XDR is just a marketing term that describes sub-par SIEM. Fight me.

Jan 19, 2022 · 1:52 PM UTC

31
14
6
179
Replying to @dimitrimckay
I would agree since the XDR vendors like to say that they are not a SIEM (they usually don’t have the content of a true SIEM) but still want you to use their tool to threat hunt, etc. I do see a lot of improvement in th space from some larger vendors.
1
3
But it absolutely is a marketing term. One that I think describes the concept pretty well if you have the historical contextual knowledge of EDR, NDR, etc. But still marketing.
2
Replying to @dimitrimckay
Yu might very well be correct, but in my opinion it's not really about the SIEM. It's about the guys setting it up, configuring it, using it and working with it. the problem here is that "Par" is so very very low. Sometimes non existing
1
5
Kim, you bring a valid point. SIEM is only as good as the technologies you feed it with, the team that actually uses it, and the process and procedures that marry the two together. That I won't argue. Security programs are built on people.
3
3
Replying to @dimitrimckay
I can definitely see a lot of people showing up for this fight :-)
3
6
Replying to @dimitrimckay
Hard disagree. EDR done right is the best detection method out there. Adding additional telemetry is a bonus. The real problem is no one writes adequate use cases, IOCs and BIOCs for either.
3
9
One could also argue that siem some right is just as good. However, it seems that it is rare for either siem or edr (or many other tools for that matter) to be done right. The problem is rarely isolated to the tool.
1
3
XDR is just a marketing term. Period.
1