EP82 Mega-confused by XDR? You Are Not Alone! This XDR Skeptic Clarifies!

Guest: Dimitri McKay,  Principal Security Strategist @ Splunk Topics: How do you define that "XDR thing" that you are so skeptical about? So within that definition of XDR, you think it’s not so great, why? If you have to argue pro-XDR, what would you say? Two main XDR camps are “XDR as EDR+” and “XDR as SIEM-”, which camp do you think is more right? Are both wrong? What approach do you think is more useful as a lens to understand the potential upsides/downsides of XDR? What about the cloud? "Cloud XDR" seems a bit illogical, but what do you think is the future of D&R in the cloud? Resources: “Anton and The Great XDR Debate, Part 1” “Anton and The Great XDR Debate, Part 2” “Anton and The Great XDR Debate, Part 3” SURGe content on splunk blog “Today, You Really Want a SaaS SIEM!” Red Canary 2022 Threat Detection report Verizon DBIR 2022 report.