Being a defender is a tough business and at times feels like a cat-and-mouse game. When it comes to detection and response EDR (Endpoint Detection and Response) technologies come to mind, but they are only as good as the endpoint they are installed on. EDR does provide tremendous insight into what happened on the endpoint, but does it tell the whole story? Why does reinfection reoccur so often and how is the adversary able to continue to wreak havoc within the environment?
This is where XDR (Extended Detection and Response) comes into play - a mousetrap on steroids through orchestration and automation. The ability to expand your knowledge beyond the endpoint becomes critically important when truly understanding the full context of the threat. In this session, we will go through an example incident using EDR tools providing critical insight into what took place from the initial data point captured when the incident was reported. We will see the value of EDR and for many, it will be eye-opening and a leap forward when compared to traditional tools. This is a great first step, but we will highlight the gaps when investigating just the endpoint and expand our initial insight with extended detection and response capabilities. We will conclude our investigation with deep contextual insight into what took place. Time to even the playing field and perhaps give the defender the upper hand.