To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Tech Business Cyber Cybersecurity Intelligence Risk Security Nisos Investigative Threats
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

the CYBER5 « »
Future of XDR, SIEM, SOAR, and Threat Intelligence

31:15
 
Play
Playing
Share
 

MP3Episode home
Manage episode 324042357 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In episode 69 of The Cyber5, we are joined by Lima Charlie’s CEO, Maxime Lamothe-Brassard.

We discuss the future of what's known in the security industry as XDR, which is essentially an enrichment of endpoint detection response products.

Three Key Takeaways:

1) What is XDR? Depends who you ask.

XDR is not another tool, but merely an extension of Endpoint Detection and Response (EDR) products. Gartner expects 50% of mid-market buyers to adopt XDR strategies by 2027. For context, in around 2010, cybersecurity vendors started driving stronger antivirus solutions for endpoint computers and servers, called Endpoint Detection and Response (EDR). The antivirus was only catching malware with a known signature and not able to detect more malicious lateral movements that are common in today's attacks.

Every EDR platform has its own unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored events with malicious malware injections, and creating blacklists and white lists in integration with other technologies.

Now that EDR solutions are firmly within the market, they need to be integrated with other tools, including threat intelligence, to be effective at scale for the enterprise. These massive integrations needed at scale, especially with the cloud, are what is starting to be defined as XDR.

2) What are the key integrations to EDR products to form an XDR strategy?

a. Identity Access Management: Gives visibility to who is accessing what applications and websites in the enterprise.

b. Threat Intelligence: Information and artifacts from attacker infrastructure, previous compromises, and behavior that can be identified outside of firewalls.

c. Cloud and SaaS Logging: Any application in the cloud produces a log for access and use.

3) XDR does not have to be expensive or manpower-intensive for SMB.

a. Cloud, SaaS, and Identity Access Management produce logs that can be integrated into easy solutions that do not need to be complex products, particularly for SMB.

b. Enablement should be the critical aspect of XDR rather than more expensive tooling.

c. Easy, automatable solutions to apply security controls are the critical way forward for medium and large enterprises.

  continue reading

91 episodes

#Tech #Business #Cyber #Cybersecurity #Intelligence #Risk #Security #Nisos #Investigative #Threats
Artwork

Future of XDR, SIEM, SOAR, and Threat Intelligence

the CYBER5

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 324042357 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In episode 69 of The Cyber5, we are joined by Lima Charlie’s CEO, Maxime Lamothe-Brassard.

We discuss the future of what's known in the security industry as XDR, which is essentially an enrichment of endpoint detection response products.

Three Key Takeaways:

1) What is XDR? Depends who you ask.

XDR is not another tool, but merely an extension of Endpoint Detection and Response (EDR) products. Gartner expects 50% of mid-market buyers to adopt XDR strategies by 2027. For context, in around 2010, cybersecurity vendors started driving stronger antivirus solutions for endpoint computers and servers, called Endpoint Detection and Response (EDR). The antivirus was only catching malware with a known signature and not able to detect more malicious lateral movements that are common in today's attacks.

Every EDR platform has its own unique set of capabilities. However, some common capabilities include the monitoring of endpoints in both online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting stored events with malicious malware injections, and creating blacklists and white lists in integration with other technologies.

Now that EDR solutions are firmly within the market, they need to be integrated with other tools, including threat intelligence, to be effective at scale for the enterprise. These massive integrations needed at scale, especially with the cloud, are what is starting to be defined as XDR.

2) What are the key integrations to EDR products to form an XDR strategy?

a. Identity Access Management: Gives visibility to who is accessing what applications and websites in the enterprise.

b. Threat Intelligence: Information and artifacts from attacker infrastructure, previous compromises, and behavior that can be identified outside of firewalls.

c. Cloud and SaaS Logging: Any application in the cloud produces a log for access and use.

3) XDR does not have to be expensive or manpower-intensive for SMB.

a. Cloud, SaaS, and Identity Access Management produce logs that can be integrated into easy solutions that do not need to be complex products, particularly for SMB.

b. Enablement should be the critical aspect of XDR rather than more expensive tooling.

c. Easy, automatable solutions to apply security controls are the critical way forward for medium and large enterprises.

  continue reading

91 episodes

#Tech #Business #Cyber #Cybersecurity #Intelligence #Risk #Security #Nisos #Investigative #Threats

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox