Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Demystifying SIEM, EDR, XDR & MDR

  • Tue, Jul 19, 2022
  • 3:30PM - 4:30PM UTC
  • English
  • Dr. Anton Chuvakin
  • Technical Presentation
Login to register
Webcast Hero

CISOs and security practitioners are now being bombarded by new acronyms such as XDR which seem to overlap with “older” acronyms like EDR, SIEM, and MDR.

According to Gartner, XDR is mainly attractive to smaller security organizations that don’t currently have a SIEM, and it will likely not displace SIEM functionality in large and mature security operations. And according to Forrester, XDR is grounded in EDR and also on a collision course with SIEM and SOAR.

In this thought-provoking webinar, we’ll explore (and perhaps debate) questions such as:

  • If I have a SIEM and EDR, do I need XDR?
  • Is XDR a better EDR or a new SIEM?
  • If SIEM is foundational to my SOC, should I be sending all my EDR alerts to the SIEM?
  • How might XDR address traditional SIEM challenges such as data complexity, event normalization, too much noise versus false negatives, etc.?
  • Where should I send my cloud security monitoring alerts? Does XDR work in the cloud?
  • Does XDR include response? Where does SOAR fit in?
  • Is MDR about managed services related to EDR? What about Managed XDR?
  • Is XDR a hunting platform or a detection platform?
  • Does XDR take less headcount to manage and operate than standalone EDR and SIEM?
  • Should I map my MITRE ATT&CK coverage across SIEM, EDR, XDR? How?

Meet the speaker

Dr. Anton Chuvakin
Dr. Anton Chuvakin

Dr. Anton Chuvakin

Security Advisor at Office of the CISO, Google Cloud

Dr. Anton Chuvakin is a security advisor in Google Cloud’s Office of the CISO, helping shape global cloud security strategy. A recognized expert in threat detection and SIEM, he previously served as a Gartner analyst and is credited with coining the term “EDR.” He’s also the author of several seminal books on security and co-hosts the Cloud Security Podcast by Google.

Read more about Dr. Anton Chuvakin