IT Central Station is now PeerSpot: Here's why

Badges

450 Points
4 Years
Top 5

User Activity

6 months ago
More regular a/v collapsed into endpoint protection, move from console to cloud, maybe even more consolidation btwn vendors.
6 months ago
NDR, SIEM expansion, IPS refresh, 365 migration to the cloud, and some DevOpSec.
6 months ago
Some call what he did DLC/DRM.  I think he'll suffer from reputation loss and vendors will move away from his software or try to back engineer their own based on his code.  Since it is open-source they should be able to do this with the right coder. It's legitimate,…
7 months ago
I think the first step is configuration.  When teams are 1st deploying a new tool, working closely with the vendor to set up the best configuration possible to tune down the alerting for the least false positives, is critical to the success of your soc.  Even paying the…
7 months ago
Mitigation is taking your car in for an oil change and tune up.  Remediation is them finding you have a blown gasket seal and replacing the parts and greasing the engine to make your engine doesn't blow. AKA security vulnerability management.
8 months ago
Yet another chance to test our incident response procedures.  So far I would say we're a B. Good on the process, and an A on team response and interactions and reducing threat risk were about a B.  ID'g your external assets exposed to this vulnerability is your teams' #1…
9 months ago
@Evgeny Belenky To communicate to executive mgmt it would definitely be a PowerPoint presentation.  At a high level, you would need to display the risk of not buying a tool. You'd need to pull data from past events for the last year (ransomware etc) that caused impact or…
9 months ago
East-west traffic monitoring solutions, like EDR, can complete a picture of the security environment and risk.
9 months ago
An easy answer for me - pretty much exactly what @Janet Staver described.  DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew.  S1 is an endpoint tool…
10 months ago
I can't say one way or the other for sure, but, having experienced Trend Micro in the past from an endpoint perspective they have their own way of doing things. They certainly didn't catch everything that even basic a/v like SEP did and they had a very convoluted setup and…
10 months ago
ROI-Return on investment; does it integrate well? does it work as advertised? is it cost-effective?  You could invest millions, what's good enough in your environment?
10 months ago
Depends on the size, scope and needs of your environment.  XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically…
11 months ago
I think most of the answers provided will work for you, but you have to take into account your environment, integration with other solutions, firewall, antivirus or even just Windows-native and you have to look at price vs features you want.  How much is good enough? You…
12 months ago
Once you have narrowed down the top 5 picks for a capability/solution, we typically will look at the last few things that make things stand out from the competition.  1-cost, 2-ease of deployment (need prof serv?) 3-support or training if all other features of products…
12 months ago
We RFI/POC'd them all.  Sentinel One came out on top for every aspect of the requirements that we needed to fulfill from our architect. That said, CrowdStrike is a good tool as well but I think ends up being more expensive. The best bang for the buck was S1.
12 months ago
The risk of not patching:  -incompatibility between applications and the OS, or 3rd-party software, -remote access/access in general to your network and ability to exploit, disrupt, steal IP, hold data hostage, or steal CCD or other compliance data (HIPAA, SOX, lab,…
About 1 year ago
To me, a tool like ServiceNow (not cheap for small orgs), would be an example of this.  Dmytro touched on the need to track changes but also assets. S/N can do both with different modules but essentially you have to have the S/N scanners go sniff out all the assets and…
About 1 year ago
At minimum, do the basics. Patch or mitigate vulnerabilities by isolating the access and impact. Invest in security (tools, people and processes), always have backups & recovery tools (VEEAM) and regular/validated process that works to restore. daily/diffs/weekly/monthly…
About 2 years ago
We didn't consider either of these after demo and comparison from reviews of multiple EDR solutions we came up with SentinelOne on top and are now POCg it as an endpoint solution.
About 2 years ago
There could be multiple answers to your question based on how your environment is set up. You have edge defense (firewalls, IDS, IPS like ngfw palos and fidelis), you have endpoint like av or edr (sentinel 1 or symantec or carbon black etc). There are also various other…
About 2 years ago
So this is what WIKI says about EDR. EDR systems detect all endpoint threats and provide real-time response to the identified threats. ... EDR systems also collect high-quality forensic data which is needed for incident response and investigations. Overall, EDR security…
About 3 years ago
Account people have moved around and support has taken a small hit but still getting quick responses, although resolutions are taking a bit longer.
Over 4 years ago
Contributed a review of Fidelis Elevate: IPS security, originally from the GOVT space, now commerical

Reviews

Answers

6 months ago
EPP (Endpoint Protection for Business)
6 months ago
Application Security Tools
9 months ago
Extended Detection and Response (XDR)
9 months ago
EPP (Endpoint Protection for Business)
10 months ago
EPP (Endpoint Protection for Business)
11 months ago
EDR (Endpoint Detection and Response)
12 months ago
EPP (Endpoint Protection for Business)
About 1 year ago
Configuration Management
About 2 years ago
EDR (Endpoint Detection and Response)
About 2 years ago
EDR (Endpoint Detection and Response)

Comments

About 3 years ago
Extended Detection and Response (XDR)