeding it useful data and useful detections. SIEM had no opinion on what to do, you had to tell it. MDR on their other hand had an opinion on what to do. It became successful, the same way sandboxing did when it came out at scale with fire-eye popularizing it. The telemetry choices were part of the tech (so you couldn’t get it wrong) and the “correlations" or alerting was useful because the problem was narrowly on malware. In the same way I see XDR as having an opinion on how defense in depth detection and response should be done. That’s obviously not a true definition of what XDR is, but why I think it becoming popular. embedded in the idea of collecting data across sources, alerting on it and acting on it (which we’ve been doing for ages) is that vendors are unconsciously applying their opinion on what to collect, why and what to do with it. They’re doing it to make money but it turns out for most people being given direction is easier than figuring it out all yourself. So maybe I should say XDR = easy button for the basics of defense in depth. ☺ Just my $.02.