IT Central Station is now PeerSpot: Here's why

Badges

User Activity

10 days ago
Evolve first, revolt at the end (always based on some company's reference architecture, 'age' of tools and upgrade plans as well). 
About 1 month ago
Service Now (is compliant with ITSM in all modules).  GLPi continues increasing a lot.
4 months ago
Mitigation: the act of reducing how harmful, unpleasant or bad something is. Remediation: the process of improving or correcting a situation. Please, see this material from CERT and check phases and differences. https://github.com/certsociete...
4 months ago
- pure-SNMP (multi-platform, free-costs and facility to distribute/manage). - Microsoft O365 build-in modules (if you have a contract, now with good features for Linux and mobile too). - Wazuh (price and versatility). - Manage Engine, IBM Tivoli (may have been rebranded),…
4 months ago
1. Original thresholds from your tool. 2. Number #1 plus an internal business sense for each asset (other tools, CMDB attribute, SID - Security ID and/or classification tags (baseline, stringent, internet-facing, workstation...). 3. A combination of both, for example, and…
4 months ago
ELK.  Why? Price, easiness, vendor-neutral and customization.
4 months ago
Real-time and reliable inventory/CMDB (that can help entire company and others IT Governance domains to validade a trustworthy environment).
4 months ago
1. [True!] Cloud Security hardening/assessment.  2. AI (for massive data processing). 3. Data (protection) and breaches. 4. eGRC (enterprise GRC integrated with eRM and vendor-neutral xLAP visual presentation platform). 5. Collective Intelligence (MISP/Hive and similar…
5 months ago
IMHO, ServiceNow is a complete ITSM tool, designed to support tradictional/waterfall and digital/agile "business" and is completely adherent with ITIL (and others frameworks). LeanIX offers a more limited setup of inventary, correlation and others tools (for example, offers…
5 months ago
@Evgeny Belenky Yes, exactly with 1 point: not exactly "reactive" but a secondary tool to check environment.  The main problem is that majority of companies are using VS as the primary tool (and using patch mgmt as a secondary one). In this case, you resolve the problem but…
6 months ago
One excellent opportunity for the company to test your CMDB/Inventory (at medium and big companies).  Tenable, and I think, other Vulnerability Scanners offer a specific plugin used to check your infrastructure against Log4shell.  If you don't have VS, you can try looking…
6 months ago
Visibility for proactive actions, whether business (BOC) or security (SOC).
6 months ago
I´m not sure about the answer, but I'll try... Insourcing or outsourcing, partial or full MSS, Beginner, Intermediate or Professional (based on your maturity with subject/controls), SOC or BOC (Business Operation Center) - when you attack business IoC/IoT), on-premises or…
6 months ago
Both, but I prefer Nessus Pro (costs and you can define out-of-band your better presentation/xLAP platform). Tenable.io has its facilities and extra plugins/views/analytics, but nothing that can't be externally performed by another ETL/presentation tool (for a fraction of…
6 months ago
Both have the same purpose but not the same scope.  Ensuring CR does not guarantee BCP but guaranteeing BCP (properly following all plans and sub-plans as required by ISO22301 standard) guarantees CR. People often confuse DR (Disaster Recovery) with BCP but DR is just a…
6 months ago
Kali Linux distro, using a red-teaming framework, starting with tools for reconnaissance, vulns, exploitation, reporting and re-thinking/remediation.
6 months ago
https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf Only this :)
6 months ago
I don't know these 2 solutions but a very important point to consider is called Linux (or Macintosh - non-Windows platforms that must be inspected by the tool.
6 months ago
For me, the 4 main variables are costs, speed (of being operating), business knowledge and customization.  All others - will depend on these variables.
6 months ago
It is also interesting to think about: 1. Have an effective and tested continuity plan 2. Know and prioritize your risks 3. Constantly monitor and assess your assets and logs
6 months ago
Usually, CSPs provide a list of what is/isn´t presented in their SLA and services book.  If your provider doesn't offer this info, consider asking for the deadlines (times in hours) that each service is resolved at each support level (Level1, L2, L3..., mapped w/each…
6 months ago
You can simulate different types of access/attacks using the matrix suggested by MITRE: https://attack.mitre.org/matri... For example, you can transport one internal/specific problem/vulnerability of your environment to matrix and check/validate, possibilities and threats,…
7 months ago
I always like this order a lot: "Consider People and Process" and only after, Technology.
7 months ago
Lite & quick tip: 1. Transcribe the goal that made you think about acquiring a SIEM. 2. Transcribe or transform this objective into activities that the platform should serve (usually these are the most basic). 3. Start by testing "your process" using an open-source or…
8 months ago
Essential and fundamentals ETLs features, I think, that are available over all types and products. Not only for differences and features but about "first/baby steps" and "next step when maturity grow".Article in Portuguese, but I strongly recommended reading it (even if via…
8 months ago
You can start with OpenVAS (an excellent tool during "first steps").  Depending on your goals, you can add Kali Linux during tests for "deeper inspection" validation. Remember that Microsoft offers some security tools and consulting based on your "contract/plan".
9 months ago
Unfortunately, this is in Portuguese (pt-BR), but it's worth reading (even via Google Translator).  That vision can change your all future decisions forever. One day, I translate it into English. "When Gartner's Magic Quadrant isn't the best option for your company":…
9 months ago
Some products permit generating a native .MSI package. Sometimes, you can use PowerShell for connecting and installing packs in your environment. Not-trivial: using a secondary tool (an administrative tool, iLo/iDRAC, PHP, expect, ssh-win, ...) is available or built-in over…
9 months ago
@Evgeny Belenky Normally, i search for another similar orgs, inline with scope/product/type/function over analysis (Forrester, av-test.org, IT Central etc.).
9 months ago
Mistakes: 1. Choosing only using a Gartner magic quadrant. 2. Don't consider cross-platforms,like Linux, variants and mobile. 3. Evaluate the cost of each modules and TCO. Advices: 1. Test against pieces of real artifacts. 2. Consider geographic and political…
10 months ago
IMO, the previous version (Nessus) is more interesting in costs for some projects.  Tenable has recently added a presentation/analytics layer to its products but using a non-viable cost model (you can generate the same results and dashboards combining Nessus and others…
10 months ago
360° scanner and compliance checker inside authenticated environments.
10 months ago
integrated anti-malware/end-point (without additional costs), as ATP/ATA sensor, Linux local "agent" (recently) and HIDS. 
10 months ago
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
10 months ago
Microsoft PBI grew and improved a lot. Tableau and Qlik are very easy and interesting but, all 3 solutions are very expensive. If you are starting, you may try using OBIIE (an Oracle free solution for some type of licenses), Pentaho or any version of Hadoop-Like platforms.…
10 months ago
ELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open implementation).  
11 months ago
Guardium could expand the templates beyond CIS/STIG by correlating with other market-templates (PCI, Sox, HIPAA...) and maybe, in the future, put a button that allows you to autofix the problem identified in the asset/database (like Symantec ESM did in the past com several…
12 months ago
Yes, essential*. You can start your program, for example, based on "Internet Facing" assets first, "Stringent" secondary, after "Baseline" and for last "workstation". If you have a "BCP" Continuity Program, another approach is to check "VBF" (Vital Business Function" assets…
About 1 year ago
(local or global) market reputation/recognition (+ founded time), quality of services/professionals, customers served (mainly business-line, some very good with application is not so good with hardware/telecom, for example), staff (who will meet the demand), laboratory/tools…
About 1 year ago
Proactive: Patch Mgmt Program, Continuos Vulnerability Scanner (search and fix), Monitoring by SOC/NOC or others secutiry tools (like a HIDS or NIDS components).Reactive: Incident Mgmt Plans categorized and specific by typication, BCP (complete Business Continuity Plan not…
About 1 year ago
New build-in use-cases for Enterprise Security, a fair price-model, improvement over SPL and index performance, adding and integrating with new connectors and market platforms (more open-source solutions too).
About 1 year ago
Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).
About 1 year ago
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise). Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
About 1 year ago
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise). Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
About 1 year ago
Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource…
About 1 year ago
Cost versus volume in the medium/long term are heavy. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". Before choose any tool…
About 1 year ago
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case"…
About 1 year ago
Answered a question: PoC template for SIEM
Hi, here you can download a vendor-neutral reference-document.Good luck with your decision (make it slowly). https://www.sans.org/media/vendor/evaluator-039-s-guide-nextgen-siem-38720.pdf
About 1 year ago
SIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.) and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools offer a central place to collect events and alerts, security data from network devices, servers, domain…
About 1 year ago
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset…
Over 1 year ago
@James Dirksen thanks, i'll check it.
Over 1 year ago
0. Your company maturity (to receive a excellent tool or if it can be a less commercial one) VERSUS speed to correct problems encountered;2. TCO and user-friendly (of operation, installation, training and maintenance);3. Ability to integrate/export to other platforms (ETL…
Over 1 year ago
Authenticated users are a excellent way for you increase the quality and depth of your scanner. You can add/use cloud providers API-keys during tests, local or AD users/credentials with database, telecom devices and other types of digital assets. Normally, the difference…

