Тёмный
No video :(

Why XDR is your SIEM's new BFF... 

Matt Soseman
Подписаться 13 тыс.
Просмотров 12 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

Too many incidents. Too many alerts. Not enough automated response. Your SIEM needs help! Meet, XDR! XDR can correlate alerts across security solutions into an incident to provide full context to a threat - and provide automated remediation. Sending incidents with full alert context to your SIEM is key. Yes you still need a SIEM to pull data from multi-cloud, 3rd party security products, perform custom SOAR and big data analytics, machine learning, etc - to get a complete picture! Let's take a look at Microsoft's XDR solution - Microsoft 365 Defender.
Technical Docs (must read!): docs.microsoft...
Licensing Requirements:docs.microsoft...
FAQ: docs.microsoft...
Turn it on! docs.microsoft...
Create a lab! docs.microsoft...
Table of Contents:
00:00:00 Intro
00:01:05 Why XDR?
00:04:00 XDR to the rescue!
00:05:25 Microsoft 365 Defender

Опубликовано:

 

16 авг 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 20   
@dennishogewoning1386
@dennishogewoning1386 3 года назад
Awesome and easy explanation of XDR/SIEM/SOAR!
@AnnaSirne-n7r
@AnnaSirne-n7r Месяц назад
Awesome explanation! Thank you!
@andrewmccallum5699
@andrewmccallum5699 3 года назад
Super cool way of visualising what you said re a single payne of glass, re links / will be sharing these links again / thanks!
@fredscholl5250
@fredscholl5250 2 года назад
When SIEM's first came out they were touted as providing event correlation. That was their claim to fame. Looks like they didn't deliver; now we need XDR.
@ramiknfr
@ramiknfr Год назад
With SIEM you can create correlation rules to contextualize the different incidents, how is that different in XDR?
@abhijeetagrawal4092
@abhijeetagrawal4092 2 года назад
As you've mentioned that XDR is able to take the alerts from various security solutions and then create a single incident out of it and then even respond to it, then why would we need to again send this single incident to a SIEM later on? - refer 5.00 timestamp in video.
@MrChrismeenan
@MrChrismeenan 2 года назад
Totally agree. SIEM is just another source of alerts for an XDR. XDR should be simplifying workflows for security teams not adding yet another layer of alert triage, investigation and response
@skyw3lker113
@skyw3lker113 2 года назад
Collect, coordinate, correlate These are SIEM features. Are u saying SIEM failed to deliver especially on the correlate part ?!
@senadaruc
@senadaruc 2 года назад
I agree this is totally WRONG! SIEM is correlating events to create IOA or IOC alerts on the stored data while the XDR is working purely with ALERTS on the point of time.
@RahulSingh-ut2tj
@RahulSingh-ut2tj 2 года назад
Just brilliant
@nasnazari1391
@nasnazari1391 Год назад
Where can I find the diagram in the video?
@AlienWarTycoon
@AlienWarTycoon 2 года назад
Now that Microsoft has updated all of their Defender names, you need to re-record this XD
@Lonewolfww
@Lonewolfww 3 года назад
It could be awesome once it is THE PLACE for policy and alerts, seems to have to bounce all over the place now for endpoint configuration setup, email security setup, etc., like the migration is only half done, or if you have had your tenant since the bpos days some things are still parked on old infrastructure or something. Highly frustrating.
@MattSoseman
@MattSoseman 3 года назад
Update: techcommunity.microsoft.com/t5/microsoft-365-defender/unified-experiences-across-endpoint-and-email-are-now-generally/ba-p/2278132
@Lonewolfww
@Lonewolfww 3 года назад
