Try our new research platform with insights from 80,000+ expert users

Badges

20 Points
6 Years

User Activity

Almost 3 years ago
More regular a/v collapsed into endpoint protection, move from console to cloud, maybe even more consolidation btwn vendors.
Almost 3 years ago
NDR, SIEM expansion, IPS refresh, 365 migration to the cloud, and some DevOpSec.
Almost 3 years ago
Some call what he did DLC/DRM.  I think he'll suffer from reputation loss and vendors will move away from his software or try to back engineer their own based on his code.  Since it is open-source they should be able to do this with the right coder. It's legitimate…
Almost 3 years ago
I think the first step is configuration.  When teams are 1st deploying a new tool, working closely with the vendor to set up the best configuration possible to tune down the alerting for the least false positives, is critical to the success of your soc.  Even paying the…
Almost 3 years ago
Mitigation is taking your car in for an oil change and tune up.  Remediation is them finding you have a blown gasket seal and replacing the parts and greasing the engine to make your engine doesn't blow. AKA security vulnerability management.
About 3 years ago
Yet another chance to test our incident response procedures.  So far I would say we're a B. Good on the process, and an A on team response and interactions and reducing threat risk were about a B.  ID'g your external assets exposed to this vulnerability is your teams' #1…
About 3 years ago
@Evgeny Belenky To communicate to executive mgmt it would definitely be a PowerPoint presentation.  At a high level, you would need to display the risk of not buying a tool. You'd need to pull data from past events for the last year (ransomware etc) that caused impact or in…
About 3 years ago
East-west traffic monitoring solutions, like EDR, can complete a picture of the security environment and risk.
About 3 years ago
An easy answer for me - pretty much exactly what @Janet Staver described.  DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew.  S1 is an endpoint tool…
About 3 years ago
I can't say one way or the other for sure, but, having experienced Trend Micro in the past from an endpoint perspective they have their own way of doing things. They certainly didn't catch everything that even basic a/v like SEP did and they had a very convoluted setup and…
About 3 years ago
ROI-Return on investment; does it integrate well? does it work as advertised? is it cost-effective?  You could invest millions, what's good enough in your environment?
About 3 years ago
Depends on the size, scope and needs of your environment.  XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if…
Over 3 years ago
I think most of the answers provided will work for you, but you have to take into account your environment, integration with other solutions, firewall, antivirus or even just Windows-native and you have to look at price vs features you want.  How much is good enough? You…
Over 3 years ago
Once you have narrowed down the top 5 picks for a capability/solution, we typically will look at the last few things that make things stand out from the competition.  1-cost, 2-ease of deployment (need prof serv?) 3-support or training if all other features of products being…
Over 3 years ago
We RFI/POC'd them all.  Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect. That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.
Over 3 years ago
The risk of not patching:  -incompatibility between applications and the OS, or 3rd-party software -remote access/access in general to your network and ability to exploit, disrupt, steal IP, hold data hostage, or steal CCD or other compliance data (HIPAA, SOX, lab,…
Over 3 years ago
To me, a tool like ServiceNow (not cheap for small orgs), would be an example of this.  Dmytro touched on the need to track changes but also assets. S/N can do both with different modules but essentially you have to have the S/N scanners go sniff out all the assets and…
Over 3 years ago
At minimum, do the basics. Patch or mitigate vulnerabilities by isolating the access and impact. Invest in security (tools, people and processes), always have backups & recovery tools (VEEAM) and regular/validated process that works to restore. daily/diffs/weekly/monthly…
Over 4 years ago
We didn't consider either of these after demo and comparison from reviews of multiple EDR solutions we came up with SentinelOne on top and are now POCg it as an endpoint solution.
Over 4 years ago
There could be multiple answers to your question based on how your environment is set up. You have edge defense (firewalls, IDS, IPS like ngfw palos and fidelis), you have endpoint like av or edr (sentinel 1 or symantec or carbon black etc). There are also various other…
Over 4 years ago
So this is what WIKI says about EDR EDR systems detect all endpoint threats and provide real-time response to the identified threats. ... EDR systems also collect high-quality forensic data which is needed for incident response and investigations. Overall, EDR security…
Over 5 years ago
Account people have moved around and support has taken a small hit but still getting quick responses, although resolutions are taking a bit longer.
Almost 7 years ago
Contributed a review of Fidelis Elevate: IPS security, originally from the GOVT space, now commerical

Reviews

Answers

Almost 3 years ago
Endpoint Protection Platform (EPP)
Almost 3 years ago
Application Security Tools
Almost 3 years ago
IT Alerting and Incident Management
About 3 years ago
Extended Detection and Response (XDR)
About 3 years ago
Endpoint Protection Platform (EPP)
About 3 years ago
Virtualization Security
About 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Endpoint Detection and Response (EDR)
Over 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Configuration Management
Over 4 years ago
Endpoint Detection and Response (EDR)
Over 4 years ago
Endpoint Detection and Response (EDR)

Comments

Over 5 years ago
Endpoint Detection and Response (EDR)