Welcome to Scribd!

Webcast 122460

Uploaded by

0% found this document useful (0 votes)

4 views9 pages

This document summarizes a discussion on SIEM, EDR, XDR and MDR technologies. It introduces the speakers and outlines discussion topics including what XDR is and whether it is needed if a company already uses SIEM and EDR. The discussion notes that there is no agreement on what XDR is and whether it is better than EDR or SIEM. It provides takeaways on using XDR and SIEM together, continuing to use logs, and mapping detections across technologies. Finally, it describes how the CardinalOps platform can help maximize value from existing security stacks.

Original Description:

Original Title

webcast-122460

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

4 views9 pages

Webcast 122460

Uploaded by

Tan Do

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 9

Search inside document

Demystifying SIEM, EDR, XDR & MDR

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud
Randy Watkins, CTO, Critical Start

July 19, 2022

DR. ANTON CHUVAKIN RANDY PHIL

Security Advisor at Office of WATKINS NERAY
the CISO, Google Cloud CTO, VP/Cyber Defense Strategy
Critical Start
Discussion topics
1. What is XDR? If I have a SIEM and EDR, do I need XDR?

2. Is XDR a better EDR or a better SIEM? What data challenges still exist?

3. Is SIEM still the foundation of a SOC? Should I be sending all my EDR alerts to the SIEM?

4. Does XDR work in the cloud? How does XDR improve Cloud Detection and Response
capabilities?

5. What is Managed XDR? How is it different from MDR?

6. Does XDR save headcount or operational expenses?

7. How do I map my MITRE ATT&CK coverage across SIEM, EDR, XDR?

Discussion: SIEM or EDR? What about XDR?

• Q: What is XDR? If I have a SIEM and EDR,

do I need XDR?

• A: Nobody knows or at least agrees what

XDR is.

• Is XDR a better EDR or a better SIEM? What

data challenges still exist? The answer
depends on your definition…
Takeaways
1. XDR is the combination of EDR and SIEM capabilities (with some SOAR thrown in), but is
not a silver bullet.
a. Both are difficult individually, combining them doesn’t make it easier

2. Next-Gen SOCs may not revolve around a SIEM, but logs are still necessary.
a. Logs won’t go away, and future cloud security requires more log analysis

3. As a first step for cloud security monitoring, send cloud telemetry to your existing SIEM.
4. MITRE ATT&CK has replaced Cyber Kill-Chain as the standard catalog of adversary
techniques, so mapping detections across SIEM+EDR is essential to understanding
preparedness.
5. XDR platforms may streamline investigation, but still require headcount to respond to
alerts. This can be augmented by MDR services.
Maximizing value from your existing stack
with the CardinalOps SaaS platform

Create
MITRE ATT&CK
coverage map
& health
metrics

Identify Continuously
cost savings audit SIEM/EDR
from inefficient to identify &
queries & remediate
unused or broken, noisy,
redundant logs or missing
detections

Deliver AI-
powered
recommendations
to increase
ATT&CK coverage
Learn more:
CardinalOps.com
Resources

• Can You Do a SIEM-less SOC?

• 2022 Report: The State of SIEM Detection Risk

• Son of a Breach Podcast with Rated XDR Series

• “The Future of SIEM with Anton Chuvakin” (SANS Webinar, Archived)

• CardinalOps platform – 2-minute demo video

• Come see us at Black Hat (Booth #2710) and the Level Up Party
• Get your complimentary signed copy of “This Is How They Tell Me the World Ends:
The Cyberweapons Arms Race” (Wednesday at 4:30pm)
Q&A
AI-Powered Detection Engineering

