Over 4 years ago
Your requirements can be tackled from a network security perspective
Using a positive security model, you can allow only 80 or 443 to access that server (HTTP or HTTPS) Since it is windows, do not allow SMB or RDP into that server - this unhygienic practice can be found in…
Over 4 years ago
To best understand Threat Modelling, an enterprise should be familiar with Cyber Threat Intelligence.
While ideally, threat modelling can be driven right from the LEFT (DevSecOps), using a framework to identify threats for your application development (Dev) stage, the…
Over 4 years ago
Evgeny,
My personal experience tells me that SOC will be driven by next-generation platforms that can enable multiple use cases instead of just SIEM. The current SOC with a SIEM approach lacks the following aspects
1. Data architecture platform which is not built on top of…
Over 4 years ago
Hi Elsayed
I would personally recommend using a different approach for penetration testing.
As you know penetration testing relies heavily on humans. Today, there are already penetration testing tools that can provide you with continuous penetration testing (24x7) in an…
Over 4 years ago
That's excellent, @Chiheb Chebbi
Now you would want to see if all your Windows environments have been configured to send all the logs, especially on the endpoint level. Ensure you get all the authentication logs at the very least. You could opt to get the OS level audit…
Over 4 years ago
No, Navin,
The use of SIEM products will focus a lot broader on managing all sources of target systems log integration and correlation, while InsightIDR will work best with existing Rapid7 solutions.
Alternatively, several SIEM would have a plugin to integrate VA result…
Over 4 years ago
Hi @Navin Rehnius
The IDR focus is on the correlation of the host system vulnerability with the exploit activity. In a way, it will classify if an exploit or attack event is most potentially an incident.
However, IDR works by scanning the whole segment of the target hosts…
Almost 5 years ago
The differences are
Detection methods standpoint
Antivirus uses traditional method of database signature. It combines malware information such as hashes of the file, name, certain code signature in the virus functionality. It is static.
EDR uses different method such as…
Almost 5 years ago
Hi Varun
I have had experienced with several WAF deployments and deep technical assessments of the following:
1. Imperva WAF
2. F5 WAF
3. Polarisec Cloud WAF
Typical limitations on cloud WAF is that the solution only includes generic level of web application protection.…
Almost 5 years ago
@Evgeny Belenky to be honest, I am consulting provider for banks, we sought after this solution to reduce our dependency on human-based pentest - so no human error.
We provide this service for banks using this technology
The system runs 24/7 with a pre-defined / custom…
Almost 5 years ago
Hi Evgeny
There is one automated penetration testing tool that performs way beyond VAPT. We are using an AI-based automated pentest platform (robot) that performs penetration testing without the intensity work from human pentester.
The tool utilizes thousand of scenarios…
Almost 5 years ago
Before answering to your needs, we need to understand that there are two distinctive features from SCCM and BigFix
SCCM since 2020 has stopped its support for Linux Patching, so in its entirety, if you are only using Windows, you might consider SCCM. It still support Mac…
Almost 5 years ago
There are two categories of Threat Intelligence so-called "tools"
1. Threat Intelligence Platform
2. Threat Intelligence Feed Service (premium provider)
A threat intelligence platform such as Anomali Threat Intelligence Platform, EclecticIQ, ThreatQuotient only provides you…
Almost 5 years ago
There are two approaches to answer your needs. You can either select
1. SIEM / SOC Platform that could ingest more than 1 TI feed service
2. Threat Intelligence Platform
If you are looking to simply integrate the TI sources into one single centralized system, for instance:…
Almost 5 years ago
DIfference between internal and external threat intelligence is:Internal threat intelligence revolves around what is happening in your cyber environment (inside your organization). Any findings about a specific cyber attack, malware samples and other malicious activities…
