Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
DDoS botnets for hire: New containerized malware platforms democratize...
How continuous monitoring strengthens cybersecurity defenses and risk ...
Securing collaboration and data in the agentic workspace
HKeyBio Lauched the Most Comprehesive Non-human Primate Autoimmune &am...
Clearing away the shadows of AI
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Securing collaboration and data in the agentic workspace

      Securing collaboration and data in the agentic workspace

      Thursday, September 25, 2025, 4:58 PM Asia/Singapore | Features, News, Newsletter, Tips
    • Featured

      Clearing away the shadows of AI

      Clearing away the shadows of AI

      Tuesday, September 23, 2025, 5:33 PM Asia/Singapore | Features, Newsletter
    • Featured

      Opportunities or challenges? 6 digital trends in the Oil and Gas industry

      Opportunities or challenges? 6 digital trends in the Oil and Gas industry

      Tuesday, September 23, 2025, 4:55 PM Asia/Singapore | Features, Newsletter, Opinions
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

Tips

AI in EDR/XDR: Enhancing cybersecurity with a balance of machine and human expertise

By CybersecAsia editors | Monday, April 28, 2025, 9:47 AM Asia/Singapore

AI in EDR/XDR: Enhancing cybersecurity with a balance of machine and human expertise

Explore how AI can strengthen threat detection and response; address ethical considerations, and, under constant human scrutiny, proactively keep organizations safe.

Incredibly sophisticated cyber threats have made organizations turn to AI-driven solutions to strengthen their cybersecurity posture. At the same time, Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technologies nowadays are increasingly leveraging AI and ML technology in their platforms.

According to Kaspersky, the implementation of ML has provided a platform for EDR and XDR solutions to create a normal activity baseline within organizations. Any subtle deviations from baseline can be flagged for suspicious activity. Said the firm’s AI Technology Research Center Group Manager, Vladislav Tushkanov: “AI is no longer a future concept in cybersecurity: it’s already reshaping the way we detect, respond to, and prevent threats… As cyber threats grow in scale and sophistication, AI is becoming the foundation for resilient, proactive cyber defense.”

Unlike rule-based detection systems, which rely on predefined patterns, ML-driven behavioral analysis can detect previously unknown threats, such as zero-day attacks and more advanced malware, according to the firm.

However, it is important to note that human expertise is still critical in interpreting and responding to complex or ambiguous alerts.

AI in threat hunting

The manual method of threat hunting generally involves searching logs and alerts for various items thought to be suspect. Only then can security analysts deem a possible information security risk.

This time-consuming method has been, and now some say it is becoming, less central. AI can assist with threat hunting by correlating data from many sources and uncovering indicators of compromise that would not be seen easily.

Nonetheless, effective threat hunting typically combines AI-driven insights with the experience and intuition of human analysts.

  • Minimizing the false positive rate
    When security tools generate an overwhelming number of alerts and high false positive rates, security teams may experience alert fatigue and inadvertently overlook real threats. AI is enhancing alert precision by continuously improving detection models while prioritizing threats based on risk levels.
    Therefore, while AI-driven EDR and XDR is relegated to the routine tasks of distinguishing benign anomalies from actual threats, human teams can focus on high-impact incidents and save other investigations from far more distraction, according to the firm.
    It is important to recognize, however, that AI models themselves can be subject to bias or errors, and regular review and tuning are necessary.
  • Automated incident response and remediation
    With AI, EDR and XDR platforms have a real-time capacity to respond to threats. Upon the detection of a potential attack by such a system, it could automatically trigger some predefined response actions: e.g., isolating a compromised device, blocking malicious IP addresses, or quarantining suspicious files among others. This will cut the time of incident response and lower security teams’ workloads from operational response, allowing them to focus on strategic decision-making instead.

    However, automated responses should be carefully managed to avoid unintended consequences, and human oversight remains important.
  • Predictive threat intelligence
    AI enhances the ability to comprehend threats by continuously assimilating global threat data, learning from past incidents, and predicting emerging attack patterns. EDR and XDR platforms, using ML models that have been trained on massive security datasets, can then predict incoming threats and harden defenses ahead of time. This predictive approach helps organizations stay ahead of attackers and adapt their security strategies to evolving threats.

    Still, the effectiveness of predictive models depends on the quality and diversity of the data they are trained on.

Risks, limitations and ethical considerations

While AI brings significant benefits to EDR and XDR, there are important considerations. AI and ML models can sometimes produce biased or inaccurate results if not properly trained and validated, and may raise privacy concerns due to extensive data monitoring.

Industry best practices recommend maintaining human oversight (“human-in-the-loop”) to interpret AI-driven findings and ensure ethical use. Additionally, as attackers increasingly use AI, defenders must remain vigilant against AI-generated threats and misinformation.

The future of AI in EDR and XDR

Upcoming generational improvements in AI and ML will only further strengthen the ability of EDR and XDR in accurately detecting, analyzing, and responding to threats. Some of the key trends to keep an eye on are:

  • Explainable AI: As AI systems have grown more and more complex, security teams will demand more transparency on why a decision has been made by an AI tool. XAI will clarify for analysts why certain threats are flagged and increase their trust in AI security products.
  • AI vs AI security: While cybercriminals utilize AI to evade detection, security vendors will develop countermeasures to combat AI-driven threats, leading to an ongoing AI arms race.
  • Self-learning security systems: AI models will continually develop, learning from new attack patterns and automatically adapting to new threats while minimizing the requirements for manual updates from the human side.

When EDR and XDR solutions are powered properly by AI, and deployed in a balanced approach, organizations will be able to address ethical, privacy, and operational challenges alongside technological innovation.

Share:

PreviousExploits remained the most frequently used initial infection vector in 2024: report
NextCybersecurity firm reports Telco, Entertainment, Government clients most targeted by DDoS in Q1

Related Posts

Corporate doxxing: The personal details you reveal could be doxxed against your organization

Corporate doxxing: The personal details you reveal could be doxxed against your organization

Wednesday, March 31, 2021

Will 2025 be the year of cyber-centric organizational leadership in APAC?

Will 2025 be the year of cyber-centric organizational leadership in APAC?

Friday, January 31, 2025

Passwords: what to do about them

Passwords: what to do about them

Friday, May 8, 2020

Cybercriminals have their eyes on compromising software patches now

Cybercriminals have their eyes on compromising software patches now

Tuesday, July 23, 2024

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.