Badges
User Activity
About 1 year ago
Answered a question: Why do most companies prefer IBM QRadar?
I´m not sure about this affirmation. There are a lot of other tools used.
Over 1 year ago
Answered a question: What is your primary use case for IBM Security QRadar?
Checks the quantity (and quality) of use cases for a specific sector (financial, for example) and connectors.
Over 1 year ago
Answered a question: What needs improvement with ServiceNow?
Automatic "security attributes" populated from the inventory-module.
Over 1 year ago
Answered a question: What is your primary use case for ServiceNow?
CMDB first always (the quality of everyone else depends on it).
Over 1 year ago
Replied to Jairo Willian Pereira What is OWASP Top 10 in 2022
In a very reduced way, OWASP focuses on the main problems for the WEB scope (WEB only) and the ISO (and its parts) on the main errors from the beginning of development until the final product (not just web, but the main focus on languages used, its…
Over 1 year ago
Well, some times ago, EDR agents was moved to XDR but now, XDR is on "peak of inflated expectations", the second of five phases in product development hype. I'd rather wait a little bit, may be ZDR :)
Over 1 year ago
Answered a question: Do we need to use both EDR and Antivirus (AV) solutions for better protection of IT assets?
´til now, both. EDR technology is moving to XDR but is on "peak of inflated expectations", the second of five phases in product development hype (Gartner). I'd rather wait a little bit, may be ZDR :)
Over 1 year ago
Answered a question: What were your main pain points during the SIEM product purchase process?
Volume versus costs.Using an intermediate (free) tool to store, transform data and forward only the sumarization (smartdata) of what really matters.
Over 1 year ago
Commented on What is OWASP Top 10 in 2022
OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?
Almost 2 years ago
Commented on Community Spotlight #14 - Top XDR Tools and More
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Almost 2 years ago
Answered a question: What were your main pain points during the EDR product purchase process?
Analyze the wave of products at Gartner hype "Cycle".
EDR was good in the past. After that, MDR joined the hype and now XDR is the trend.
Wait for more in a couple of months and you'll get ZDR!
Almost 2 years ago
Answered a question: How inadvisable is it to use a single vulnerability analysis tool?
Yes, and this answer is valid for any 'vulnerability analysis software' and company, independently of port/size/tool.
You can use all tools of the world and 'does not detect the entire spectrum of threats.
Threats are dynamic and assets (both software and hardware) change…
Almost 2 years ago
Answered a question: Do you think, it's better for a company to evolve IT tool consolidation, or change tools by revolt?
Evolve first, revolt at the end (always based on some company's reference architecture, 'age' of tools and upgrade plans as well).
Almost 2 years ago
Answered a question: What is your recommended IT Service Management (ITSM) tool in 2022?
Service Now (is compliant with ITSM in all modules).
GLPi continues increasing a lot.
About 2 years ago
Answered a question: What is the difference between mitigation and remediation in incident response?
Mitigation: the act of reducing how harmful, unpleasant or bad something is.
Remediation: the process of improving or correcting a situation.
Please, see this material from CERT and check phases and differences.
https://github.com/certsociete...
About 2 years ago
Answered a question: What software solution would you recommend to monitor user machines?
- pure-SNMP (multi-platform, free-costs and facility to distribute/manage)
- Microsoft O365 build-in modules (if you have a contract, now with good features for Linux and mobile too).
- Wazuh (price and versatility).
- Manage Engine, IBM Tivoli (may have been rebranded), or…
About 2 years ago
Answered a question: How do you decide about the alert severity in your Security Operations Center (SOC)?
1. Original thresholds from your tool
2. Number #1 plus an internal business sense for each asset (other tools, CMDB attribute, SID - Security ID and/or classification tags (baseline, stringent, internet-facing, workstation...).
3. A combination of both, for example, and an…
About 2 years ago
Answered a question: Which is the best SaaS-based SIEM tool and why?
ELK.
Why? Price, easiness, vendor-neutral and customization.
