Security vendors have spent the last two decades providing more of the same orchestration, detection, and response capabilities, while promising different results. The expanding attack surface, which now spans Web, Cloud, Data, Network and more, has also added a layer of complexity. SIEMs have been the foundation of security operations for decades, and that should be acknowledged. Thankfully, they re now being used more appropriately, i.e. for logging, aggregation, and archiving. An effective XDR must bring together numerous heterogeneous signals, and return a homogenous visual and analytical representation.
Source: https://www.mcafee.com/blogs/enterprise/endpoint-security/xdr-please-explain/