Try our new research platform with insights from 80,000+ expert users

Badges

190 Points
4 Years
Top 5

User Activity

5 months ago
There is no better, there is more suitable according to your moment, profile and maturity. There is no point in having an advanced horse in the Gartner quartile if your operation is not mature enough to run the process and comply with the expected flow and correction. It's…
5 months ago
No, only ITSM but any one framework that you can use and equalize it. In CyberSecurity, be prepared to consider ISO, NIST, and CIS. Do you have any doubts about them? https://www.omniseccorp.com/ni...
Over 1 year ago
I´m not sure about this affirmation. There are a lot of other tools used.
Almost 2 years ago
Checks the quantity (and quality) of use cases for a specific sector (financial, for example) and connectors.
Almost 2 years ago
Automatic "security attributes" populated from the inventory-module.
Almost 2 years ago
CMDB first always (the quality of everyone else depends on it).
Over 2 years ago
Replied to Jairo Willian Pereira What is OWASP Top 10 in 2022
In a very reduced way, OWASP focuses on the main problems for the WEB scope (WEB only) and the ISO (and its parts) on the main errors from the beginning of development until the final product (not just web, but the main focus on languages used, its…
Over 2 years ago
Well, some times ago, EDR agents was moved to XDR but now, XDR is on "peak of inflated expectations", the second of five phases in product development hype. I'd rather wait a little bit, may be ZDR :)
Over 2 years ago
´til now, both. EDR technology is moving to XDR but is on "peak of inflated expectations", the second of five phases in product development hype (Gartner). I'd rather wait a little bit, may be ZDR :)
Over 2 years ago
Volume versus costs.Using an intermediate (free) tool to store, transform data and  forward only the sumarization (smartdata) of what really matters.
Over 2 years ago
OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?
Over 2 years ago
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Over 2 years ago
Analyze the wave of products at Gartner hype "Cycle".  EDR was good in the past. After that, MDR joined the hype and now XDR is the trend.  Wait for more in a couple of months and you'll get ZDR!
Over 2 years ago
Yes, and this answer is valid for any 'vulnerability analysis software' and company, independently of port/size/tool.  You can use all tools of the world and 'does not detect the entire spectrum of threats.  Threats are dynamic and assets (both software and hardware) change…
Over 2 years ago
Evolve first, revolt at the end (always based on some company's reference architecture, 'age' of tools and upgrade plans as well). 
Over 2 years ago
Service Now (is compliant with ITSM in all modules).  GLPi continues increasing a lot.
Almost 3 years ago
Mitigation: the act of reducing how harmful, unpleasant or bad something is. Remediation: the process of improving or correcting a situation. Please, see this material from CERT and check phases and differences. https://github.com/certsociete...
Almost 3 years ago
- pure-SNMP (multi-platform, free-costs and facility to distribute/manage) - Microsoft O365 build-in modules (if you have a contract, now with good features for Linux and mobile too). - Wazuh (price and versatility). - Manage Engine, IBM Tivoli (may have been rebranded), or…
Almost 3 years ago
1. Original thresholds from your tool 2. Number #1 plus an internal business sense for each asset (other tools, CMDB attribute, SID - Security ID and/or classification tags (baseline, stringent, internet-facing, workstation...). 3. A combination of both, for example, and an…
Almost 3 years ago
ELK.  Why? Price, easiness, vendor-neutral and customization.
Almost 3 years ago
Real-time and reliable inventory/CMDB (that can help entire company and others IT Governance domains to validade a trustworthy environment).
Almost 3 years ago
1. [True!] Cloud Security hardening/assessment.  2. AI (for massive data processing) 3. Data (protection) and breaches. 4. eGRC (enterprise GRC integrated with eRM and vendor-neutral xLAP visual presentation platform). 5. Collective Intelligence (MISP/Hive and similar…
Almost 3 years ago
IMHO, ServiceNow is a complete ITSM tool, designed to support tradictional/waterfall and digital/agile "business" and is completely adherent with ITIL (and others frameworks). LeanIX offers a more limited setup of inventary, correlation and others tools (for example, offers…
Almost 3 years ago
@Evgeny Belenky Yes, exactly with 1 point: not exactly "reactive" but a secondary tool to check environment.  The main problem is that majority of companies are using VS as the primary tool (and using patch mgmt as a secondary one). In this case, you resolve the problem but…
Almost 3 years ago
One excellent opportunity for the company to test your CMDB/Inventory (at medium and big companies).  Tenable, and I think, other Vulnerability Scanners offer a specific plugin used to check your infrastructure against Log4shell.  If you don't have VS, you can try looking at…
Almost 3 years ago
Visibility for proactive actions, whether business (BOC) or security (SOC).
Almost 3 years ago
I´m not sure about the answer, but I'll try Insourcing or outsourcing, partial or full MSS, Beginner, Intermediate or Professional (based on your maturity with subject/controls), SOC or BOC (Business Operation Center) - when you attack business IoC/IoT), on-premises or…
Almost 3 years ago
Both, but I prefer Nessus Pro (costs and you can define out-of-band your better presentation/xLAP platform) Tenable.io has its facilities and extra plugins/views/analytics, but nothing that can't be externally performed by another ETL/presentation tool (for a fraction of…
Almost 3 years ago
Both have the same purpose but not the same scope.  Ensuring CR does not guarantee BCP but guaranteeing BCP (properly following all plans and sub-plans as required by ISO22301 standard) guarantees CR People often confuse DR (Disaster Recovery) with BCP but DR is just a…
Almost 3 years ago
Kali Linux distro, using a red-teaming framework, starting with tools for reconnaissance, vulns, exploitation, reporting and re-thinking/remediation.
Almost 3 years ago
https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf Only this :)
Almost 3 years ago
I don't know these 2 solutions but a very important point to consider is called Linux (or Macintosh - non-Windows platforms that must be inspected by the tool.
Almost 3 years ago
For me, the 4 main variables are costs, speed (of being operating), business knowledge and customization.  All others - will depend on these variables.
Almost 3 years ago
It is also interesting to think about: 1. Have an effective and tested continuity plan 2. Know and prioritize your risks 3. Constantly monitor and assess your assets and logs
