Archived: XDR to the Rescue? How to improve detection and response

On-Demand Event

Earn up to 6.5 CPE credits by attending this virtual event.

Extended detection and response (XDR) is often touted as the next evolution in cybersecurity — enabling the seamless collection and correlation of data across multiple security layers. Its proponents assert that XDR, when coupled with automated analysis, will speed up investigations for security analysts and expedite attack remediation. This is potentially bad news for stealthy attackers who currently try to hide between security silos and disconnected solution alerts, while overwhelmed security analysts struggle to triage and investigate alerts. 

Still, XDR may not be the answer for everyone. Some organizations may stick with classic endpoint detection and response (EDR) until the XDR market shakes out, while others may choose to contract with an external managed detection and response (MDR) provider.

Join SC Media on April 26-27 for this interactive learning program that will feature experts on XDR and will cover topics, including:

  • Fostering a healthy relationship with your MDR service provider
  • Selling XDR to the CEO and board: Is your pitch business-aligned?
  • XDR Market Analysis from a Venture Capital Perspective
  • Detection rejection: Malware techniques designed to bamboozle your detection & response
  • Results from CyberRisk Alliance’s XDR Research Survey
  • XDR’s potential effect on the security workforce
  • Malware techniques designed to trick your detection & response

Featured Speakers

DAY 1 | April 26 

10:45 AM ET 
Program Opens 

11:00 AM ET 
KEYNOTE | The XDR learning curve: How technology impacts your security workforce, Jon France, CISO with (ISC)2

As more businesses jump on the XDR solution bandwagon, the day-to-day workflow that SOC analysts and other security staffers experience may change in ways both subtle and blatant. This workforce-centric session will examine which special skills XDR will emphasize or deemphasize, and how more automation and integration across platforms will change security professionals’ user experience and responsibilities. 

11:30 AM ET 
Demystifying XDR, Sam Adams VP Detection & Response, Rapid7 Allie Mellen, SecOps Analyst with Forrester 

The changing nature of threats, combined with staffing shortages, is causing increased disorder in the security world. The good news? Extended Detection and Response (XDR) has the potential to address these industry-wide issues and help teams unlock more efficiency in the SOC. Recently, Rapid7’s VP of Detection and Response Sam Adams joined Forrester SecOps Analyst Allie Mellen to ‘demystify’ XDR. 

12:00 PM ET 

Secure Access Best Practices to Minimize Risk of a Breach, Ganesh Umapathy, Product Marketing Manager with Cisco Duo

Stolen credentials and unpatched software are common attack vectors used by cybercriminals in many types of attacks including ransomware. Organizations have invested in security tools such as MFA, EDRs, MDMs, VPNs and more to mitigate these attacks. But security tools need to be supported with simple processes and great usability for maximum security efficacy. In this session, Duo Security Product Marketing Manager Ganesh Umapathy will share the best practices implemented by Cisco to enable secure endpoint access for a global remote workforce, providing the best experience for productivity without compromising on security.

12:30 PM ET 
Detection and Response with Google Chronicle, and launch of Threat Perception, Chris Martin, Senior Security Specialist with Chronicle 

Learn how Google Chronicle enables customers to accelerate their threat detection, investigation and response program, and drive towards achieving critical security outcomes. Dive into how our customers are using Threat Perception, our latest capability, to enhance their security posture and act on prioritization of alerts with risk scoring 

1:00 PM ET  
BREAK | Visit Solutions Center 

1:15 PM ET 

Research Session

2:00 PM ET 
Beat the Clock: How to Accelerate Threat Hunting With XDR, Andrew Mundell, Enterprise Security Engineer with Sophos 

To carry out the most efficient threat hunts, defenders need multiple sources of telemetry and a simple way of acquiring and analyzing data from all of them. Join this session to hear the differences between XDR and SIEM-based threat hunts and learn how XDR can reduce the amount of time to detect and respond to potential threats. We’ll cover best practices and cautions from real-world experiences, as well as preventative measures and investigations that you can start today. 

2:30 PM ET 

Powerful Outcomes: Why XDR Matters in 2022, Mark MacDonald, Senior Manager, Product Marketing with eSentire 

XDR promises powerful outcomes. It can normalize and correlate data across your entire attack surface, enabling highly effective threat detection and investigation. XDR also works to block high fidelity threats, automating the threat detection and remediation process. 

3:00 PM ET 
KEYNOTE | Fostering a healthy relationship with your MDR service provider 
Curt Aubley, Cyber and Strategic Risk Groups Managing Director with Deloitte 

Organizations that delegate something as critical as detection and response to an external service provider may worry that they are giving up too much control when it comes to their network security. And yet due to budgetary or talent shortfalls, they may have little choice. That’s why it’s so important to properly communicate expectations and priorities with your managed detection and response (MDR) provider. This eSummit session will look at how to get the most out of your MDR partnership throughout the duration of the provider-client relationship. 

DAY 2 | April 27 
10:45 AM ET 
Program Opens 

11:00 AM ET 
KEYNOTE | Selling XDR to the CEO and board: Is your pitch business-aligned? Candy Alexander, CISO with ISSA 

New technology concepts can be a hard sell. Corporate executives who control your company’s budget may not fully understand the concept behind a nascent cyber solution or be convinced of the return on investment. For instance, certain nuances of XDR technology may not be easy to explain – including how it differentiates itself from the traditional EDR solution you perhaps currently employ. So how does one win buy-in from non-tech-savvy C-level executives and the board of directors? By demonstrating how the technology aligns with business objectives. This session will look at how to simplify and define XDR for upper executives, how to convey its strategic benefits, and how to measure and report your solution’s impact after implementation. 

