EDR, MDR & XDR Explained

Рет қаралды 29,692

Күн бұрын

Traditional antivirus is no longer sufficient to protect you. Everyone running a business should upgrade to EDR, MDR, or XDR immediately; but what is the difference between them, and how do SIEM and SOAR fit into the picture? Time to unravel the acronyms!
📄 Acronym cheat sheet:
EDR: Endpoint Detection and Response
MDR: Managed Detection and Response
XDR: eXtended Detection and Response
MXDR: Managed eXtended Detection and Response
SIEM: Security Information and Event Management
SOAR: Security Orchestration, Automation, and Response
SOC: Security Operations Centre
MSP: Managed Services Provider
MSSP: Managed Security Services Provider
💬 Follow Me
/ andrewmrquinn
Video timestamps:
0:00 - EDR
3:11 - MDR
4:41 - XDR
5:33 - Comparison with SIEM + SOAR
9:20 - Summary
#EDR #MDR #XDR #SIEM #SOAR #CyberSecurity #SOC #MSSP

Пікірлер: 47

@rockychau2451 4 ай бұрын

one of the best explanation so far on KZbin

@ProTechShow 4 ай бұрын

Thanks 🙂

@Wahinies 2 ай бұрын

Yes and I am catching it at the perfect time. Many thanks @ProTechShow

@neomatrix2091 5 ай бұрын

Very nice breakdown, i appreciate your effort on presenting these concepts on a simplified manner for us to understand!

@ProTechShow 5 ай бұрын

Thanks!

@andrewmurray5255 11 ай бұрын

Amazing breakdown. Thank you!

@ProTechShow 11 ай бұрын

Thanks. Glad it's useful!

@marcioguedescavalcante3094 10 ай бұрын

Oh man, thank you so much to make this!

@ProTechShow 10 ай бұрын

You're welcome. Glad it's of use!

@user-ur5br3ne9h 6 ай бұрын

excellent high level explanation of these technologies.

@ProTechShow 6 ай бұрын

Thanks!

@richlab2927 4 ай бұрын

Love your explanation. You made it simple

@ProTechShow 4 ай бұрын

Thanks! Glad it's useful.

@Israelxox 6 ай бұрын

Underrated video! Thanks 🙏

@ProTechShow 6 ай бұрын

Thanks for watching!

@notevenfalse 2 ай бұрын

A+ content mate. All I can say is thank you.

@ProTechShow 2 ай бұрын

Thanks 🙂

@wizardofwifi Ай бұрын

This is a great summary of these topics, Cybersecurity 101 foundation, simply explained!

@ProTechShow Ай бұрын

Thank you 🙂

@MENTOKz 7 ай бұрын

thanks man just starting to learn are XDR tool trend micro one

@nitram419 11 ай бұрын

Many thanks indeed for a great tutorial! I just have a question about the restoring the system image created using the built-in Windows backup tool **to a brand new SSD**. Here's my scenario: ~ I have one NVMe SSD slot, with my OS C: drive on it. ~ In Windows I make an system image of the above, using the Windows backup tool; ~ I also make a Windows DVD bootable DVD (ie. with the recovery tools). ~ I turn off & unplug the PC and remove the old NVMe drive. ~ I insert a brand new and bigger NVMe drive in the slot where the old one used to be. ~ I boot the machine using the DVD-ROM Windows bootable recovery tools disk. Question: How do I get the image onto the brand new unformatted NVMe drive, and assign it as the "C" drive? Most grateful for your advice!

@Akshaykumar_Chitare 11 ай бұрын

Thank you for video 😊

@ProTechShow 11 ай бұрын

You're welcome 🙂

@hammamiahlem9792 Ай бұрын

amazing explanation ! thank you

@ProTechShow Ай бұрын

Thanks!

@elijahcrawford3049 2 ай бұрын

....and now my 8 page research paper due today makes sense.....thank you!

@ProTechShow Ай бұрын

You're welcome

@fastrobreetus Күн бұрын

Very informative

@ProTechShow 8 сағат бұрын

Thanks!

@asdkjh4370 Жыл бұрын

Thanks for video. Many thanks for valuable advice. Something on OpenHAB maybe? I'm looking for something to switch from HA which is going strange way. Any new updates?

@ProTechShow Жыл бұрын

OpenHAB 4 is expected to land in a couple of weeks. 2 and 3 were quite significant updates, so it'll be interesting to see what 4 brings to the table.

@eek0212 Ай бұрын

I was sick of all those security acronym terms, thanks for the video mate

@ProTechShow Ай бұрын

You're welcome. Glad it was useful.

@EducateWithMe573 2 ай бұрын

Edr End Point Response, Adr data breach, for future & Rdr are all separate packages of…?

@riccardo1434 Ай бұрын

Hello, I've got some questions: is EDR a software agent that needs to be installed on each endpoint? while XDR is centralized or does it need to be installed on every endpoint like EDR? In order to monitor endpoint, firewall, cloud, network, etc. etc. activities to perform analysis, threat intelligence and response? Also, does XDR need EDR to collect activity information or does it completely replace EDR?

@ProTechShow Ай бұрын

Usually, EDR is a software agent that gets installed on endpoints and checks in to a central location, similar to most business antivirus solutions. XDR does this as well, but additionally consumes data from other devices - usually via API calls or syslog.

@ChapalPuteh_ 5 ай бұрын

We use only XDR and EDR to operate our incident in the network ..

@EducateWithMe573 2 ай бұрын

mDR eDR & xDr , what is the diff?

@Pem7 Ай бұрын

🤞🏾

@kaentertainment2215 3 ай бұрын

How does EDR defend against Zero Day Exploits given its primary focus on detecting suspicious patterns from historical occurrences?

@ProTechShow 3 ай бұрын

Let's say you have an internet-facing web app with a zero-day vulnerability. It gets exploited to drop a web shell onto the server. The vulnerability was previously unknown, and the web shell doesn't match any known malware patterns. EDR/antivirus may not initially detect the exploit or the web shell as malicious, but EDR will see the file creation/modification by the web server process, followed by it attempting to spawn child processes or execute commands that are not typical behaviour of a web server. It doesn't require knowledge of the vulnerability itself to detect suspicious behaviour resulting from its exploitation and take action - raising an alert, removing the file, isolating the system, etc.

@kalagalaedrine5911 12 күн бұрын

In addition known EDRs normally run a baseline (hash value) on the files in an end point where it's deployed the first time based on which it monitors the changes (integrity checks)... it's on this nortion that it would flag alerts for the analysts to validate or orchestrate next actions. An integration of your EDR to a SOAR would be a value add