Professional Documents
Culture Documents
Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud
Randy Watkins, CTO, Critical Start
Moderator
2. Is XDR a better EDR or a better SIEM? What data challenges still exist?
3. Is SIEM still the foundation of a SOC? Should I be sending all my EDR alerts to the SIEM?
4. Does XDR work in the cloud? How does XDR improve Cloud Detection and Response
capabilities?
2. Next-Gen SOCs may not revolve around a SIEM, but logs are still necessary.
a. Logs won’t go away, and future cloud security requires more log analysis
3. As a first step for cloud security monitoring, send cloud telemetry to your existing SIEM.
4. MITRE ATT&CK has replaced Cyber Kill-Chain as the standard catalog of adversary
techniques, so mapping detections across SIEM+EDR is essential to understanding
preparedness.
5. XDR platforms may streamline investigation, but still require headcount to respond to
alerts. This can be augmented by MDR services.
Maximizing value from your existing stack
with the CardinalOps SaaS platform
Create
MITRE ATT&CK
coverage map
& health
metrics
Identify Continuously
cost savings audit SIEM/EDR
from inefficient to identify &
queries & remediate
unused or broken, noisy,
redundant logs or missing
detections
Deliver AI-
powered
recommendations
to increase
ATT&CK coverage
Learn more:
CardinalOps.com
Resources
Thank you!
info@cardinalops.com