11:30 AM ET 
Implementing XDR to Detect Threats and Stop Attackers, Mark Alba, Chief Product Officer with Anomali 

The “cat-and-mouse” game between Attackers and Defenders is as old as the LoveLetter virus. While script-kiddies have matured to become cybercriminals, hacktivists, and state-sponsored adversaries, sometimes it feels like the Defenders are stuck in 1999. We deploy anti-virus solutions, monitor the perimeter, and wait and see. Yes, today’s security technology is “NextGen,” “2.0,” and “Meta,” but the concept is the same. Set the trap and wait to be attacked. 

12:00 PM ET 
Solving for X with XDR: Widening the Aperture for Better Rapid Detection, Investigation and Response, Ken Westin, Director, Security Strategy with Cybereason

There has been a lot of buzz around Extended Detection and Response (XDR) as an evolution of Endpoint Detection and Response (EDR), however definitions of what comprises an effective XDR solution vary depending on who you ask. The dramatic changes to IT infrastructure as organizations accelerate their migration to the Cloud while still relying on traditional on-premises security architecture has increased telemetry volumes and the complexity of correlating threat intelligence across disparate environments to make accurate detections early in the attack sequence. In this session we will discuss the evolution of security from the endpoint to across the entire IT ecosystem, from legacy antivirus to EDR, and now from EDR to XDR. We will show how detection use cases and workflows that previously required complex syntax queries and manually configured SIEM and SOAR solutions can be automated and streamlined with XDR for rapid detection, investigation and predictive response actions that move intervention further to the left in the attack sequence.

12:30 PM ET 

When XDR and Zero Trust Meet Forensics, Justin Tolman, Forensic Subject Matter Expert with Exterro 

As the threat landscape and cyber skills gap expand, cybersecurity teams need to rely on software solutions that scale and evolve just as quickly. XDR has done just that and also nicely aligns with the recent government mandate requiring federal agencies and corporations that do business with federal agencies to adopt a Zero Trust security approach by 2024. DFIR capabilities can help to close the loop. Not only can DFIR do a deep dive and help prevent future threats by identifying missed IOCs and other vulnerable data, but it can also provide automation to already stretched teams, detect and mitigate insider threats and collect evidence properly. 

1:00 PM ET 


1:15 PM ET  

XDR Market Analysis from a Venture Capital Perspective, Bob Ackerman, Founder & Managing Director with Allegis Cyber Capital, Dave DeWalt; Founder & Managing Director with Night Dragon, Hank Thomas; CEO & Founder with Strategic Cyber Ventures and Co-Founder, CTO & Board of Directors Member with SCVX 

Buzz and chatter around extended detection and response technology has increased rapidly since the term XDR was coined back in 2018. In just the last year, vendors have created two industry alliances designed to further develop the technology while creating shared frameworks, architectures and data exchange schemas. So how exactly is the XDR market shaking out? Where are we seeing progress and where is more effort needed? In this panel session, thought leaders in the cyber and venture capital space will address which XDR capabilities are for real, what are just buzzwords, and what the challenges are to XDR becoming a mature offering. 

2:00 PM ET 

Not Just for Large Enterprises: How XDR Can Benefit Lean Security Teams, George Tubin, Director Product Marketing with Cynet 

Most large enterprise security teams are looking at XDR to integrate and coordinate multiple security technologies to improve staff efficiency and security outcomes. Can XDR also benefit companies with lean security teams that don’t have same breadth of security technologies in place as large enterprises? 

2:30 PM ET 

Watch Your Blind Spots: How Mobile EDR is a Critical Component of XDR, Alex Gladd, Principal Product Manager, EDR/XDR with Lookout 

While many organizations have comprehensive telemetry monitoring for servers, desktops, and
laptops, they lack the same visibility for iOS, Android, and Chrome OS endpoints. As employees
increase their use of mobile devices for work, attacks on these devices become more attractive.
Indeed, we observed a sharp 37% increase in the rate of enterprise mobile phishing encounters
that coincided with the start of the COVID-19 pandemic. To be effective at stopping data
breaches, security teams need the same comprehensive monitoring for mobile endpoints that
they have for traditional endpoints. This becomes even more important when implementing a
comprehensive XDR solution, where a lack of mobile EDR signals leaves organizations with
exploitable blind spots.

3:00 PM ET 

Keynote| Detection rejection: Malware techniques designed to bamboozle your detection & response. John Hubbard, Senior Instructor, Course Author & Cyber Defense Curriculum Lead with SANS Institute. 

Fileless malware. Obfuscation. Steganography. These are just a few of the methods used today by cybercriminals to hide their malicious code from detection and response solutions. This technical session will look at some of the most common evasion and anti-detection tricks used by cybercriminals today, and how organizations can effectively counter these tactics so that they are still able to spot and respond to the threat. 


AnomaliChronicleCybereasonCynet, IncDuo SecurityeSentireExterroLookoutRapid7Sophos