Thank you!
info@cardinalops.com

Forrester Five Steps To A Zero Trust Network Oct 2018
Document15 pages
Forrester Five Steps To A Zero Trust Network Oct 2018
Howe Lai
No ratings yet
Mis Test 2
Document72 pages
Mis Test 2
Keno Grant
No ratings yet
Notes Founders by Diana
Document53 pages
Notes Founders by Diana
Dirio Fregosi
100% (1)
Trend Analysis Survey
Document1 page
Trend Analysis Survey
upal7815
No ratings yet
CS Product Landscape Atul Kumar
Document20 pages
CS Product Landscape Atul Kumar
bggupta18945
No ratings yet
Varutra - Corporate Profile PDF
Document14 pages
Varutra - Corporate Profile PDF
Naveen Singh
No ratings yet
Catalyst - Cybersecurity Offerings - 050522 - ENG - v3
Document18 pages
Catalyst - Cybersecurity Offerings - 050522 - ENG - v3
Justo Ebang
No ratings yet
#Ciscoitm: Download Cisco Spark Now
Document42 pages
#Ciscoitm: Download Cisco Spark Now
Ala Jebnoun
No ratings yet
Cyber Security Brochure B04
Document4 pages
Cyber Security Brochure B04
Mohamed Taufiqh
No ratings yet
4f02512e.aimm Networkassessment Trifold 2018
Document6 pages
4f02512e.aimm Networkassessment Trifold 2018
Maheshwar - Cnervis Automation
No ratings yet
CSAM-Slides V4
Document131 pages
CSAM-Slides V4
Markku Mattikainen
No ratings yet
CMN Security Manager
Document6 pages
CMN Security Manager
azzu
No ratings yet
s1 Bundles Datasheet
Document6 pages
s1 Bundles Datasheet
Yakov Márcio Morais
No ratings yet
Cirrus 8000 FT of CCSP Course
Document110 pages
Cirrus 8000 FT of CCSP Course
Kalpesh Jani
No ratings yet
Imt Security Architect
Document8 pages
Imt Security Architect
azzu
No ratings yet
Your Cybersecurity Career Blueprint Ebook RB
Document16 pages
Your Cybersecurity Career Blueprint Ebook RB
magillz
No ratings yet
System Hardening Configuration Review - Datasheet (Revised) - Controlled
Document2 pages
System Hardening Configuration Review - Datasheet (Revised) - Controlled
digitlabs.marketing
No ratings yet
Agile Development Plan 2023: Goal Actions Skills Needed How Cost Progress
Document3 pages
Agile Development Plan 2023: Goal Actions Skills Needed How Cost Progress
Grensley Pieter
No ratings yet
Distributed Energy Resource (DER) Cybersecurity Standards
Document27 pages
Distributed Energy Resource (DER) Cybersecurity Standards
Nelson
No ratings yet
Security, Privacy and Compliance: Training 2020
Document46 pages
Security, Privacy and Compliance: Training 2020
Ingrid Cardenas
No ratings yet
BRK3187-Azure-ASC-cloud Security Posture
Document24 pages
BRK3187-Azure-ASC-cloud Security Posture
Prasanna Nandakumar
No ratings yet
Strategy For Your Could Journey
Document10 pages
Strategy For Your Could Journey
Terance Francis
No ratings yet
Enterprise Security Architect21
Document6 pages
Enterprise Security Architect21
Imteyaz Ahmad
No ratings yet
XDR Buyers Guide 2023 Edition 1
Document19 pages
XDR Buyers Guide 2023 Edition 1
veth
No ratings yet
IMTEYAZCISO2023 Certx
Document7 pages
IMTEYAZCISO2023 Certx
azzu
No ratings yet
Teccrs 3800
Document431 pages
Teccrs 3800
Genus Sum
No ratings yet
Cybersecurity Frameworks: Dmzcon 09.2023
Document22 pages
Cybersecurity Frameworks: Dmzcon 09.2023
tmendis
No ratings yet
Servicenock PPT Deck
Document21 pages
Servicenock PPT Deck
mukesh mohan
No ratings yet
Azure Sentinel Workshop: Partner Overview Deck
Document17 pages
Azure Sentinel Workshop: Partner Overview Deck
lfi91509 zslsz
No ratings yet
Rapid7 Product Brochure
Document9 pages
Rapid7 Product Brochure
IM Contoso
No ratings yet
Assurance Features and Navigation: Cisco DNA Center 1.1.2 Training
Document54 pages
Assurance Features and Navigation: Cisco DNA Center 1.1.2 Training
bgpexpert
No ratings yet
Centerity CyberOps - Cyber Observability Brochure - September 2020
Document3 pages
Centerity CyberOps - Cyber Observability Brochure - September 2020
AngelobyFirulais
No ratings yet
The Forrester Wave™ - Security Analytics Platforms, Q4 2020
Document15 pages
The Forrester Wave™ - Security Analytics Platforms, Q4 2020
Mirko
No ratings yet
Security Breaches R&L June 22
Document12 pages
Security Breaches R&L June 22
Monk Suit
No ratings yet
Michael - Senior Security Engineer
Document16 pages
Michael - Senior Security Engineer
Madhav Garikapati
No ratings yet
Zero Trust Readiness Assessment: Benefits