@@MattSoseman i know, I saw this reality is that there are still tons of redirects, policy overrides or conflicts in other portals that are sometimes tough to track down. Consolidation can't be easy so I get it, but saying you have a unified experience is different than having one that works end to end. I just checked right now and still have the same redirects especially for policy mgmt. Maybe that wasn't the goal, if it is just consolidation of alerts, it does do a good job of that but honestly its almost easier just to go to the individual portal where the alert links in unified experience send you anyway. I do like the vision however and I think the Microsoft security solutions are excellent, imagine after a few more dev cycles things will become more streamlined and intuitive.
@ethansidelsky2314
@ethansidelsky2314 3 года назад
What is the benefit of integrating XDR with SIEM? Seems like XDR is able to identify incidents and respond with having to go through massive data log from SIEM. In other words, why doesn't Microsoft just replace their SIEM with XDR?
@MattSoseman
@MattSoseman 3 года назад
Because SIEM offers: 1) 3rd party data sources 2) advanced data analytics such as machine learning 3) ability to create your own automatic remediation playbooks
@insights3005
@insights3005 2 года назад
@@MattSoseman if u rely on the response(R) in SOAR playbooks for responding to threats ,then what about the response(R) in XDR. What value does the response(R) in XDR have ? OR its 1 and the same thing ?
@umairiqbal8747
@umairiqbal8747 2 года назад
because Complaince issues ..you need SIEM as well as some specific use cases since XDR only cater Threat use cases
@MrChrismeenan
@MrChrismeenan 2 года назад
@@MattSoseman The output of 1) and 2) are more alerts.. Why are you proposing two separate alert workflows for security teams one in XDR, and another in SIEM /SOAR.
Далее
Enable XDR in Minutes...(Microsoft 365 Defender)
2:25
Enable XDR in Minutes...(Microsoft 365 Defender)
Просмотров 3,9 тыс.
EDR, MDR & XDR Explained
10:33
EDR, MDR & XDR Explained
Просмотров 35 тыс.
если что, снимала в наушниках 🙈 #mariaomg
00:16
если что, снимала в наушниках 🙈 #mariaomg
Просмотров 238 тыс.
одеваюсь с парнем в одном магазине 💃🏻🕺 #mariaomg
00:14
одеваюсь с парнем в одном магазине 💃🏻🕺 #mariaomg
Просмотров 201 тыс.
Яшин - интервью после тюрьмы / вДудь
3:00:52
Яшин - интервью после тюрьмы / вДудь
Просмотров 7 млн
👊ГУДКОВ: Військові РФ ЙДУТЬ У РЕЙД НА МОСКВУ! Силовики терміново перекрили трасу. В армії переворот
32:31
👊ГУДКОВ: Військові РФ ЙДУТЬ У РЕЙД НА МОСКВУ! Силовики терміново перекрили трасу. В армії переворот
Просмотров 428 тыс.
What is Microsoft XDR?
15:26
What is Microsoft XDR?
Просмотров 8 тыс.
Microsoft CASB Architecture High Level (Microsoft Defender for Cloud Apps)
9:08
Microsoft CASB Architecture High Level (Microsoft Defender for Cloud Apps)
Просмотров 5 тыс.
What’s new in SIEM and XDR: Attack disruption and SOC empowerment | BRK52
27:02
What’s new in SIEM and XDR: Attack disruption and SOC empowerment | BRK52
Просмотров 3,4 тыс.
Microsoft Defender for Business EDR to XDR Security Upgrade Using Microsoft 365 Business Premium
19:18
Microsoft Defender for Business EDR to XDR Security Upgrade Using Microsoft 365 Business Premium
Просмотров 15 тыс.
What is SOAR (Security, Orchestration, Automation & Response)
7:16
What is SOAR (Security, Orchestration, Automation & Response)
Просмотров 47 тыс.
Design a Device Compliance Architecture
22:27
Design a Device Compliance Architecture
Просмотров 1,8 тыс.
What is XDR and why does it matter
42:27
What is XDR and why does it matter
Просмотров 4,5 тыс.
SIEM vs SOAR vs XDR
12:31
SIEM vs SOAR vs XDR
Просмотров 11 тыс.
MDR vs MSSP: Which is right for my organization? | Red Canary
21:10
MDR vs MSSP: Which is right for my organization? | Red Canary
Просмотров 1,7 тыс.
SIEM, EDR, XDR, SOAR Explained in 7 Minutes
6:55
SIEM, EDR, XDR, SOAR Explained in 7 Minutes
Просмотров 13 тыс.
если что, снимала в наушниках 🙈 #mariaomg
00:16
если что, снимала в наушниках 🙈 #mariaomg
Просмотров 238 тыс.