Badges
20 Points
6 Years
User Activity
Almost 3 years ago
Answered a question: What are your top Endpoint Protection Platform (EPP) predictions for 2022?
More regular a/v collapsed into endpoint protection, move from console to cloud, maybe even more consolidation btwn vendors.
Almost 3 years ago
Answered a question: What are the Top 5 cybersecurity trends in 2022?
NDR, SIEM expansion, IPS refresh, 365 migration to the cloud, and some DevOpSec.
Almost 3 years ago
Answered a question: Developer sabotaged his own popular open-source libraries - WDYT?
Some call what he did DLC/DRM.
I think he'll suffer from reputation loss and vendors will move away from his software or try to back engineer their own based on his code.
Since it is open-source they should be able to do this with the right coder. It's legitimate…
Almost 3 years ago
Answered a question: How do you decide about the alert severity in your Security Operations Center (SOC)?
I think the first step is configuration.
When teams are 1st deploying a new tool, working closely with the vendor to set up the best configuration possible to tune down the alerting for the least false positives, is critical to the success of your soc.
Even paying the…
Almost 3 years ago
Answered a question: What is the difference between mitigation and remediation in incident response?
Mitigation is taking your car in for an oil change and tune up.
Remediation is them finding you have a blown gasket seal and replacing the parts and greasing the engine to make your engine doesn't blow. AKA security vulnerability management.
Almost 3 years ago
Answered a question: What does the Log4j/Log4Shell vulnerability mean for your company?
Yet another chance to test our incident response procedures.
So far I would say we're a B. Good on the process, and an A on team response and interactions and reducing threat risk were about a B.
ID'g your external assets exposed to this vulnerability is your teams' #1…
About 3 years ago
Replied to ITSecuri7cfd How do you justify purchasing an XDR solution to your C-suite?
@Evgeny Belenky To communicate to executive mgmt it would definitely be a PowerPoint presentation.
At a high level, you would need to display the risk of not buying a tool. You'd need to pull data from past events for the last year (ransomware etc) that caused impact or in…
About 3 years ago
Answered a question: How do you justify purchasing an XDR solution to your C-suite?
East-west traffic monitoring solutions, like EDR, can complete a picture of the security environment and risk.
About 3 years ago
Answered a question: Which is better - SentinelOne or Darktrace?
An easy answer for me - pretty much exactly what @Janet Staver described.
DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew.
S1 is an endpoint tool…
About 3 years ago
Answered a question: Is Crowdstrike Falcon better than Trend Micro Deep Security?
I can't say one way or the other for sure, but, having experienced Trend Micro in the past from an endpoint perspective they have their own way of doing things. They certainly didn't catch everything that even basic a/v like SEP did and they had a very convoluted setup and…
About 3 years ago
Answered a question: When evaluating Endpoint Security, what aspect do you think is the most important to look for?
ROI-Return on investment; does it integrate well? does it work as advertised? is it cost-effective?
You could invest millions, what's good enough in your environment?
About 3 years ago
Answered a question: Cortex XDR by Palo Alto vs. Sentinel One
Depends on the size, scope and needs of your environment.
XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if…
About 3 years ago
Answered a question: Which is the best EDR for a logistics company with 500-1000 employees?
I think most of the answers provided will work for you, but you have to take into account your environment, integration with other solutions, firewall, antivirus or even just Windows-native and you have to look at price vs features you want.
How much is good enough? You…
Over 3 years ago
Answered a question: What's the best way to trial endpoint protection solutions?
Once you have narrowed down the top 5 picks for a capability/solution, we typically will look at the last few things that make things stand out from the competition.
1-cost, 2-ease of deployment (need prof serv?) 3-support or training if all other features of products being…
Over 3 years ago
Answered a question: What do you recommend to choose when replacing Symantec EDR: SentinelOne or CrowdStirke Falcon?
We RFI/POC'd them all.
Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect.
That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.
Over 3 years ago
Answered a question: Why is patch management important for cybersecurity?
The risk of not patching:
-incompatibility between applications and the OS, or 3rd-party software
-remote access/access in general to your network and ability to exploit, disrupt, steal IP, hold data hostage, or steal CCD or other compliance data (HIPAA, SOX, lab,…
Over 3 years ago
Answered a question: What is automated configuration management?
To me, a tool like ServiceNow (not cheap for small orgs), would be an example of this.
Dmytro touched on the need to track changes but also assets. S/N can do both with different modules but essentially you have to have the S/N scanners go sniff out all the assets and…
Over 3 years ago
Answered a question: What lessons can be learned from the Colonial Pipeline ransomware attack?
At minimum, do the basics. Patch or mitigate vulnerabilities by isolating the access and impact. Invest in security (tools, people and processes), always have backups & recovery tools (VEEAM) and regular/validated process that works to restore. daily/diffs/weekly/monthly…
Over 4 years ago
Answered a question: Carbon Black and Cylance Comparison for EDR
We didn't consider either of these after demo and comparison from reviews of multiple EDR solutions we came up with SentinelOne on top and are now POCg it as an endpoint solution.
Over 4 years ago
Answered a question: What measures should a business have in place to enable an effective incident response for data breaches?
There could be multiple answers to your question based on how your environment is set up. You have edge defense (firewalls, IDS, IPS like ngfw palos and fidelis), you have endpoint like av or edr (sentinel 1 or symantec or carbon black etc). There are also various other…
Over 4 years ago
Answered a question: What is the difference between EDR and traditional antivirus?
So this is what WIKI says about EDR
EDR systems detect all endpoint threats and provide real-time response to the identified threats. ... EDR systems also collect high-quality forensic data which is needed for incident response and investigations. Overall, EDR security…
Over 5 years ago
Account people have moved around and support has taken a small hit but still getting quick responses, although resolutions are taking a bit longer.
Over 6 years ago
Contributed a review of Fidelis Elevate: IPS security, originally from the GOVT space, now commerical
Reviews
Answers
Almost 3 years ago
Endpoint Protection Platform (EPP)
Almost 3 years ago
Software Components
Almost 3 years ago
Network Monitoring Software
Almost 3 years ago
IT Alerting and Incident Management
Almost 3 years ago
Application Security Tools
About 3 years ago
Extended Detection and Response (XDR)
About 3 years ago
Virtualization Security
About 3 years ago
Endpoint Protection Platform (EPP)
About 3 years ago
Endpoint Detection and Response (EDR)
Over 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Backup and Recovery
Over 4 years ago
IT Alerting and Incident Management
Over 4 years ago
Endpoint Detection and Response (EDR)
Comments
Over 5 years ago
Endpoint Detection and Response (EDR)