SIEM, EDR, XDR, MDR & SOAR | Cybersecurity Tools and Services | Threat Monitoring
HTML-код
- Опубликовано: 17 апр 2022
- Hey everyone! Today's video is going to be on various cybersecurity tools, including SIEM, EDR (endpoint detection and response), XDR (extended detection and response), MDR (managed detectionand response), and SOAR (security orchestration, automation, and response). These are tools that an organization may choose to use to defend their network. As a SOC analyst, your job may be to monitor the SIEM and respond to alerts coming from your EDR solution. You might also use a SOAR solution where you create workflows and specialize in the automation side of cybersecurity. Having a fundamental understanding of these five tools will help you be prepared not only for the Security+ but also prospective interviews. As always, thank you so much for watching, and I hope you find this video beneficial!
cybergraymattir?t...
Links: www.crowdstrike.com/cybersecu...
www.crowdstrike.com/cybersecu...
www.sentinelone.com/blog/unde...
First track: Over The Ocean by | e s c p | escp-music.bandcamp.com
Music promoted by www.free-stock-music.com
Attribution 4.0 International (CC BY 4.0)
creativecommons.org/licenses/...
Second track: Lazy Aftermoon by | e s c p | escp-music.bandcamp.com
Music promoted by www.free-stock-music.com
Attribution 4.0 International (CC BY 4.0)
creativecommons.org/licenses/... - Наука
One of the best videos i've seen explaining all of this !
This is well-explained and adheres to industry standard. Great job.
Thank you so much! I hope you stick around and check out my upcoming videos :)
Clear and crisp information, I was looking for something like this for a long time, thank you so much for sharing.. Already subscribed to your content.. 🙂
Nicely explained, thank you!
Thanks for this great video! I learned a lot!
Great video for eager learners
Awesome video. 👍🏿
Very interesting and informative, thanks for sharing. Found the music somewhat distracting - good info doesn't need accompaniment.
Great content, Thanks! Subscribed.
Wow, thank you! :)
Amazing video thank you so much!
You're so welcome!
great vid
Nice overview of these tools. Concise and too the point! Thank you. Subscribed with the bell turned on!
Thank you so much! It really means a lot! :)
I hope in next videos you will lower the background music. By the way this video is very informative.
great content.. perfect job 👍👍
Thank you so much for watching and leaving a comment!
Thank you.
well explained
nice info
cool video, next time you should put out the music
This video is good, but next-gen AV has leveraged behavioral detection for zero-days for a long time - well before EDRs came on the scene. The real distinction between an NGAV and an EDR is that NGAV tries to take a black-and-white approach - it is or is not malicious. If a threat is classified as malicious (by actual signature-type detection or by hitting some statistical threshold in behavioral detection) the threat will be blocked and quarantined. The difference with EDR is in the name - EDR will also notify (Detect) about "grey area" potential threats that can't be confidently classified as malicious, and provide the telemetry (events) needed so that a human can investigate and make a decision. EDRs also provide post-attack remediation (Response) tools such as device isolation, remote shells, etc. Good EDR solutions include comprehensive NGAV so that you don't waste a lot of time chasing potential threats that could easily have been blocked by an NGAV.
Thanks!
I appreciate it!
Awesome explanation Mam
Have you any idea of next-gen firewall
Great video! Can you suggest EDR and XDR solutions?
Kudelski Security
Great content! Lose the muzak 🙂
Thanks for the comment! I am getting 50/50 on the music and have lowered it for more recent videos. It really helps with any background blips to have at least something.
How would I classify a MITRE ATT&CK attack as XDR, MDR or EDR?
Thanks for your comment! I wouldn't classify an attack by the way it was detected. I hope this makes sense.
Greate I give you subscribe ❤
The background music was really distracting
Thanks for your reply! The levels were still a work in progress and vary depending on what device one is listening on. I have toned it down on newer videos.
Where u from? Country
USA
would be a great video without that load music in the background..
Thanks for leaving a comment! I have been working on an acceptable level for music. It's been a work in progress.
You also sound impatient with such speed of speech
Thanks for your input! I'm a naturally fast speaker and try and slow things as it is. You're welcome to use the speed adjustment if you're having difficulty understanding.
why the music???? It just takes away from the otherwise good content you have created.
I thought it would add some excitement. I am considering reuploading without the music.
Remove the background music, the content is good.
Thanks for the comment! I have it to help with audio blips but have turned it down in more recent videos
Amazed how wrong this video is. Alerts
Thanks for your comment! I am happy to make any notations in the video if you've spotted an error.
For the mention of alerts, events and incidents: Security events are continuously happening, as any changes could be a regular, everyday occurrence within the network. This means they aren't necessarily malicious. Alerts are still events, but they indicate a change or that warrants investigating. Finally, incidents can still be a singular event or alert, or a series of those. They may require a lengthy investigation with a report and can even be a breach at higher levels.
@@cybergraymatter It seems your are going with the Mandiant Methodology of alerts, events and incidents. I definitely don't agree with it but I do understand. I go with the alerts are more like logs and multiple alerts can be part of an event. Incidents can comprise of multiple events and tend be higher fidelity.
@ctjmaughs I've seen multiple ways things are classified within various organizations and industries for different reasons. Some places call an incident of any severity an incident, while others are called incident a or incident b, etc. I wouldn't say either is wrong but dependent upon the place; though, if it were me who was tasked with designing a program from the ground up, I would use the definitions shown in this video.
In the link below, Daniel Miessler also mentions your variation of events and alerts and states that there are differences based on industry.
danielmiessler.com/study/event-alert-incident/
You speak fast and sound like a robot. You did it on purpose
What a weird response lol. Slow the speed of the video down if you’re slow