Almost 3 years ago
Usually, CSPs provide a list of what is/isn´t presented in their SLA and services book.  If your provider doesn't offer this info, consider asking for the deadlines (times in hours) that each service is resolved at each support level (Level1, L2, L3..., mapped w/each…
Almost 3 years ago
You can simulate different types of access/attacks using the matrix suggested by MITRE: https://attack.mitre.org/matri For example, you can transport one internal/specific problem/vulnerability of your environment to matrix and check/validate, possibilities and threats,…
About 3 years ago
I always like this order a lot: "Consider People and Process" and only after, Technology.
About 3 years ago
Lite & quick tip 1. Transcribe the goal that made you think about acquiring a SIEM. 2. Transcribe or transform this objective into activities that the platform should serve (usually these are the most basic). 3. Start by testing "your process" using an open-source or trial…
About 3 years ago
Essential and fundamentals ETLs features, I think, that are available over all types and products. Not only for differences and features but about "first/baby steps" and "next step when maturity grow".Article in Portuguese, but I strongly recommended reading it (even if via…
About 3 years ago
You can start with OpenVAS (an excellent tool during "first steps").  Depending on your goals, you can add Kali Linux during tests for "deeper inspection" validation. Remember that Microsoft offers some security tools and consulting based on your "contract/plan".
About 3 years ago
Unfortunately, this is in Portuguese (pt-BR), but it's worth reading (even via Google Translator).  That vision can change your all future decisions forever. One day, I translate it into English "When Gartner's Magic Quadrant isn't the best option for your company":…
About 3 years ago
Some products permit generating a native .MSI package. Sometimes, you can use PowerShell for connecting and installing packs in your environment Not-trivial: using a secondary tool (an administrative tool, iLo/iDRAC, PHP, expect, ssh-win, ...) is available or built-in over…
About 3 years ago
@Evgeny Belenky Normally, i search for another similar orgs, inline with scope/product/type/function over analysis (Forrester, av-test.org, IT Central etc.).
About 3 years ago
Mistakes 1. Choosing only using a Gartner magic quadrant. 2. Don't consider cross-platforms,like Linux, variants and mobile. 3. Evaluate the cost of each modules and TCO. Advices: 1. Test against pieces of real artifacts. 2. Consider geographic and political issues…
Over 3 years ago
IMO, the previous version (Nessus) is more interesting in costs for some projects.  Tenable has recently added a presentation/analytics layer to its products but using a non-viable cost model (you can generate the same results and dashboards combining Nessus and others…
Over 3 years ago
360° scanner and compliance checker inside authenticated environments.
Over 3 years ago
integrated anti-malware/end-point (without additional costs), as ATP/ATA sensor, Linux local "agent" (recently) and HIDS. 
Over 3 years ago
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
Over 3 years ago
Microsoft PBI grew and improved a lot. Tableau and Qlik are very easy and interesting but, all 3 solutions are very expensive If you are starting, you may try using OBIIE (an Oracle free solution for some type of licenses), Pentaho or any version of Hadoop-Like platforms.…
Over 3 years ago
ELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open implementation).  
Over 3 years ago
Guardium could expand the templates beyond CIS/STIG by correlating with other market-templates (PCI, Sox, HIPAA...) and maybe, in the future, put a button that allows you to autofix the problem identified in the asset/database (like Symantec ESM did in the past com several…
Over 3 years ago
Yes, essential*. You can start your program, for example, based on "Internet Facing" assets first, "Stringent" secondary, after "Baseline" and for last "workstation" If you have a "BCP" Continuity Program, another approach is to check "VBF" (Vital Business Function" assets…
Over 3 years ago
(local or global) market reputation/recognition (+ founded time), quality of services/professionals, customers served (mainly business-line, some very good with application is not so good with hardware/telecom, for example), staff (who will meet the demand), laboratory/tools…
Over 3 years ago
Proactive: Patch Mgmt Program, Continuos Vulnerability Scanner (search and fix), Monitoring by SOC/NOC or others secutiry tools (like a HIDS or NIDS components).Reactive: Incident Mgmt Plans categorized and specific by typication, BCP (complete Business Continuity Plan not…
Over 3 years ago
New build-in use-cases for Enterprise Security, a fair price-model, improvement over SPL and index performance, adding and integrating with new connectors and market platforms (more open-source solutions too).
Over 3 years ago
Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).
Over 3 years ago
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise). Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
Over 3 years ago
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise). Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
Over 3 years ago
Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource…
Over 3 years ago
Cost versus volume in the medium/long term are heavy. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". Before choose any tool…
Over 3 years ago
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case"…
Over 3 years ago
Answered a question: PoC template for SIEM
Hi, here you can download a vendor-neutral reference-document.Good luck with your decision (make it slowly). https://www.sans.org/media/vendor/evaluator-039-s-guide-nextgen-siem-38720.pdf
Over 3 years ago
SIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.) and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools offer a central place to collect events and alerts, security data from network devices, servers, domain…
Over 3 years ago
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset…
Almost 4 years ago
@James Dirksen thanks, i'll check it.
Almost 4 years ago
0. Your company maturity (to receive a excellent tool or if it can be a less commercial one) VERSUS speed to correct problems encountered;2. TCO and user-friendly (of operation, installation, training and maintenance);3. Ability to integrate/export to other platforms (ETL…
Almost 4 years ago
Authenticated users are a excellent way for you increase the quality and depth of your scanner. You can add/use cloud providers API-keys during tests, local or AD users/credentials with database, telecom devices and other types of digital assets. Normally, the difference…

