In this Tech Talk, Girard Kavelines discusses XDR. He talks about the differences between XDR and EDR as well as how the technology has evolved since the early days of securing devices. Girard also brings up the integrations that XDR has with cloud security platforms and how it can be used to provide a more holistic approach to keeping users safe and secure. Also discussed is the automated nature of XDR and how AI can enhance and extend the capabilities of any XDR solution.
Connect with Girard
Girard Kavelines is a Cisco Champion and the founder of Techhouse570. You can connect with Girard on Twitter and on LinkedIn and read more on his blog at Techhouse570.
Transcript
Tom Hollingsworth: Welcome to Gestalt IT. I’m Tom Hollingsworth, and today we’re talking tech with my friend Girard Kavelines, founder of Techhouse 570. Girard, what’s exciting to you in Tech right now?
Girard Kavelines: Hi Tom, it’s a pleasure to be here. My core areas are networking, security, and virtualization, but security always has a special spot for me. I want to talk about bringing more awareness to the difference between EDR and XDR. EDR is endpoint detection and response, which focuses on managing and protecting endpoints from various threats. XDR, on the other hand, is extended detection and response, providing a broader single pane of glass that covers network infrastructure, cloud, email, endpoints, and more.
Tom: So, EDR is more focused on the clients, like the old antivirus, while XDR takes a holistic approach?
Girard: Exactly, EDR is more client-focused, while XDR covers everything and provides more insights and proactive approaches to preventing newer attacks and threats.
Tom: How does XDR help with Cloud security? Does it give a view of what’s happening in the public Cloud?
Girard: Yes, that’s right. XDR provides a single pane of glass view that encompasses everything, including the Cloud. Solutions like Cisco SecureX integrate various components from hardware to software to give you an overview of threats coming from different areas.
Tom: Does XDR replace legacy solutions like SIEM?
Girard Cavallinus: XDR doesn’t fully replace legacy solutions, but it complements them. Legacy solutions might still be necessary in certain environments, but XDR provides a more comprehensive and intelligent overview of the threats, which helps you be more proactive in your approach.
Tom: Does XDR support multiple vendor solutions?
Girard: Yes, XDR supports multiple vendor solutions. It integrates data from various devices, access points, clients, and even mobile phones, providing a comprehensive view of the environment.
Tom: Can XDR handle the large amount of data generated by these devices and avoid getting overwhelmed?
Girard: Dealing with a large amount of data is a challenge. XDR leverages AI and machine learning to process and analyze the data, but some human input and expertise are still required for tuning and training the system.
Tom: Is XDR accurate, or does it suffer from false positives like some other security tools?
Girard: False positives have been an issue in the past, but with advancements in AI and machine learning, XDR is becoming more accurate and reducing false positives.
Tom: Is XDR using AI, or is it a future development?
Girard: AI is being integrated into XDR, and future updates will likely leverage AI even more to enhance threat detection and response capabilities.
Tom: So, is XDR the ultimate solution for all security problems, or is it just one tool among many?
Girard: XDR is a powerful tool, but it should be seen as one part of a comprehensive security strategy. It complements other tools and human expertise to create a more effective defense against threats.
Tom: What’s one exciting thing you’re looking forward to in the future of XDR?
Girard: I’m excited about the further integration of AI and machine learning into XDR. It will provide a more intelligent and proactive security solution that can stay ahead of emerging threats.
Tom: Thank you, Girard, for sharing your insights on XDR and EDR. It’s been a great discussion.
Girard: Thank you, Tom. It was a pleasure discussing these topics with you. If anyone wants to learn more, feel free to check out Gestalt IT. for great tech content.
Tom: Absolutely! For more Tech Talks and other content, visit GestaltIT.com. See you there!