EP82 Mega-confused by XDR? You Are Not Alone! This XDR Skeptic Clarifies!

Guest:

• Dimitri McKay,  Principal Security Strategist @ Splunk

Topics:

• How do you define that "XDR thing" that you are so skeptical about?
• So within that definition of XDR, you think it’s not so great, why?
• If you have to argue pro-XDR, what would you say?
• Two main XDR camps are “XDR as EDR+” and “XDR as SIEM-”, which camp do you think is more right? Are both wrong?
• What approach do you think is more useful as a lens to understand the potential upsides/downsides of XDR?
• What about the cloud? "Cloud XDR" seems a bit illogical, but what do you think is the future of D&R in the cloud?

Resources:

• “Anton and The Great XDR Debate, Part 1”
• “Anton and The Great XDR Debate, Part 2”
• “Anton and The Great XDR Debate, Part 3”
• SURGe content on splunk blog
• “Today, You Really Want a SaaS SIEM!”
• Red Canary 2022 Threat Detection report
• Verizon DBIR 2022 report.