Top 8 Security Incident Response

Carbon Black CB DefenseServiceNow Security OperationsFireEye HelixIBM ResilientSecureworks Red Cloak Threat Detection and ResponseCarbon Black CB ResponseProofpoint Threat ResponseSECDO Platform
  1. leader badge
    The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly.The solution has a library where we can have multiple threat intels onboarded. We just have to subscribe to a particular site intel and they'll provide us with all of the truncated details so that we can create IOCs and alerts on the basis of those IOCs.
  2. The ease of use is great.The product has a very simple UI.
  3. Buyer's Guide
    Security Incident Response
    December 2022
    Find out what your peers are saying about VMware, ServiceNow, Trellix and others in Security Incident Response. Updated: December 2022.
    670,331 professionals have used our research since 2012.
  4. The most valuable features include predefined use cases and threatening states.It is kind of simple and very easily deployable. You can start working with it very fast.
  5. This is a good solution that we recommend for customers. The UBA, User Behavior Analytics, is very good.
  6. The features that I have found most valuable are that the search capabilities are easy to use. The dashboards are good. The reports are good. It is just simple from a deployment standpoint - that was easy.
  7. Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support.Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread.
  8. report
    Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.
    670,331 professionals have used our research since 2012.
  9. The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature.
  10. Technical support is great. Palo Alto is extremely helpful and responsive. The ease of deployment is a valuable feature.

Advice From The Community

Read answers to top Security Incident Response questions. 670,331 professionals have gotten help from our community of experts.
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Dec 21 2022

Hi SOC analysts and other infosec professionals,

Which standard/custom method do you use to decide about the alert severity in your SOC? 

Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?

Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi @Evgeny Belenky, I think as long as you do this thing manually, you will… more »
7 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
Community Manager at a tech services company with 51-200 employees
Dec 21 2022

Hi dear community,

Can you explain what an incident response playbook is and the role it plays in SOAR? How do you build an incident response playbook? 

Do SOAR solutions come with a pre-defined playbook as a starting point?

Maged Magdy - PeerSpot reviewer
Maged MagdyHi, what an incident response playbook?  Incident Response Playbook is the… more »
5 Answers
Shibu Babuchandran - PeerSpot reviewer
Shibu Babuchandran
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 15 2022

Hi community,

What are your top 5 (or less) cyber security trends in 2022?

Thanks in advance!

Pablo Cousino - PeerSpot reviewer
Pablo Cousino1) Security in endpoints (especially because of remote work), especially to… more »
12 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Sep 15 2022

Hi,

When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?

Shibu Babuchandran - PeerSpot reviewer
Shibu BabuchandranHello, Below there are views on the pros and cons of Internal SOC and… more »
13 Answers
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Aug 10 2022
Hi infosec professionals, We all know how security terms can be confusing and there are permanent discussions between professionals about simple ones. How would you describe the difference between cyber resilience and business continuity?  How do you achieve each of them?
Read More »
VladanKojanic - PeerSpot reviewer
VladanKojanicIt's simple: cyber resilience is the ability to prepare for, respond to and… more »
6 Answers

Security Incident Response Articles

Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset D...
Read More »
Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Ce...
Read More »
CristianoLima - PeerSpot reviewer
CristianoLima
Senior IT Infrastructure Engineer at Tecnoage
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industry across all industries, this text pays special attention to ransomware, as this practice is on the rise in the world of cybercrime. Let's focus on the subject, specifically on the Healthcare sector. ...
Read More »
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager at PeerSpot (formerly IT Central Station)
We receive alerts all day long - alerts about emails, incoming Whatsapps and SMSes, posts on social media, etc. At some point we become desensitized to these alerts and stop noticing them anymore - a phenomenon known as “alert fatigue.” Seventy percent of a SOC analyst’s workday is spent dealing ...
Read More »
Buyer's Guide
Security Incident Response
December 2022
Find out what your peers are saying about VMware, ServiceNow, Trellix and others in Security Incident Response. Updated: December 2022.
670,331 professionals have used our research since 2012.