EDR, MDR & XDR Explained
Вставка
- Опубліковано 22 тра 2024
- Traditional antivirus is no longer sufficient to protect you. Everyone running a business should upgrade to EDR, MDR, or XDR immediately; but what is the difference between them, and how do SIEM and SOAR fit into the picture? Time to unravel the acronyms!
📄 Acronym cheat sheet:
EDR: Endpoint Detection and Response
MDR: Managed Detection and Response
XDR: eXtended Detection and Response
MXDR: Managed eXtended Detection and Response
SIEM: Security Information and Event Management
SOAR: Security Orchestration, Automation, and Response
SOC: Security Operations Centre
MSP: Managed Services Provider
MSSP: Managed Security Services Provider
💬 Follow Me
/ andrewmrquinn
Video timestamps:
0:00 - EDR
3:11 - MDR
4:41 - XDR
5:33 - Comparison with SIEM + SOAR
9:20 - Summary
#EDR #MDR #XDR #SIEM #SOAR #CyberSecurity #SOC #MSSP - Наука та технологія
one of the best explanation so far on UA-cam
Thanks 🙂
Yes and I am catching it at the perfect time. Many thanks @ProTechShow
This is a great summary of these topics, Cybersecurity 101 foundation, simply explained!
Thank you 🙂
Very nice breakdown, i appreciate your effort on presenting these concepts on a simplified manner for us to understand!
Thanks!
Amazing breakdown. Thank you!
Thanks. Glad it's useful!
Oh man, thank you so much to make this!
You're welcome. Glad it's of use!
excellent high level explanation of these technologies.
Thanks!
Love your explanation. You made it simple
Thanks! Glad it's useful.
amazing explanation ! thank you
Thanks!
I was sick of all those security acronym terms, thanks for the video mate
You're welcome. Glad it was useful.
Many thanks indeed for a great tutorial! I just have a question about the restoring the system image created using the built-in Windows backup tool **to a brand new SSD**. Here's my scenario:
~ I have one NVMe SSD slot, with my OS C: drive on it.
~ In Windows I make an system image of the above, using the Windows backup tool;
~ I also make a Windows DVD bootable DVD (ie. with the recovery tools).
~ I turn off & unplug the PC and remove the old NVMe drive.
~ I insert a brand new and bigger NVMe drive in the slot where the old one used to be.
~ I boot the machine using the DVD-ROM Windows bootable recovery tools disk.
Question: How do I get the image onto the brand new unformatted NVMe drive, and assign it as the "C" drive?
Most grateful for your advice!
Underrated video! Thanks 🙏
Thanks for watching!
A+ content mate. All I can say is thank you.
Thanks 🙂
Thank you for video 😊
You're welcome 🙂
thanks man just starting to learn are XDR tool trend micro one
....and now my 8 page research paper due today makes sense.....thank you!
You're welcome
Thanks for video. Many thanks for valuable advice. Something on OpenHAB maybe? I'm looking for something to switch from HA which is going strange way. Any new updates?
OpenHAB 4 is expected to land in a couple of weeks. 2 and 3 were quite significant updates, so it'll be interesting to see what 4 brings to the table.
Edr End Point Response, Adr data breach, for future & Rdr are all separate packages of…?
mDR eDR & xDr , what is the diff?
How does EDR defend against Zero Day Exploits given its primary focus on detecting suspicious patterns from historical occurrences?
Let's say you have an internet-facing web app with a zero-day vulnerability. It gets exploited to drop a web shell onto the server. The vulnerability was previously unknown, and the web shell doesn't match any known malware patterns.
EDR/antivirus may not initially detect the exploit or the web shell as malicious, but EDR will see the file creation/modification by the web server process, followed by it attempting to spawn child processes or execute commands that are not typical behaviour of a web server. It doesn't require knowledge of the vulnerability itself to detect suspicious behaviour resulting from its exploitation and take action - raising an alert, removing the file, isolating the system, etc.
Hello, I've got some questions: is EDR a software agent that needs to be installed on each endpoint?
while XDR is centralized or does it need to be installed on every endpoint like EDR? In order to monitor endpoint, firewall, cloud, network, etc. etc. activities to perform analysis, threat intelligence and response?
Also, does XDR need EDR to collect activity information or does it completely replace EDR?
Usually, EDR is a software agent that gets installed on endpoints and checks in to a central location, similar to most business antivirus solutions. XDR does this as well, but additionally consumes data from other devices - usually via API calls or syslog.
We use only XDR and EDR to operate our incident in the network ..
Not acronyms. They are initialisms. :-) Great info. Thanks.
You are... correct. They are initialisms.
Sorry, my dad was an English teacher. :-). I'm not that pedantic in real life.
i think toyota have better CooL cars