The SOC Visibility Triad aims to give SOCs complete coverage of their environments by combining NDR, EDR and SIEM. In recent years workloads have been shifting to cloud, and an extended remote workforce are leveraging more unmanaged devices.This has led SOCs to increase their focus on NDR in the SOC triad.
In this webinar Jon Oltsik, Senior Principal Analyst & ESG Fellow, and XX from Vectra will discuss how:
- NDR is uniquely positioned to leverage cloud provider logs and SaaS APIs as data sources for detections
- The added context of identity and privilege that NDR brings to the SOC triad maps well with how attackers operate in the cloud
- Modern supervisedML-models allows NDR to parse through the increasing data generated by cloud in real-time