Many companies implement a SIEM or XDR product in order to meet their CIS8, NIST cybersecurity framework, ISO27001, or other compliance requirements. They may even hire a SOC team through a Managed Detection and Response (MDR) product to watch and respond to the alerting 24/7/365.

However, are they really monitoring everything necessary to detect a security incident? This presentation will consider at an architecture level the importance of system coverage in the effectiveness of the SEIM/XDR, in particular when covering cloud infrastructure. We’ll also look at what a SOC team would really see during an incident.

This will be a vendor-agnostic presentation.