Document3 pages
Zero Trust Readiness Assessment: Benefits
Luis Barreto
100% (1)
Cloud Security Gouvernance & Assurance
Document31 pages
Cloud Security Gouvernance & Assurance
baye omar Soce
No ratings yet
Azure Security Final Presentation
Document48 pages
Azure Security Final Presentation
stvorenje1988
No ratings yet
Checkmarx SCG
Document43 pages
Checkmarx SCG
Mossasi Chun
No ratings yet
Brksec 1023
Document72 pages
Brksec 1023
Bill Joel
No ratings yet
CAU 01 Conjur - Fundamentals Overview
Document33 pages
CAU 01 Conjur - Fundamentals Overview
Wowantus
No ratings yet
DoD CDAO Data Quality Priorities and Needs
Document11 pages
DoD CDAO Data Quality Priorities and Needs
jay
No ratings yet
Adobe Scan 06 Jul 2022
Document2 pages
Adobe Scan 06 Jul 2022
Abhiram Gavara
No ratings yet
Dhivya Felix: Education
Document3 pages
Dhivya Felix: Education
Mubin Shaikh
No ratings yet
ePROTECT 360 - Managed Security Services Presentation - BOCH Systems-Cost
Document28 pages
ePROTECT 360 - Managed Security Services Presentation - BOCH Systems-Cost
Kevin Ani
No ratings yet
Cisco XDR Security Operations Simplified Data Sheet
Document13 pages
Cisco XDR Security Operations Simplified Data Sheet
Dmitry
No ratings yet
Azuresecuritycompass
Document111 pages
Azuresecuritycompass
youssef Hae
No ratings yet
Audit Tips and Other Free Audit Resources Inside! H T TP - I T - Audit - Sans.or G
Document15 pages
Audit Tips and Other Free Audit Resources Inside! H T TP - I T - Audit - Sans.or G
Abdul Rahaman Gaffar
No ratings yet
Rapid7 Overview Brochure 2021 Digital
Document15 pages
Rapid7 Overview Brochure 2021 Digital
jesus_yustas
No ratings yet
Content - Dam - Blackberry Com - Asset - Enterprise - PDF - Evalguide 5 Tips For Evaluating Ai Driven Security Solutions
Document4 pages
Content - Dam - Blackberry Com - Asset - Enterprise - PDF - Evalguide 5 Tips For Evaluating Ai Driven Security Solutions
Carlos Barrezueta
No ratings yet
Naukri KBHANUPRASAD9y 0m
Document7 pages
Naukri KBHANUPRASAD9y 0m
Muhammad Saquib Anjum
No ratings yet
FloCon 21 - Improving Security Operations Through Security Data Discipline
Document10 pages
FloCon 21 - Improving Security Operations Through Security Data Discipline
greycompanion
No ratings yet
Final Agenda - MCCS Exchange
Document7 pages
Final Agenda - MCCS Exchange
Frank Martinez
No ratings yet
Freedom To Focus (IDR) - Partner Campaign in A Box Guide
Document10 pages
Freedom To Focus (IDR) - Partner Campaign in A Box Guide
fateh tiribark
No ratings yet
Practical Guide To Azure Cognitive Services
Document454 pages
Practical Guide To Azure Cognitive Services
kristofleroux
No ratings yet
Digital Trust: Engineering A Secure Digital Society
Document6 pages
Digital Trust: Engineering A Secure Digital Society
Nidhi Chatterjee
No ratings yet
Cybersecurity Maturity Model
Document30 pages
Cybersecurity Maturity Model
Oktay Görgülü
No ratings yet
Aws TC Security B2i Ebook
Document8 pages
Aws TC Security B2i Ebook
tedcwe
No ratings yet
Integrating Cloud Into Your IT Strategy: Bryan Doerr Ken Owens
Document37 pages
Integrating Cloud Into Your IT Strategy: Bryan Doerr Ken Owens
jrivins
No ratings yet
Ciso Workshop 3 Identity and Zero Trust User Access
Document26 pages
Ciso Workshop 3 Identity and Zero Trust User Access
dmomentsbymm
No ratings yet
Vision How-Do-They-Relate-Other-Cobit-5-Resources-A
Document34 pages
Vision How-Do-They-Relate-Other-Cobit-5-Resources-A
Carlos Emilio Torres Madrid
No ratings yet
Cybersecurity Design Principles: Building Secure Resilient Architecture
From Everand
Cybersecurity Design Principles: Building Secure Resilient Architecture
Richie Miller
No ratings yet
IBM Security Resilient Security Orchestration, Automation and Response (SOAR) Platform Privacy Add-On
Document7 pages
IBM Security Resilient Security Orchestration, Automation and Response (SOAR) Platform Privacy Add-On
Tan Do
No ratings yet
The Journey To XDR Practical Questions To Ask
Document6 pages
The Journey To XDR Practical Questions To Ask
Tan Do
No ratings yet
LM Ce Installationguide 022012 002
Document25 pages
LM Ce Installationguide 022012 002
Tan Do
No ratings yet
Orchestration of Information Technology Automation Frameworks - 508c
Document4 pages
