SIEM v/s SOAR v/s EDR v/s XDR

These security solutions are used by Cyber Security professionals to identify and mitigate cyber threats. Most of them works on similar principle, but they’ve their own usage and benefits.

1. SIEM

SIEM stands for Security Information and Event Management. SIEM is a security solution that collects and interprets data within the organization and then also detects potential threats. This solution provides real time logging of events in an environment and detects security threats.

Popular SIEM solutions are - IBM QRadar, ArcSight ESM, FortiSIEM, Splunk, AlienVault OSSIM, Wazuh etc.

2. SOAR

SOAR stands for Security Orchestration, Automation & Response. SOAR enables security products and tools within an environment to work together and therefore makes the SOC team member’s job easier. This solution can automate security operations like threat detection, triage potential threats etc. The benefits of SOAR is it saves time by automate workflow processes, centralization - enables operations of various security tools in your environment(sandbox, log managements, 3rd party tools etc.) from one point. These tools are integrated into SOAR solutions.

SOAR Capabilities in Cyber Security

  • Threat Intelligence.
  • Case Management based Incident Response.
  • Security Operations Automation (SOA).
  • Vulnerability Management.
  • Playbook Management.

Popular SOAR solutions are - Splunk Phantom, IBM Resilient, Logsign, Demisto etc.

3. EDR

EDR stands for Endpoint Detection and Response. EDR solutions are used for conducting analysis on an endpoint device. EDR is also known as Endpoint Threat Detection and Response (ETDR). This is an integrated security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

Popular EDR solutions are - Carbon Black, SentinelOne, FireEye HX etc.

4. XDR

XDR stands for eXtended Detection and Response. XDR security solution is a successor of EDR with more features and capabilities like one click automated response, internal and external threat intel feed, automated enrichment and root cause analysis etc. XDR integrates and correlates data collected from SIEM, EDR, Threat Intel Feed, SOAR etc.

Popular XDR solutions are - Crowd Strike Falcon, Broadcom Symantec XDR, McAfee Mvision XDR etc.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vishnu Shivalal P

Cyber Security Analyst | Bug Hunter | Security Researcher | CTF Player | PenTester | Security Enthusiast | TryHackMe Top 1% www.linkedin.com/in/vishnushivalalp