About 2 years ago
Answered a question: What are the main benefits of modern IT Asset Discovery tools?
Real-time and reliable inventory/CMDB (that can help entire company and others IT Governance domains to validade a trustworthy environment).
About 2 years ago
Answered a question: What are the Top 5 cybersecurity trends in 2022?
1. [True!] Cloud Security hardening/assessment.
2. AI (for massive data processing)
3. Data (protection) and breaches.
4. eGRC (enterprise GRC integrated with eRM and vendor-neutral xLAP visual presentation platform).
5. Collective Intelligence (MISP/Hive and similar…
Over 2 years ago
Over 2 years ago
Answered a question: Is it possible to integrate ServiceNow with LeanIX?
IMHO, ServiceNow is a complete ITSM tool, designed to support tradictional/waterfall and digital/agile "business" and is completely adherent with ITIL (and others frameworks). LeanIX offers a more limited setup of inventary, correlation and others tools (for example, offers…
Over 2 years ago
Replied to Jairo Willian Pereira What does the Log4j/Log4Shell vulnerability mean for your company?
@Evgeny Belenky Yes, exactly with 1 point: not exactly "reactive" but a secondary tool to check environment.
The main problem is that majority of companies are using VS as the primary tool (and using patch mgmt as a secondary one). In this case, you resolve the problem but…
Over 2 years ago
Answered a question: What does the Log4j/Log4Shell vulnerability mean for your company?
One excellent opportunity for the company to test your CMDB/Inventory (at medium and big companies).
Tenable, and I think, other Vulnerability Scanners offer a specific plugin used to check your infrastructure against Log4shell.
If you don't have VS, you can try looking at…
Over 2 years ago
Answered a question: Why a Security Operations Center (SOC) is important?
Visibility for proactive actions, whether business (BOC) or security (SOC).
Over 2 years ago
Answered a question: What types of Security Operations Center (SOC) deployment models do exist?
I´m not sure about the answer, but I'll try
Insourcing or outsourcing, partial or full MSS, Beginner, Intermediate or Professional (based on your maturity with subject/controls), SOC or BOC (Business Operation Center) - when you attack business IoC/IoT), on-premises or…
Over 2 years ago
Answered a question: What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Both, but I prefer Nessus Pro (costs and you can define out-of-band your better presentation/xLAP platform)
Tenable.io has its facilities and extra plugins/views/analytics, but nothing that can't be externally performed by another ETL/presentation tool (for a fraction of…
Over 2 years ago
Answered a question: What is the difference between cyber resilience and business continuity?
Both have the same purpose but not the same scope.
Ensuring CR does not guarantee BCP but guaranteeing BCP (properly following all plans and sub-plans as required by ISO22301 standard) guarantees CR
People often confuse DR (Disaster Recovery) with BCP but DR is just a…
Over 2 years ago
Answered a question: What penetration testing tool (or tools) do you recommend for SMB/SME?
Kali Linux distro, using a red-teaming framework, starting with tools for reconnaissance, vulns, exploitation, reporting and re-thinking/remediation.
Over 2 years ago
Answered a question: What are the best practices for Security Operations Center (SOC)?
https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
Only this :)
Over 2 years ago
Answered a question: How does Microsoft Defender for Endpoint compare with Carbon Black CB Defense?
I don't know these 2 solutions but a very important point to consider is called Linux (or Macintosh - non-Windows platforms that must be inspected by the tool.
Over 2 years ago
Answered a question: What are the pros and cons of internal SOC vs SOC-as-a-Service?
For me, the 4 main variables are costs, speed (of being operating), business knowledge and customization.
All others - will depend on these variables.
Over 2 years ago
It is also interesting to think about:
1. Have an effective and tested continuity plan
2. Know and prioritize your risks
3. Constantly monitor and assess your assets and logs
Over 2 years ago
Answered a question: What to include into Service Level Agreement (SLA) when purchasing cloud penetration testing services?
