How EDR is moving beyond the endpoint

More alphabet soup from security technology vendors. I read this as: “Current SIEM can’t actually cope so we’ll invent something new”…:

[…] Traditional EDR technology collects telemetry data about events related to endpoints, such as application processes that connect to specific network addresses. But this data is often not fed to security information and event management (SIEM) systems, which could otherwise be overloaded with data.

Yet, this data is essential for analysis by machine learning algorithms and incident response teams to flag up signs of a cyber attack across different stages of the cyber kill chain.

That is the premise behind an emerging breed of EDR offerings called XDR, where X refers to the collection of a broader set of data related to the network, cloud and other parts of an enterprise’s IT footprint.


Original article here