Network Evidence For XDR
XDR - Extended detection and response - promises to integrate data from any source to stop today's sophisticated and often automated attacks. The key is: Which source?
Watch for insights on why network evidence must be a key part of your XDR strategy and walk away with new ideas on how to stay ahead of ever-changing attacks by using a data-first strategy for detection and response.
Webcast highlights to watch:
3:16 SOCs are not keeping up
5:34 The SOC Visibility Triad
7:44 Sources of asset truth
8:08 Endpoint vs. network visibility
9:01 Endpoint vs. network evidence collection
10:44 Endpoint vs. network MITRE ATT&CK coverage
13:10 The power of network evidence
16:49 Evidence is not just an advantage, it's a strategy
19:22 Why network evidence matters
22:00 Three types of network evidence
26:16 Example XDR detection Metasploit and brute force login attempt
28:06 Pivot from alert to evidence
29:52 Visualize the attack
31:19 What about encryption?
33:02 Where do I install a network tap in the cloud?
33:28 Cloud traffic mirroring
33:52 Network evidence for cloud IR challenges
35:24 Typical NDR deployment
