Badges
20 Points
5 Years
User Activity
Over 2 years ago
Contributed a review of Splunk SOAR: Reliable with helpful support and the capability to expand
Almost 3 years ago
Answered a question: Are you aware of SIEM platforms that integrate both Active Directory auditing and security monitoring tools?
Hi @Giusel
I agree with Shibu Splunk it's probably the best fit (or single point of truth) you can get at the market. With Splunk as a platform, it's natural to push forward to SOC and SOAR.
Don't forget to use the ingested data for several additional use cases in ITOps…
About 3 years ago
Answered a question: What are the pros and cons of internal SOC vs SOC-as-a-Service?
Hi Dears
Thanks for your contributions and @Shibu Babuchandran for the great listing (LIKED)
Why just take one or another? Our customers prefer a hybrid model.
So, we are MSSP but the customers plan or have CISO/ Architects/Analysts in place and we work together.
In the…
About 3 years ago
Replied to Norman Freitag Which is the best SIEM solution for a government organization?
@David Swift
well its top rated by Gartner for example and it is a plattform, so 90 % of Sec Data is very useful for ITOps and much more Dep. like Sales and Marketing
Together with some Apps its the Single point of Truth for transparency and best decission making for your…
About 3 years ago
Answered a question: What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?
Hi Satish, well i am not quite sure if only one thing will help.
What ab a Plattform, is it worth a try?
I recently had a pitch of a plattform called Tanium, i think it´s may be worth to give it a try?
Please let me now, about your opinon.
Best Regards
Norman
Over 3 years ago
Answered a question: What's the best way to trial endpoint protection solutions?
Well, these are pretty good points with a vast variety of options and hints
Please think of creating success criteria out of these points and let the vendors agree to them.
And if you have a lot of criteria you should sort them in A, B, C classification (from "must" to…
Over 3 years ago
Answered a question: What inexpensive firewall can provide the best performance and protection (food order service)?
Hi @Rick Briggs
Do you really want to run this by yourself?
If yes, i go with @Javier Medina, give it a try.
If no, look for a "local" hero to run, configure and update the stuff you need.
Why taking a local provider? Because they care maybe more than the big ones.
Thats my…
Over 3 years ago
Answered a question: How do you plan for a security review for firewalls?
Hi everybody
What should I add? Thanks to all for your good support.
To sum it up:
Talk to your trusted advisor and together take or create your checklist out of all these stuff and then go ahead with the business case or whatever is needed to get the budget.
If later this…
Over 3 years ago
Answered a question: Which firewall is better and why: Sophos XG 210 or Fortinet FortiGate 100E?
I can only agree with the previous speakers. Both systems are good and differ in details
Apart from the budget, topics such as scalability and which systems (SIEM/SOC) the components are connected to are important.
And then there is the saying that we all know: Who buys…
Almost 4 years ago
Answered a question: Which SIEM is best fit with Palo Alto Cortex XDR?
Hi Sanguan
its "quite easy" there are only two option, if you go for the best.
One is Q-Radar, as recommended below the other one is of course splunk.
https://www.paloaltonetworks.c...
In terms of easyness of use, quickness of installation, speed of adaptation (dynamic…
Almost 4 years ago
Answered a question: Looking for recommendations and a pros/cons template for software to detect insider threats
Hello All,I hope you had a merry Christmas.In this case it is as simple as it is.Just take Proofpoint ObserveIT - many companies in the public and financial sector have been using it for years.By the way, it has GDPR conformity, that's especially interesting if you want to…
Over 4 years ago
Answered a question: What can businesses do to improve their security posture?
Awareness Awareness and Awareness, the Problem is the Head
True story, issues take place on the senior lvl (Open USB Port, no Clean Desk Policy, etc.)
Afterwards "we" (the working lvl) can talk about trainings and SW/HW Solutions.
So first is that security means not only…
Over 4 years ago
Answered a question: Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to admin costs for handling more complex scenarios the same applies to QRadar…
Over 4 years ago
Answered a question: Which is the best SIEM solution for a government organization?
The best tool on the market today is Splunk. Referring to explorative search, easiness of administration and Scalability, there is nothing comparable.
The only possible threshold is that you need to buy the license, it's not freeware.
About 5 years ago
Answered a question: What are the advantages of ELK over Splunk?
We use ELK or other freeware stacks in isolated small scenarios
Think of a small or medium company with a „midsized“ webshop. You can easily do your Log management with an ELK-Stack, let's say size 5 up to 10 GB, no Problem. Please keep in mind to order Hardware. The best…
Reviews
Answers
Almost 3 years ago
Security Information and Event Management (SIEM)
About 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Endpoint Protection Platform (EPP)
Over 3 years ago
Firewalls
Almost 4 years ago
Security Information and Event Management (SIEM)
Almost 4 years ago
Data Loss Prevention (DLP)
Over 4 years ago
Advanced Threat Protection (ATP)
Over 4 years ago
Security Information and Event Management (SIEM)
Over 4 years ago
Security Information and Event Management (SIEM)