Usually, CSPs provide a list of what is/isn´t presented in their SLA and services book.
If your provider doesn't offer this info, consider asking for the deadlines (times in hours) that each service is resolved at each support level (Level1, L2, L3..., mapped w/each…
Over 2 years ago
Answered a question: How do you use the MITRE ATT&CK framework for improving enterprise security?
You can simulate different types of access/attacks using the matrix suggested by MITRE: https://attack.mitre.org/matri
For example, you can transport one internal/specific problem/vulnerability of your environment to matrix and check/validate, possibilities and threats,…
Over 2 years ago
Commented on The Essential Guide to AIOps
I always like this order a lot: "Consider People and Process" and only after, Technology.
Over 2 years ago
Answered a question: What's The Best Way to Trial SIEM Solutions?
Lite & quick tip
1. Transcribe the goal that made you think about acquiring a SIEM.
2. Transcribe or transform this objective into activities that the platform should serve (usually these are the most basic).
3. Start by testing "your process" using an open-source or trial…
Over 2 years ago
Answered a question: In which scenarios, one should select commercial ETL tools rather than open-source ones?
Essential and fundamentals ETLs features, I think, that are available over all types and products. Not only for differences and features but about "first/baby steps" and "next step when maturity grow".Article in Portuguese, but I strongly recommended reading it (even if via…
Over 2 years ago
Answered a question: Which tool can you recommend for Vulnerability Assessment and Penetration Testing for an application built on the Microsoft Stack?
You can start with OpenVAS (an excellent tool during "first steps").
Depending on your goals, you can add Kali Linux during tests for "deeper inspection" validation. Remember that Microsoft offers some security tools and consulting based on your "contract/plan".
Over 2 years ago
Answered a question: What is your opinion of the 2021 Gartner Magic Quadrant for Analytics & BI Platforms?
Unfortunately, this is in Portuguese (pt-BR), but it's worth reading (even via Google Translator).
That vision can change your all future decisions forever. One day, I translate it into English
"When Gartner's Magic Quadrant isn't the best option for your company":…
Over 2 years ago
Answered a question: How to deploy SIEM agents in large scale Windows environments?
Some products permit generating a native .MSI package. Sometimes, you can use PowerShell for connecting and installing packs in your environment
Not-trivial: using a secondary tool (an administrative tool, iLo/iDRAC, PHP, expect, ssh-win, ...) is available or built-in over…
Over 2 years ago
Replied to Jairo Willian Pereira What's the best way to trial endpoint protection solutions?
@Evgeny Belenky Normally, i search for another similar orgs, inline with scope/product/type/function over analysis (Forrester, av-test.org, IT Central etc.).
Over 2 years ago
Answered a question: What's the best way to trial endpoint protection solutions?
Mistakes
1. Choosing only using a Gartner magic quadrant.
2. Don't consider cross-platforms,like Linux, variants and mobile.
3. Evaluate the cost of each modules and TCO.
Advices:
1. Test against pieces of real artifacts.
2. Consider geographic and political issues…
Over 2 years ago
Answered a question: What is your experience regarding pricing and costs for Tenable.io Vulnerability Management?
IMO, the previous version (Nessus) is more interesting in costs for some projects.
Tenable has recently added a presentation/analytics layer to its products but using a non-viable cost model (you can generate the same results and dashboards combining Nessus and others…
Over 2 years ago
Answered a question: What is your primary use case for Tenable.io Vulnerability Management?
360° scanner and compliance checker inside authenticated environments.
Over 2 years ago
Answered a question: What is your primary use case for Microsoft Defender for Endpoint?
integrated anti-malware/end-point (without additional costs), as ATP/ATA sensor, Linux local "agent" (recently) and HIDS.
Over 2 years ago
Answered a question: What SOC product do you recommend?
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
Over 2 years ago
Answered a question: What is your opinion of the 2021 Gartner Magic Quadrant for Analytics & BI Platforms?