Projects

Over 4 years ago
Enterprise Vulnerability Analysis - 2012, 2014, 2016 and 2018
Enterprise Vulnerability Analysis - 2012, 2014, 2016 & 2018 Over 15.000 active assets out|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in paralel with a photography of IT/Security maturity through three main domains:…
Almost 4 years ago
Migrating from COBIT 4.1 (maturity) to COBIT5 (capacity)
Team worked migrating and consolidating COBIT5 into a single overarching framework, providing one consistent and integrated source of guidance/PAs for the ITB (integrated IT Board and using old printed information/mapping generated by Modulo Risk Manager).Staff responsible…
Over 3 years ago
Customer Phase-Out Strategy (IBM to HP)
Wintel Tower Leader responsible for main actions in developing a migration strategy. Some of these actions will take in parallel, such as the definition of activities and the discussions with stakeholders who will be responsible in the future for the account.- Organizing…

Reviews

Questions

Answers

5 months ago
Vulnerability Management
5 months ago
IT Service Management (ITSM)
Almost 2 years ago
Help Desk Software
Almost 2 years ago
Help Desk Software
Over 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
Endpoint Detection and Response (EDR)
Almost 3 years ago
IT Alerting and Incident Management
Almost 3 years ago
Business Activity Monitoring
Almost 3 years ago
Security Information and Event Management (SIEM)
Almost 3 years ago
Application Security Tools
Almost 3 years ago
Help Desk Software
Almost 3 years ago
Application Security Tools
Almost 3 years ago
IT Alerting and Incident Management
Almost 3 years ago
Information Security and Risk Consulting Services
Almost 3 years ago
Information Security and Risk Consulting Services
Almost 3 years ago
Endpoint Protection Platform (EPP)
Almost 3 years ago
Intrusion Detection and Prevention Software (IDPS)
About 3 years ago
Security Information and Event Management (SIEM)
About 3 years ago
Security Information and Event Management (SIEM)
About 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
SOC as a Service
Over 3 years ago
Security Information and Event Management (SIEM)
Over 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Log Management
Over 3 years ago
Security Information and Event Management (SIEM)
Over 3 years ago
Security Information and Event Management (SIEM)
Over 3 years ago
Security Information and Event Management (SIEM)

Comments

Over 2 years ago
Extended Detection and Response (XDR)
Over 2 years ago
Application Security Tools
Over 2 years ago
Application Performance Monitoring (APM) and Observability
Almost 3 years ago
Security Information and Event Management (SIEM)
About 3 years ago
Application Performance Monitoring (APM) and Observability

About me

Writer, Speaker, Teacher and experienced professional with extensive know-how in IT (30+ years), Security (20+ years), Shared Services, Outsourcing (ITO/BPO), Cloud & Virtualization, Projects, Design & Architecture, Products Pricing and Definition. Professor for 10 years in MBA and post-graduation courses, teaching subjects within the field of corporate management, Unix, frameworks, governance and risk mgmt, security, IT, GRC, data governance and integration.
https://www.linkedin.com/in/jairowillian/