Hi @Giusel I agree with Shibu Splunk it's probably the best fit (or single point of truth) you can get at the market. With Splunk as a platform, it's natural to push forward to SOC and SOAR.  Don't forget to use the ingested data for several additional use cases in ITOps…

Hi Dears Thanks for your contributions and @Shibu Babuchandran ​ for the great listing (LIKED) Why just take one or another? Our customers prefer a hybrid model.  So, we are MSSP but the customers plan or have CISO/ Architects/Analysts in place and we work together. In the…

@David Swift   well its top rated by Gartner for example and it is a plattform, so 90 % of Sec Data is very useful for ITOps and much more Dep. like Sales and Marketing Together with some Apps its the Single point of Truth for transparency and best decission making for your…

Hi Satish, well i am not quite sure if only one thing will help. What ab a Plattform, is it worth a try? I recently had a pitch of a plattform called Tanium, i think it´s may be worth to give it a try? Please let me now, about your opinon. Best Regards Norman

Well, these are pretty good points with a vast variety of options and hints Please think of creating success criteria out of these points and let the vendors agree to them.  And if you have a lot of criteria you should sort them in A, B, C classification (from "must" to…

Hi @Rick Briggs Do you really want to run this by yourself? If yes, i go with @Javier Medina, give it a try. If no, look for a "local" hero to run, configure and update the stuff you need. Why taking a local provider? Because they care maybe more than the big ones. Thats my…

Hi everybody What should I add? Thanks to all for your good support. To sum it up: Talk to your trusted advisor and together take or create your checklist out of all these stuff and then go ahead with the business case or whatever is needed to get the budget.  If later this…

I can only agree with the previous speakers. Both systems are good and differ in details Apart from the budget, topics such as scalability and which systems (SIEM/SOC) the components are connected to are important. And then there is the saying that we all know: Who buys…

Hi Sanguan its "quite easy" there are only two option, if you go for the best. One is Q-Radar, as recommended below the other one is of course splunk. https://www.paloaltonetworks.c... In terms of easyness of use, quickness of installation, speed of adaptation (dynamic…

Hello All,I hope you had a merry Christmas.In this case it is as simple as it is.Just take Proofpoint ObserveIT - many companies in the public and financial sector have been using it for years.By the way, it has GDPR conformity, that's especially interesting if you want to…

Awareness Awareness and Awareness, the Problem is the Head True story, issues take place on the senior lvl (Open USB Port, no Clean Desk Policy, etc.) Afterwards "we" (the working lvl) can talk about trainings and SW/HW Solutions. So first is that security means not only…

In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to admin costs for handling more complex scenarios the same applies to QRadar…

The best tool on the market today is Splunk. Referring to explorative search, easiness of administration and Scalability, there is nothing comparable. The only possible threshold is that you need to buy the license, it's not freeware.

We use ELK or other freeware stacks in isolated small scenarios Think of a small or medium company with a „midsized“ webshop. You can easily do your Log management with an ELK-Stack, let's say size 5 up to 10 GB, no Problem. Please keep in mind to order Hardware. The best…