Microsoft PBI grew and improved a lot. Tableau and Qlik are very easy and interesting but, all 3 solutions are very expensive
If you are starting, you may try using OBIIE (an Oracle free solution for some type of licenses), Pentaho or any version of Hadoop-Like platforms.…
Over 2 years ago
Answered a question: Which SIEM for small and medium-sized companies do you consider the most economical?
ELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open implementation).
Almost 3 years ago
Answered a question: What needs improvement with IBM Guardium Vulnerability Assessment?
Guardium could expand the templates beyond CIS/STIG by correlating with other market-templates (PCI, Sox, HIPAA...) and maybe, in the future, put a button that allows you to autofix the problem identified in the asset/database (like Symantec ESM did in the past com several…
Almost 3 years ago
Answered a question: What are the benefits of continuous scanning for vulnerability management?
Yes, essential*. You can start your program, for example, based on "Internet Facing" assets first, "Stringent" secondary, after "Baseline" and for last "workstation"
If you have a "BCP" Continuity Program, another approach is to check "VBF" (Vital Business Function" assets…
Almost 3 years ago
Answered a question: When evaluating outsourcing your Penetration Testing Services what is the most important aspect to look for?
(local or global) market reputation/recognition (+ founded time), quality of services/professionals, customers served (mainly business-line, some very good with application is not so good with hardware/telecom, for example), staff (who will meet the demand), laboratory/tools…
Almost 3 years ago
Answered a question: What is the best solution for ransomware attack?
Proactive: Patch Mgmt Program, Continuos Vulnerability Scanner (search and fix), Monitoring by SOC/NOC or others secutiry tools (like a HIDS or NIDS components).Reactive: Incident Mgmt Plans categorized and specific by typication, BCP (complete Business Continuity Plan not…
Almost 3 years ago
Answered a question: What needs improvement with Splunk?
New build-in use-cases for Enterprise Security, a fair price-model, improvement over SPL and index performance, adding and integrating with new connectors and market platforms (more open-source solutions too).
Almost 3 years ago
Answered a question: What is your primary use case for Splunk Enterprise Security?
Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).
About 3 years ago
Answered a question: Which is the best ERP for a mid-sized AEC company?
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise).
Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
About 3 years ago
Answered a question: Which is the best ERP for a mid-sized AEC company?
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise).
Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
About 3 years ago
Answered a question: Which is the best network firewall for a small retailer?
Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource…
About 3 years ago
Answered a question: What is your experience regarding pricing and costs for Splunk Enterprise Security?
Cost versus volume in the medium/long term are heavy. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". Before choose any tool…
About 3 years ago
Answered a question: What advice do you have for others considering Splunk Enterprise Security?
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case"…
About 3 years ago
Answered a question: PoC template for SIEM
Hi, here you can download a vendor-neutral reference-document.Good luck with your decision (make it slowly).
https://www.sans.org/media/vendor/evaluator-039-s-guide-nextgen-siem-38720.pdf
About 3 years ago
Answered a question: How does Network Detection and Response (NDR) Differ from SIEM?
SIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.) and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools offer a central place to collect events and alerts, security data from network devices, servers, domain…
About 3 years ago
Answered a question: Which SIEM is best fit with Palo Alto Cortex XDR?
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset…
About 3 years ago
Replied to James Dirksen Vulnerability Management and Risk Management Integration
@James Dirksen thanks, i'll check it.
