EDR, MDR & XDR Explained
Ғылым және технология
Traditional antivirus is no longer sufficient to protect you. Everyone running a business should upgrade to EDR, MDR, or XDR immediately; but what is the difference between them, and how do SIEM and SOAR fit into the picture? Time to unravel the acronyms!
📄 Acronym cheat sheet:
EDR: Endpoint Detection and Response
MDR: Managed Detection and Response
XDR: eXtended Detection and Response
MXDR: Managed eXtended Detection and Response
SIEM: Security Information and Event Management
SOAR: Security Orchestration, Automation, and Response
SOC: Security Operations Centre
MSP: Managed Services Provider
MSSP: Managed Security Services Provider
💬 *Follow* *Me*
AndrewMRQuinn
Video timestamps:
0:00 - EDR
3:11 - MDR
4:41 - XDR
5:33 - Comparison with SIEM + SOAR
9:20 - Summary
#EDR #MDR #XDR #SIEM #SOAR #CyberSecurity #SOC #MSSP
Пікірлер: 42
one of the best explanation so far on KZread
@ProTechShow
3 ай бұрын
Thanks 🙂
@Wahinies
26 күн бұрын
Yes and I am catching it at the perfect time. Many thanks @ProTechShow
Many thanks indeed for a great tutorial! I just have a question about the restoring the system image created using the built-in Windows backup tool **to a brand new SSD**. Here's my scenario: ~ I have one NVMe SSD slot, with my OS C: drive on it. ~ In Windows I make an system image of the above, using the Windows backup tool; ~ I also make a Windows DVD bootable DVD (ie. with the recovery tools). ~ I turn off & unplug the PC and remove the old NVMe drive. ~ I insert a brand new and bigger NVMe drive in the slot where the old one used to be. ~ I boot the machine using the DVD-ROM Windows bootable recovery tools disk. Question: How do I get the image onto the brand new unformatted NVMe drive, and assign it as the "C" drive? Most grateful for your advice!
Very nice breakdown, i appreciate your effort on presenting these concepts on a simplified manner for us to understand!
@ProTechShow
4 ай бұрын
Thanks!
Oh man, thank you so much to make this!
@ProTechShow
8 ай бұрын
You're welcome. Glad it's of use!
Amazing breakdown. Thank you!
@ProTechShow
9 ай бұрын
Thanks. Glad it's useful!
This is a great summary of these topics, Cybersecurity 101 foundation, simply explained!
@ProTechShow
4 сағат бұрын
Thank you 🙂
excellent high level explanation of these technologies.
@ProTechShow
4 ай бұрын
Thanks!
thanks man just starting to learn are XDR tool trend micro one
Love your explanation. You made it simple
@ProTechShow
2 ай бұрын
Thanks! Glad it's useful.
A+ content mate. All I can say is thank you.
@ProTechShow
Ай бұрын
Thanks 🙂
Underrated video! Thanks 🙏
@ProTechShow
4 ай бұрын
Thanks for watching!
I was sick of all those security acronym terms, thanks for the video mate
@ProTechShow
2 күн бұрын
You're welcome. Glad it was useful.
amazing explanation ! thank you
@ProTechShow
2 күн бұрын
Thanks!
Thank you for video 😊
@ProTechShow
10 ай бұрын
You're welcome 🙂
Thanks for video. Many thanks for valuable advice. Something on OpenHAB maybe? I'm looking for something to switch from HA which is going strange way. Any new updates?
@ProTechShow
10 ай бұрын
OpenHAB 4 is expected to land in a couple of weeks. 2 and 3 were quite significant updates, so it'll be interesting to see what 4 brings to the table.
....and now my 8 page research paper due today makes sense.....thank you!
@ProTechShow
12 күн бұрын
You're welcome
Edr End Point Response, Adr data breach, for future & Rdr are all separate packages of…?
Hello, I've got some questions: is EDR a software agent that needs to be installed on each endpoint? while XDR is centralized or does it need to be installed on every endpoint like EDR? In order to monitor endpoint, firewall, cloud, network, etc. etc. activities to perform analysis, threat intelligence and response? Also, does XDR need EDR to collect activity information or does it completely replace EDR?
@ProTechShow
2 күн бұрын
Usually, EDR is a software agent that gets installed on endpoints and checks in to a central location, similar to most business antivirus solutions. XDR does this as well, but additionally consumes data from other devices - usually via API calls or syslog.
How does EDR defend against Zero Day Exploits given its primary focus on detecting suspicious patterns from historical occurrences?
@ProTechShow
2 ай бұрын
Let's say you have an internet-facing web app with a zero-day vulnerability. It gets exploited to drop a web shell onto the server. The vulnerability was previously unknown, and the web shell doesn't match any known malware patterns. EDR/antivirus may not initially detect the exploit or the web shell as malicious, but EDR will see the file creation/modification by the web server process, followed by it attempting to spawn child processes or execute commands that are not typical behaviour of a web server. It doesn't require knowledge of the vulnerability itself to detect suspicious behaviour resulting from its exploitation and take action - raising an alert, removing the file, isolating the system, etc.
mDR eDR & xDr , what is the diff?
We use only XDR and EDR to operate our incident in the network ..
Not acronyms. They are initialisms. :-) Great info. Thanks.
@ProTechShow
3 ай бұрын
You are... correct. They are initialisms.
@paulj9657
3 ай бұрын
Sorry, my dad was an English teacher. :-). I'm not that pedantic in real life.
i think toyota have better CooL cars