Try our new research platform with insights from 80,000+ expert users

Badges

195 Points
2 Years
Top 5

User Activity

Almost 2 years ago
UEBA for firewall analytics or are you talking about anomaly detection for firewall traffic behaviors?  
Almost 2 years ago
"SIEM" and "Next-Gen SIEM" are often used in marketing and may not have a clear definition. Each vendor may have their own interpretation of these terms. The main difference between SIEM and Next-Gen SIEM (often called XDR) is the responsibility for creating security…
Almost 2 years ago
I noticed that you mentioned a few SOAR vendors in the list, however, I would like to bring to your attention that Critical Start, Exabeam Fusion, and McAfee ePolicy are not SOAR providers.
About 2 years ago
There are various approaches that organizations can take to help ensure that alert severity is properly assessed and to mitigate the impact of alert fatigue - One approach is to use a standardized system for evaluating and assigning severity levels to alerts. For example,…
About 2 years ago
Advanced SOAR.  It has no-code automation but also has intelligence embedded to auto correlate alerts like XDR does.  Something between SOAR and XDR. 
About 2 years ago
@Maged Magdy agree. These playbooks are a good starting point and need to be customized. 
About 2 years ago
An incident response playbook is a set of pre-defined steps and procedures that outline how to respond to a specific type of security incident. The playbook typically includes detailed instructions on how to identify, contain, and remediate the incident, as well as any…
About 2 years ago
We've worked in SOC for many years. Here are a few pain points in SIEM solution purchases Difficulty evaluating and comparing different SIEM products: With a large number of SIEM products on the market, it can be challenging for organizations to determine which product is…
About 2 years ago
SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) are both tools used in cybersecurity to monitor and respond to security threats. However, they have different primary functions and use cases SIEM is primarily used…

Projects

About 2 years ago
1) Ph.D. in computer science. 2) leader in
1) Ph.D. in computer science. 2) leader in the field of security operations analysis and data science at Microsoft. 3) five-time patent holder. 4) founder of Dtonomy, a security orchestration, and automation company.

Answers

Almost 2 years ago
User Entity Behavior Analytics (UEBA)
Almost 2 years ago
Security Information and Event Management (SIEM)
About 2 years ago
IT Alerting and Incident Management
About 2 years ago
Security Information and Event Management (SIEM)
About 2 years ago
Security Information and Event Management (SIEM)

Comments

Almost 2 years ago
Security Orchestration Automation and Response (SOAR)

About me

Co-founder of DTonomy(www.dtonomy.com), an AI-based security analysis and response company
and NoiseTotal (https://noisetotal.io/), threat intelligence on false positives, the opposite of NoiseTotal
and Phish AIR, the popular plugin for quick phishing analysis and reporting

Interesting Projects and Accomplishments