About 3 years ago
Answered a question: When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
0. Your company maturity (to receive a excellent tool or if it can be a less commercial one) VERSUS speed to correct problems encountered;2. TCO and user-friendly (of operation, installation, training and maintenance);3. Ability to integrate/export to other platforms (ETL…
About 3 years ago
Asked a question: Vulnerability Management and Risk Management Integration
Over 3 years ago
Authenticated users are a excellent way for you increase the quality and depth of your scanner. You can add/use cloud providers API-keys during tests, local or AD users/credentials with database, telecom devices and other types of digital assets. Normally, the difference…
Over 3 years ago
Contributed a review of Tenable Nessus: Tests against cloud providers, database profiles, several types of telecom devices, and other highly customizable scans
Projects
Over 3 years ago
Enterprise Vulnerability Analysis - 2012, 2014, 2016 and 2018Enterprise Vulnerability Analysis - 2012, 2014, 2016 & 2018
Over 15.000 active assets out|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in paralel with a photography of IT/Security maturity through three main domains:…
Over 3 years ago
Migrating from COBIT 4.1 (maturity) to COBIT5 (capacity)Team worked migrating and consolidating COBIT5 into a single overarching framework, providing one consistent and integrated source of guidance/PAs for the ITB (integrated IT Board and using old printed information/mapping generated by Modulo Risk Manager).Staff responsible…
About 3 years ago
Customer Phase-Out Strategy (IBM to HP)Wintel Tower Leader responsible for main actions in developing a migration strategy. Some of these actions will take in parallel, such as the definition of activities and the discussions with stakeholders who will be responsible in the future for the account.- Organizing…
Currently Researching
Experience
Other Skills
Unix, SAP, Hardening, OS, TCPIPFollowing
Reviews
Over 3 years ago
Tenable Nessus
Questions
Answers
Over 1 year ago
IT Asset Management
Over 1 year ago
Security Information and Event Management (SIEM)
Almost 2 years ago
Endpoint Detection and Response (EDR)
Almost 2 years ago
Vulnerability Management
Almost 2 years ago
IT Service Management (ITSM)
Almost 2 years ago
IT Service Management (ITSM)
About 2 years ago
IT Alerting and Incident Management
About 2 years ago
Business Activity Monitoring
About 2 years ago
Network Monitoring Software
About 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
Application Security Tools
Over 2 years ago
IT Alerting and Incident Management
Over 2 years ago
Network Monitoring Software
Over 2 years ago
Vulnerability Management
Over 2 years ago
Backup and Recovery
Over 2 years ago
Information Security and Risk Consulting Services
Over 2 years ago
Information Security and Risk Consulting Services
Over 2 years ago
Endpoint Protection Platform (EPP)
Over 2 years ago
Vulnerability Management
Over 2 years ago
Intrusion Detection and Prevention Software (IDPS)
Over 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
BI (Business Intelligence) Tools
Over 2 years ago
Vulnerability Management
Over 2 years ago
BI (Business Intelligence) Tools
Over 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
Endpoint Protection Platform (EPP)
Over 2 years ago
Vulnerability Management
Over 2 years ago
Vulnerability Management
Over 2 years ago
Endpoint Protection Platform (EPP)
Over 2 years ago
BI (Business Intelligence) Tools
Over 2 years ago
Security Information and Event Management (SIEM)
Almost 3 years ago
Vulnerability Management
Almost 3 years ago
Vulnerability Management
Almost 3 years ago
Penetration Testing Services
Almost 3 years ago
Endpoint Protection Platform (EPP)
About 3 years ago
Log Management
About 3 years ago
Log Management
About 3 years ago
Security Information and Event Management (SIEM)
About 3 years ago
Security Information and Event Management (SIEM)
About 3 years ago
Vulnerability Management
Comments
Over 1 year ago
Extended Detection and Response (XDR)
Almost 2 years ago
Application Performance Monitoring (APM) and Observability
Over 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
Application Performance Monitoring (APM) and Observability
Over 3 years ago
Vulnerability Management
About me
Writer, Speaker, Teacher and experienced professional with extensive know-how in IT (30+ years), Security (20+ years), Shared Services, Outsourcing (ITO/BPO), Cloud & Virtualization, Projects, Design & Architecture, Products Pricing and Definition. Professor for 10 years in MBA and post-graduation courses, teaching subjects within the field of corporate management, Unix, frameworks, governance and risk mgmt, security, IT, GRC, data governance and integration.
https://www.linkedin.com/in/jairowillian/
Interesting Projects and Accomplishments
Over 3 years ago
Over 3 years ago
About 3 years ago
