Demystifying SIEM, EDR, XDR & MDR

  • Tuesday, 19 Jul 2022 3:30PM EDT (19 Jul 2022 19:30 UTC)
  • Speakers: Dr. Anton Chuvakin, Randy Watkins, CTO, Critical Start

CISOs and security practitioners are now being bombarded by new acronyms such as XDR which seem to overlap with “older” acronyms like EDR, SIEM, and MDR.

According to Gartner, XDR is mainly attractive to smaller security organizations that don’t currently have a SIEM, and it will likely not displace SIEM functionality in large and mature security operations. And according to Forrester, XDR is grounded in EDR and also on a collision course with SIEM and SOAR.

In this thought-provoking webinar, we’ll explore (and perhaps debate) questions such as:

  • If I have a SIEM and EDR, do I need XDR?
  • Is XDR a better EDR or a new SIEM?
  • If SIEM is foundational to my SOC, should I be sending all my EDR alerts to the SIEM?
  • How might XDR address traditional SIEM challenges such as data complexity, event normalization, too much noise versus false negatives, etc.?
  • Where should I send my cloud security monitoring alerts? Does XDR work in the cloud?
  • Does XDR include response? Where does SOAR fit in?
  • Is MDR about managed services related to EDR? What about Managed XDR?
  • Is XDR a hunting platform or a detection platform?
  • Does XDR take less headcount to manage and operate than standalone EDR and SIEM?
  • Should I map my MITRE ATT&CK coverage across SIEM, EDR, XDR? How?