Badges
User Activity
Almost 2 years ago
Answered a question: Which UEBA solution do you recommend and why?
UEBA for firewall analytics or are you talking about anomaly detection for firewall traffic behaviors?
Almost 2 years ago
Answered a question: What is the difference between SIEM and Next-Gen SIEM solutions?
"SIEM" and "Next-Gen SIEM" are often used in marketing and may not have a clear definition. Each vendor may have their own interpretation of these terms. The main difference between SIEM and Next-Gen SIEM (often called XDR) is the responsibility for creating security…
Almost 2 years ago
I noticed that you mentioned a few SOAR vendors in the list, however, I would like to bring to your attention that Critical Start, Exabeam Fusion, and McAfee ePolicy are not SOAR providers.
About 2 years ago
Answered a question: How do you decide about the alert severity in your Security Operations Center (SOC)?
There are various approaches that organizations can take to help ensure that alert severity is properly assessed and to mitigate the impact of alert fatigue
- One approach is to use a standardized system for evaluating and assigning severity levels to alerts. For example,…
About 2 years ago
Answered a question: What tools and solutions do you use for automated incident response in an enterprise in 2022?
Advanced SOAR. It has no-code automation but also has intelligence embedded to auto correlate alerts like XDR does. Something between SOAR and XDR.
About 2 years ago
Replied to Maged Magdy What is an incident response playbook and how is it used in SOAR?
@Maged Magdy agree. These playbooks are a good starting point and need to be customized.
About 2 years ago
Answered a question: What is an incident response playbook and how is it used in SOAR?
An incident response playbook is a set of pre-defined steps and procedures that outline how to respond to a specific type of security incident. The playbook typically includes detailed instructions on how to identify, contain, and remediate the incident, as well as any…
About 2 years ago
Answered a question: What were your main pain points during the SIEM product purchase process?
We've worked in SOC for many years. Here are a few pain points in SIEM solution purchases
Difficulty evaluating and comparing different SIEM products: With a large number of SIEM products on the market, it can be challenging for organizations to determine which product is…
About 2 years ago
Answered a question: What is the difference between SIEM and SOAR platforms?
SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) are both tools used in cybersecurity to monitor and respond to security threats. However, they have different primary functions and use cases
SIEM is primarily used…
Projects
About 2 years ago
1) Ph.D. in computer science. 2) leader in1) Ph.D. in computer science.
2) leader in the field of security operations analysis and data science at Microsoft.
3) five-time patent holder.
4) founder of Dtonomy, a security orchestration, and automation company.
Answers
Almost 2 years ago
User Entity Behavior Analytics (UEBA)
Almost 2 years ago
Security Information and Event Management (SIEM)
About 2 years ago
Network Monitoring Software
About 2 years ago
IT Alerting and Incident Management
About 2 years ago
IT Alerting and Incident Management
About 2 years ago
Security Information and Event Management (SIEM)
About 2 years ago
Security Information and Event Management (SIEM)
Comments
Almost 2 years ago
Security Orchestration Automation and Response (SOAR)
About me
Co-founder of DTonomy(www.dtonomy.com), an AI-based security analysis and response company
and NoiseTotal (https://noisetotal.io/), threat intelligence on false positives, the opposite of NoiseTotal
and Phish AIR, the popular plugin for quick phishing analysis and reporting
Interesting Projects and Accomplishments
About 2 years ago