Top 8 Security Incident Response Tools
Carbon Black CB DefenseIBM ResilientFireEye HelixCarbon Black CB ResponseSecureworks Red Cloak Threat Detection and ResponseSECDO PlatformProofpoint Threat ResponseD3 Security
I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use.
The solution is very useful and easy to handle. You don't need much intervention with this product.
This is a good solution that we recommend for customers.
The UBA, User Behavior Analytics, is very good.
It is kind of simple and very easily deployable. You can start working with it very fast.
I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good.
Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support.
Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread.
The features that I have found most valuable are that the search capabilities are easy to use. The dashboards are good. The reports are good. It is just simple from a deployment standpoint - that was easy.
Technical support is great. Palo Alto is extremely helpful and responsive.
The ease of deployment is a valuable feature.
Support is very responsive.
It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so.
Advice From The CommunityRead answers to top Security Incident Response questions. 566,121 professionals have gotten help from our community of experts.
Hi SOC analysts and other infosec professionals, Which standard/custom method do you use to decide about the alert severity in your SOC? Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?
Hello security professionals, What is the main difference between these two terms in incident response: mitigation and remediation. Please share some examples, if applicable. Thanks,
Hi peers, I believe many of you have already heard of the recent Log4j/Log4Shell vulnerability that allows attackers to perform remote code execution (RCE). What does it mean for an organization? How can you check you're vulnerable and mitigate/patch it now, if at all? Lastly, what impact do you see this can have in the near future? Thanks
Hi community, I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it. Thanks
Hi, When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?