Open in app

Sign in

Write

Sign in

SIEM v/s SOAR v/s EDR v/s XDR

Vishnu Shivalal P
2 min readJan 5, 2023

These security solutions are used by Cyber Security professionals to identify and mitigate cyber threats. Most of them works on similar principle, but they’ve their own usage and benefits.

1. SIEM

SIEM stands for Security Information and Event Management. SIEM is a security solution that collects and interprets data within the organization and then also detects potential threats. This solution provides real time logging of events in an environment and detects security threats.

Popular SIEM solutions are - IBM QRadar, ArcSight ESM, FortiSIEM, Splunk, AlienVault OSSIM, Wazuh etc.

2. SOAR

SOAR stands for Security Orchestration, Automation & Response. SOAR enables security products and tools within an environment to work together and therefore makes the SOC team member’s job easier. This solution can automate security operations like threat detection, triage potential threats etc. The benefits of SOAR is it saves time by automate workflow processes, centralization - enables operations of various security tools in your environment(sandbox, log managements, 3rd party tools etc.) from one point. These tools are integrated into SOAR solutions.

SOAR Capabilities in Cyber Security

  • Threat Intelligence.
  • Case Management based Incident Response.
  • Security Operations Automation (SOA).
  • Vulnerability Management.
  • Playbook Management.

Popular SOAR solutions are - Splunk Phantom, IBM Resilient, Logsign, Demisto etc.

3. EDR

EDR stands for Endpoint Detection and Response. EDR solutions are used for conducting analysis on an endpoint device. EDR is also known as Endpoint Threat Detection and Response (ETDR). This is an integrated security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

Popular EDR solutions are - Carbon Black, SentinelOne, FireEye HX etc.

4. XDR

XDR stands for eXtended Detection and Response. XDR security solution is a successor of EDR with more features and capabilities like one click automated response, internal and external threat intel feed, automated enrichment and root cause analysis etc. XDR integrates and correlates data collected from SIEM, EDR, Threat Intel Feed, SOAR etc.

Popular XDR solutions are - Crowd Strike Falcon, Broadcom Symantec XDR, McAfee Mvision XDR etc.

Siem
Soar
Xdr
Edr
Security Operation Center

--

--

Vishnu Shivalal P
Vishnu Shivalal P

Written by Vishnu Shivalal P

502 Followers
95 Following

Cyber Security Engineer | Bug Hunter | Security Researcher | CTF Player | PenTester | Security Enthusiast | TryHackMe Top 1% www.linkedin.com/in/vishnushivalalp

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams