More regular a/v collapsed into endpoint protection, move from console to cloud, maybe even more consolidation btwn vendors.

NDR, SIEM expansion, IPS refresh, 365 migration to the cloud, and some DevOpSec.

Some call what he did DLC/DRM.  I think he'll suffer from reputation loss and vendors will move away from his software or try to back engineer their own based on his code.  Since it is open-source they should be able to do this with the right coder. It's legitimate…

I think the first step is configuration.  When teams are 1st deploying a new tool, working closely with the vendor to set up the best configuration possible to tune down the alerting for the least false positives, is critical to the success of your soc.  Even paying the…

Mitigation is taking your car in for an oil change and tune up.  Remediation is them finding you have a blown gasket seal and replacing the parts and greasing the engine to make your engine doesn't blow. AKA security vulnerability management.

Yet another chance to test our incident response procedures.  So far I would say we're a B. Good on the process, and an A on team response and interactions and reducing threat risk were about a B.  ID'g your external assets exposed to this vulnerability is your teams' #1…

@Evgeny Belenky To communicate to executive mgmt it would definitely be a PowerPoint presentation.  At a high level, you would need to display the risk of not buying a tool. You'd need to pull data from past events for the last year (ransomware etc) that caused impact or in…

East-west traffic monitoring solutions, like EDR, can complete a picture of the security environment and risk.

An easy answer for me - pretty much exactly what @Janet Staver described.  DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew.  S1 is an endpoint tool…

I can't say one way or the other for sure, but, having experienced Trend Micro in the past from an endpoint perspective they have their own way of doing things. They certainly didn't catch everything that even basic a/v like SEP did and they had a very convoluted setup and…

ROI-Return on investment; does it integrate well? does it work as advertised? is it cost-effective?  You could invest millions, what's good enough in your environment?

Depends on the size, scope and needs of your environment.  XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if…

I think most of the answers provided will work for you, but you have to take into account your environment, integration with other solutions, firewall, antivirus or even just Windows-native and you have to look at price vs features you want.  How much is good enough? You…

Once you have narrowed down the top 5 picks for a capability/solution, we typically will look at the last few things that make things stand out from the competition.  1-cost, 2-ease of deployment (need prof serv?) 3-support or training if all other features of products being…

We RFI/POC'd them all.  Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect. That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.

The risk of not patching:  -incompatibility between applications and the OS, or 3rd-party software -remote access/access in general to your network and ability to exploit, disrupt, steal IP, hold data hostage, or steal CCD or other compliance data (HIPAA, SOX, lab,…

To me, a tool like ServiceNow (not cheap for small orgs), would be an example of this.  Dmytro touched on the need to track changes but also assets. S/N can do both with different modules but essentially you have to have the S/N scanners go sniff out all the assets and…

At minimum, do the basics. Patch or mitigate vulnerabilities by isolating the access and impact. Invest in security (tools, people and processes), always have backups & recovery tools (VEEAM) and regular/validated process that works to restore. daily/diffs/weekly/monthly…

We didn't consider either of these after demo and comparison from reviews of multiple EDR solutions we came up with SentinelOne on top and are now POCg it as an endpoint solution.

There could be multiple answers to your question based on how your environment is set up. You have edge defense (firewalls, IDS, IPS like ngfw palos and fidelis), you have endpoint like av or edr (sentinel 1 or symantec or carbon black etc). There are also various other…

So this is what WIKI says about EDR EDR systems detect all endpoint threats and provide real-time response to the identified threats. ... EDR systems also collect high-quality forensic data which is needed for incident response and investigations. Overall, EDR security…

Account people have moved around and support has taken a small hit but still getting quick responses, although resolutions are taking a bit longer.