Why XDR Beats SIEM at Spotting Threats in Noisy EnvironmentsSecureworks' Ryan Alban on How XDR Can Pinpoint Threats in High Volumes of Data
SIEM can play a key role in aggregating log data for compliance or auditing purposes, but when it comes to identifying threat activity in an IT environment, nothing beats XDR, says Ryan Alban, senior manager of global solutions lead at Secureworks. XDR excels at using advanced techniques to pinpoint threats in high volumes of data, while SIEM lacks the horsepower or analytics to find the signal in the noise, Alban says.
Some organizations choose to have both a SIEM and XDR, with the former focused on reporting metrics and dashboards that aren't connected to urgent threats, Alban says. Customers should look for an XDR platform that has intimate knowledge of how threat actors work, what their TTPs are, what their motives might be and what kind of tooling they use, according to Alban (see: Podcast: Detect and Contain a Breach Before Damage is Done).
"I would talk to customers that would exhaust their SIEM license or they'd struggle to keep the SIEM up and running," Alban says, "and it would become a distraction to helping to detect threats in their environment. We'd see folks continue to miss the threat, even if their SIEM was in operation."
In this audio interview with Information Security Media Group, Alban also discusses:
- The biggest benefits of switching from SIEM to XDR;
- What sets a quality threat detection platform apart;
- What's on the XDR feature road map at Secureworks.
Alban leads a distributed specialist team at Secureworks dedicated to educating prospective customers on how Secureworks security solutions align with their overall security strategy. This team works closely with the Secureworks sales engineering, product management, community and marketing teams to help coordinate and communicate accurate, security-relevant information to customers and partners.