Why XDR is your SIEM's new BFF...

preview_player
Показать описание
Too many incidents. Too many alerts. Not enough automated response. Your SIEM needs help! Meet, XDR! XDR can correlate alerts across security solutions into an incident to provide full context to a threat - and provide automated remediation. Sending incidents with full alert context to your SIEM is key. Yes you still need a SIEM to pull data from multi-cloud, 3rd party security products, perform custom SOAR and big data analytics, machine learning, etc - to get a complete picture! Let's take a look at Microsoft's XDR solution - Microsoft 365 Defender.

Table of Contents:
00:00:00 Intro
00:01:05 Why XDR?
00:04:00 XDR to the rescue!
00:05:25 Microsoft 365 Defender
Рекомендации по теме
Комментарии
Автор

Awesome and easy explanation of XDR/SIEM/SOAR!

dennishogewoning
Автор

Super cool way of visualising what you said re a single payne of glass, re links / will be sharing these links again / thanks!

andrewmccallum
Автор

When SIEM's first came out they were touted as providing event correlation. That was their claim to fame. Looks like they didn't deliver; now we need XDR.

fredscholl
Автор

With SIEM you can create correlation rules to contextualize the different incidents, how is that different in XDR?

ramiknfr
Автор

Collect, coordinate, correlate
These are SIEM features.
Are u saying SIEM failed to deliver especially on the correlate part ?!

skywlker
Автор

As you've mentioned that XDR is able to take the alerts from various security solutions and then create a single incident out of it and then even respond to it, then why would we need to again send this single incident to a SIEM later on? - refer 5.00 timestamp in video.

abhijeetagrawal
Автор

Where can I find the diagram in the video?

nasnazari
Автор

Now that Microsoft has updated all of their Defender names, you need to re-record this XD

AlienWarTycoon
Автор

It could be awesome once it is THE PLACE for policy and alerts, seems to have to bounce all over the place now for endpoint configuration setup, email security setup, etc., like the migration is only half done, or if you have had your tenant since the bpos days some things are still parked on old infrastructure or something. Highly frustrating.

Lonewolfww
Автор

What is the benefit of integrating XDR with SIEM? Seems like XDR is able to identify incidents and respond with having to go through massive data log from SIEM. In other words, why doesn't Microsoft just replace their SIEM with XDR?

ethansidelsky