Orchestration of Information Technology Automation Frameworks - 508c
Tan Do
No ratings yet
Pulse Survey Future Edr
Document1 page
Pulse Survey Future Edr
Tan Do
No ratings yet
Webcast 117384
Document6 pages
Webcast 117384
Tan Do
No ratings yet
License Information
Document4 pages
License Information
Tan Do
No ratings yet
Le 51601 SB Synergyfabric 180302
Document5 pages
Le 51601 SB Synergyfabric 180302
Tan Do
No ratings yet
Ixia VS PC Imperva Deployment Guide
Document41 pages
Ixia VS PC Imperva Deployment Guide
Tan Do
No ratings yet
Resilient IRP Custom Action Developer Guide
Document44 pages
Resilient IRP Custom Action Developer Guide
Tan Do
No ratings yet
Resilient IRP Function Developer Guide
Document30 pages
Resilient IRP Function Developer Guide
Tan Do
No ratings yet
Core 02
Document11 pages
Core 02
Tan Do
No ratings yet
Core 01
Document12 pages
Core 01
Tan Do
No ratings yet
VVFV
Document2 pages
VVFV
Tan Do
No ratings yet
Section D ACCA PM Notes
Document9 pages
Section D ACCA PM Notes
Corrina
No ratings yet
UNIT 1 - Reading 2 - Factoring (Page 7) E4B2
Document1 page
UNIT 1 - Reading 2 - Factoring (Page 7) E4B2
billtan
No ratings yet
Most of The Companies Do Have An Overall Organizational Structure To Cope Up With The Variety of Work That Is To Be Handled
Document7 pages
Most of The Companies Do Have An Overall Organizational Structure To Cope Up With The Variety of Work That Is To Be Handled
Lewis C Figo
100% (1)
GeM Bidding 3193152
Document4 pages
GeM Bidding 3193152
Omkar Dave
No ratings yet
Quiz-Ch1-Introduction Retailing Completed
Document3 pages
Quiz-Ch1-Introduction Retailing Completed
R.A.A.V M.D
No ratings yet
Omp A26
Document11 pages
Omp A26
carlos.vinkler
No ratings yet
Happiest Minds
Document37 pages
Happiest Minds
prabhusp7
No ratings yet
FIN005 Powerpoint
Document43 pages
FIN005 Powerpoint
vaibhavacademicmantra
No ratings yet
Reliance Retail
Document28 pages
Reliance Retail
Savan Bhatt
No ratings yet
NCFM Beginners Module
Document92 pages
NCFM Beginners Module
Sidharth Tripathi
No ratings yet
Indian Industrial Dispute Act of 1947
Document9 pages
Indian Industrial Dispute Act of 1947
SRI RAM
No ratings yet
CORPORATION
Document54 pages
CORPORATION
Thu Thảo
No ratings yet
UNICON Insurance Form
Document2 pages
UNICON Insurance Form
Jiezel Villanueva
No ratings yet
Export Finance Scheme: Foreign Currency Export Finance Facility (Fcef) 1.the Facility
Document5 pages
Export Finance Scheme: Foreign Currency Export Finance Facility (Fcef) 1.the Facility
Azhar Rana
No ratings yet
Classification of Ship Running Costs
Document2 pages
Classification of Ship Running Costs
Victor Ose Moses
100% (1)
Tax Planning vs. Tax Evasion (Sec - D2 - Sub-Group - 3)
Document16 pages
Tax Planning vs. Tax Evasion (Sec - D2 - Sub-Group - 3)
shuja
No ratings yet
Realizing Value From Capital Projects V2
Document210 pages
Realizing Value From Capital Projects V2
Subhojit Adhikary
No ratings yet
Q Mobile Marketing
Document18 pages
Q Mobile Marketing
XaĦid Waqar
100% (2)
Arbitrage Pricing Theory
Document21 pages
Arbitrage Pricing Theory
Mahesh Bhor
No ratings yet
Tasnim Rezoana Tanim: Human Resource Practices in The Context of IDLC Finance Limited Letter of Transmittal
Document25 pages
Tasnim Rezoana Tanim: Human Resource Practices in The Context of IDLC Finance Limited Letter of Transmittal
Anowarul Islam
No ratings yet
Stages of SM
Document3 pages
Stages of SM
SpUnky Rohit
No ratings yet
IDC Retail Insights Worldwide Retail Technology Strategies - 2023 July
Document1 page
IDC Retail Insights Worldwide Retail Technology Strategies - 2023 July
MD ABUL KHAYER
No ratings yet
Vendor Supply Chain Risk Management (SCRM) Template
Document47 pages
Vendor Supply Chain Risk Management (SCRM) Template
David Peñate
No ratings yet
Relocation Handbook For HR Practitioners in Singapore
Document94 pages
Relocation Handbook For HR Practitioners in Singapore
georgemtchua4385
100% (1)
Property Leaflet PDF
Document7 pages
Property Leaflet PDF
Ahmed Arab
No ratings yet
Project On Brand Awareness of Tulip
Document46 pages
Project On Brand Awareness of Tulip
Bappaditya Bhowal
100% (5)
Programme HR Conclave
Document7 pages
Programme HR Conclave
Firas Ajmal
No ratings yet
Entrepreneurship
Document19 pages
Entrepreneurship
mathew007
85% (27)