Kriativ-tech Volume 1, Issue 9, April 2018, Pages: xxx Received: Dec. 28, 2019; Accepted: Feb. 25, 2020. Published: Oct. 11, 2021.

Authors

Pedro Ramos Brandao, Coordinator Professor at Instituto Superior de Tecnologias AvançadasJoão Nunes, Master Degree Student at Instituto Superior de Tecnologias Avançadas

Media

PDF

To cite this article

Pedro Ramos Brandao, João Nunes, Extended Detection and Response Importance of Events ContextDOI: 10.31112/kriativ-tech-2021-10-58

Abstract

In an increasingly dynamic and unpredictable world regarding IT security, it's essential to use adequate solutions that boost infrastructures protection, whether local, in the cloud, or hybrid. This article contextualizes the challenges of the new reality of remote work with traditional security solutions. Furthermore, it explains the importance of implementing a solution that has a holistic view of the infrastructure and correlates all suspicious or attack events. Thus, it enhances an improved and updated security to the current reality.

Keywords

XDR, EDR, SIEM, Correlation, Context, Cybersecurity

References

[1]       Kaspersky, "How COVID-19 changed the way people work," 2020.[2]       W. U. Hassan, A. Bates, and D. Marino, "Tactical provenance analysis for endpoint detection and response systems," Proc. - IEEE Symp. Secur. Priv., vol. 2020-May, pp. 1172–1189, 2020, doi: 10.1109/SP40000.2020.00096.[3]       G. Karantzas and C. Patsakis, "An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors," pp. 387–421, 2021, doi: 10.3390/jcp1030021.[4]       S. Slate, "Endpoint Security: An Overview and a Look into the Future," Lat. Am. Polit. Hist., 2018, doi: 10.4324/9780429499340-15.[5]       G. González-granadillo, S. González-zarzosa, and R. Diaz, “Trends, and Usage in Critical Infrastructures,” 2021.[6]       M. Chopra and C. Mahapatra, "Significance of security information and event management (SIEM) in modern organizations," Int. J. Innov. Technol. Explor. Eng., vol. 8, no. 7, pp. 432–435, 2019.[7]       M. Vielberth and G. Pernul, "A Security Information and Event Management Pattern," Fed. Minist. Educ. Res., vol. 1, no. November 2018, pp. 1–12, 2018.[8]       H. Jauhiainen, "Designing End User Area Cybersecurity for Cloud-based Organization," no. February 2021.[9]       A. Chuvakin, "Gartner Blog Network," 2013. https://blogs.gartner.com/anton-chuvakin/2013/07/26/named-endpoint-threat-detection-response/ (accessed July 2021).[10]     Mcafee, "What is Endpoint Detection and Response (EDR)? " 2021.[11]     "Endpoint Detection and Response - Global Market Outlook (2017-2026)," Stratistics Market Research Consulting, 2018. https://www.marketresearch.com/Stratistics-Market-Research-Consulting-v4058/Endpoint-Detection-Response-Global-Outlook-12066121/ (accessed July 2021).[12]     L. Neely and A. Torres, "Endpoint Protection and Response: A SANS Survey," SANS Inst., no. June, p. 16, 2018.[13]     J. Petters, "What is SIEM? A Complete Beginner's Guide - Varonis," 2020. https://www.varonis.com/blog/what-is-siem/ (accessed July 2021).[14]     Cisco, “What is XDR? - Extended Detection and Response - Cisco,” 2021. https://www.cisco.com/c/en/us/products/security/what-is-xdr.html (accessed July 2021).[15]     Mcafee, "What Is XDR? Extended Detection and Response l McAfee," 2021. https://www.mcafee.com/enterprise/en-us/security-awareness/endpoint/what-is-xdr.html (accessed July 2021).[16]     "Endpoint Detection and Response (EDR): o caso do contexto | Security Report," 2019. https://www.securityreport.com.br/overview/endpoint-detection-and-response-edr-o-caso-do-contexto/#.YPc5kRNKj0p (accessed July 2021).