We changed our name from IT Central Station: Here's why

Carbon Black CB Response Questions

Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
PaulBecker
Senior Manager- Security Monitoring and Incident Response at Clarios
Dec 20 2021
I'm a Senior Manager- Security Monitoring and Incident Response at a large manufacturing company.  I am looking for thoughts from those who may have done a comparative analysis on these two products within the last 6 months or so.  Realizing these technologies have advanced rapidly over the past...
Read More »
Steve PenderIf you're looking for a NextGen, Machine Learning & AI-driven Active EDR with… more »
ITSecuri7cfdWe didn't consider either of these after demo and comparison from reviews of… more »
NeilCesarioHiya Paul, I'm a bit biased as we are partnered with Cynet Security. We've done… more »
5 Answers
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Oct 12 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

6 Answers
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Oct 12 2021

Hi Everyone,

What do you like most about Carbon Black CB Response?

Thanks for sharing your thoughts with the community!

7 Answers
Julia Frohwein
Content and Social Media Manager
PeerSpot (formerly IT Central Station)
Oct 12 2021

If you were talking to someone whose organization is considering Carbon Black CB Response, what would you say?

How would you rate it and why? Any other tips or advice?

7 Answers
Security Incident Response Questions
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Jan 20 2022

Hi SOC analysts and other infosec professionals,

Which standard/custom method do you use to decide about the alert severity in your SOC? 

Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?

Robert CheruiyotHi @Evgeny Belenky, I think as long as you do this thing manually, you will… more »
2 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Jan 12 2022

Hello security professionals,

What is the main difference between these two terms in incident response:  mitigation and remediation.

Please share some examples, if applicable.

Thanks,

ITSecuri7cfdMitigation is taking your car in for an oil change and tune up. Remediation is… more »
Ruben BoiardiMitigation is changing the flat tire. Remediation is getting the nails off the… more »
Luis ApodacaLet say in an IT enviroment: "Mitigation" moves your virtual machines or… more »
4 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Dec 21 2021
Hi peers, I believe many of you have already heard of the recent Log4j/Log4Shell vulnerability that allows attackers to perform remote code execution (RCE). What does it mean for an organization? How can you check you're vulnerable and mitigate/patch it now, if at all? Lastly, what impact do...
Read More »
Jairo Willian PereiraOne excellent opportunity for the company to test your CMDB/Inventory (at medium… more »
ITSecuri7cfdYet another chance to test our incident response procedures.  So far I would… more »
SimonClarkThis vulnerability is particularly critical because Log4j is widely used in open… more »
5 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Dec 13 2021

Hi infosec professionals,

Which deployment model should an enterprise organization choose and in which case?

Thank you!

Raymond De RooijThere are many variations for a Security Operations Centre. depending on the… more »
Jairo Willian PereiraI´m not sure about the answer, but I'll try... Insourcing or outsourcing,… more »
Shibu BabuchandranWe can have multiple SOC models depending on the requirement and budget… more »
3 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 30 2021

Which one is better and in which use cases? 

Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 29 2021
Hi security professionals, As the majority of you have probably heard, GoDaddy has been hacked again a few days ago. Based on what is already known, what has been done wrong and what can be done better?  Share your thoughts!
Read More »
1 Answer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Dec 10 2021

Hi peers,

Why SOC is important for an organization? What are the main challenges of the modern SOC?

Thanks.

Hasan Zuberi ( HZ )SOC refers to a dedicated platform and team organization to prevent, detect… more »
Denis LSOC is the heart of your infrastructure security, a centralized system… more »
3 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 24 2021
Hi infosec professionals, We all know how security terms can be confusing and there are permanent discussions between professionals about simple ones. How would you describe the difference between cyber resilience and business continuity?  How do you achieve each of them?
Read More »
VladanKojanicIt's simple: cyber resilience is the ability to prepare for, respond to and… more »
AlanFinkGeneric terms are always open to interpretation. My belief is that Cyber (crime)… more »
Jairo Willian PereiraBoth have the same purpose but not the same scope.  Ensuring CR does not… more »
4 Answers
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Nov 24 2021

Hi,

When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?

Shibu BabuchandranHello, Below there are views on the pros and cons of Internal SOC and… more »
Manuel GellidaEvgeny I think, SOC on-premise means a huge investment (=monthly payment)… more »
reviewer935298This is a truly good and difficult question.  If we could have MSSP that is… more »
10 Answers
Giusel
IT Engineer at UTMStack
Nov 24 2021

Hi community,

I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it.

Thanks

Robert CheruiyotHi Giusel, From my little experience, it's always good to have a good working… more »
Shibu BabuchandranHi @Giusel ​, Some of the best practices that I feel is as below. 1. The SOC… more »
Steffen HornungSadly, I cant contribute due to lack of experience in that field. But I would… more »
4 Answers
Navin Rehnius
Security Engineer at a tech services company with 201-500 employees
Aug 02 2021

What is the difference between Incident Detection Response (IDR) e.g. in Rapid7 InsightIDR and Endpoint Detection and Response (EDR) in other solutions?

Thanks.

John RendyHi @Navin Rehnius, The IDR focus is on the correlation of the host system… more »
1 Answer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom, according to BBC. Earlier this month, Hugh has written about it in this article: The Colonial Pipeline Ransomware Attack: Preventing the Next Cybercrime Disruption of Critical Infrastructure.  Dear community, let's share your p...
Read More »
ITSecuri7cfdAt minimum, do the basics. Patch or mitigate vulnerabilities by isolating the… more »
1 Answer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Sep 08 2021
Hi community, We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting?  Please share your opinion on how these trends are going to influence the future of the relevant solutions, tools, etc. used in SOC. Looking forward to hearing your...
Read More »
John RendyEvgeny,  My personal experience tells me that SOC will be driven by… more »
2 Answers
Rony_Sklar
PeerSpot (formerly IT Central Station)
Sep 22 2021

Hi dear community,

Can you explain what an incident response playbook is and the role it plays in SOAR? How do you build an incident response playbook? 

Do SOAR solutions come with a pre-defined playbook as a starting point?

Maged MagdyHi, what an incident response playbook?  Incident Response Playbook is the… more »
Robert CheruiyotHi Rony,  Playbook automates the gathering of threat intelligence from a… more »
David SwiftIncident Response playbooks detail how to act when a threat or incident occurs… more »
4 Answers