Mitchell Bezzina

@masiout_ :: HBe 0 tqwes

Been 2 months since I gave out a World Championship. I kinda feel guilty, but the £1 Million make up for it.

@CroftyF1 Shouldnt Mercedes be fined as well when they decided to use the design that they previously gave/sold to RacingPoint? Surely some responsibility falls to them as bit teams using them what made it illegal. Speaking impartially. Thanks for a great show & team @SkySportsF1

@EricSkinner @Pfirstbrook @ianmcshane Agreed, XDR lets us step away from data sources and is an opportunity to focus on analyst outcomes. Alerts and Logs in SIEM lack context, N/EDR has context from that source but lacks the rest. Enter XDR that brings it all together for unknowns & SOAR to automate known ops process

@Pfirstbrook It's a different problem set from SIEM/SOAR for the reasons you describe, but not necessarily a smaller problem. XDR needs to deliver more by leveraging the deeper data view it gets. As @ianmcshane says, "more context with quality data." Email and network visibility can enrich.

@josh_zelonis Could go the reverse as well :) this is why its such a great conversation, glad your leading this

@MitchellBezzina I'd tell you that cloud is just an abstraction of systems and applications.

I'm claiming analyst privilege on XDR: 1) The acronym is Extended Detection & Response 2) Fully formed XDR capabilities are vendor agnostic and do detection on application, endpoint, and network telemetry. 3) If this sounds like a SIM use case it's because this is not new.

@josh_zelonis Thats fair, but I think itll be hard to draw the line? If you add the Application context, what about Containers, PaaS, IaaS, IOT, etc... Might be a slippery slope. I think we should find the uber classifications, we chose Network, Endpoint and Cloud which is an option

@MitchellBezzina I would argue that in order to do detection well you first have to collect data, and then you need to classify or contextualize it. This is a lot easier to do when observing behavior at the same level it's occurring.

@EricSkinner @josh_zelonis @maximweinstein Absolutely agree, also it's telemetry not logs which are parsed and lose context leaving the analyst searching for the lost context

@josh_zelonis @maximweinstein One of the things that’s different between XDR and SIEM (most of the time, for now) is that XDR (just like EDR) sees full activity telemetry, not just alerts. XDR does (or leverages) full EDR-style activity recording, on endpoints and more.

@starwars Looking forward to #TheRiseOfSkywalkerSweepstakes

@StarWars #TheRiseOfSkywalkerSweepstakes

There's enough companies branding their EDR+ solutions XDR I think it's a thing now.

@k3r3n3 giving a great run down on the latest attack techniques at #Ignite2018

@aespinosa @aespinosa Feel bad for anyone who has to read through that transcript! Anyone else voice hacked an echo?

See, @MitchellBezzina? I’m not the only one hacking your Amazon Echo! 😜 twitter.com/threatpost/sta…

@aespinosa Congrats Ale! Diddo to @timpatobrien

Thrilled to be joining Splunk! If you're at RSA 2018 this week, catch me at the Splunk booth - North Hall #3409. splunk.com/en_us/about-us…

@PaloAltoNtwks snaps up @secdocyber in endpoint security boost hubs.ly/H0bDhkf0 by @arnnet

Attackers exploit vulnerability on the remote code execution flaw (CVE-2018-0171) in Smart Install function of Cisco switch hubs.ly/H0bCJ260

Alternative communications planning and cybersecurity incident response - what to do if a data breach compromises corporate email servers hubs.ly/H0bCH3l0

@PaloAltoNtwks to buy endpoint detection and response startup @secdocyber hubs.ly/H0bDjdf0 by @crn_au

@PaloAltoNtwks buys Israeli cybersecurity firm @secdocyber hubs.ly/H0bDjcG0 by @timesofisrael

New wave of #cyberattacks targeting financial and information services in US and Middle East, uses a new multi-stage infection technique to deliver #FormBook #malware hubs.ly/H0bCHLZ0

@PaloAltoNtwks Announces Intent to Acquire @secdocyber hubs.ly/H0bCKyc0