Projects

Almost 2 years ago
Enterprise Vulnerability Analysis - 2012, 2014, 2016 and 2018
Enterprise Vulnerability Analysis - 2012, 2014, 2016 & 2018 Over 15.000 active assets out|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in paralel with a photography of IT/Security maturity through three main…
Over 1 year ago
Migrating from COBIT 4.1 (maturity) to COBIT5 (capacity)
Team worked migrating and consolidating COBIT5 into a single overarching framework, providing one consistent and integrated source of guidance/PAs for the ITB (integrated IT Board and using old printed information/mapping generated by Modulo Risk Manager).Staff responsible…
About 1 year ago
Customer Phase-Out Strategy (IBM to HP)
Wintel Tower Leader responsible for main actions in developing a migration strategy. Some of these actions will take in parallel, such as the definition of activities and the discussions with stakeholders who will be responsible in the future for the account.- Organizing…

Reviews

Questions

Over 1 year ago
Vulnerability Management

Answers

4 months ago
Security Information and Event Management (SIEM)
4 months ago
Application Security
6 months ago
IT Alerting and Incident Management
6 months ago
Information Security and Risk Consulting Services
6 months ago
Information Security and Risk Consulting Services
6 months ago
Intrusion Detection and Prevention Software (IDPS)
7 months ago
Security Information and Event Management (SIEM)
9 months ago
Security Information and Event Management (SIEM)
9 months ago
Endpoint Protection for Business (EPP)
10 months ago
Endpoint Protection for Business (EPP)
10 months ago
SOC as a Service
10 months ago
Security Information and Event Management (SIEM)
About 1 year ago
Endpoint Protection for Business (EPP)
About 1 year ago
Log Management
About 1 year ago
Log Management
About 1 year ago
Security Information and Event Management (SIEM)
About 1 year ago
Security Information and Event Management (SIEM)
About 1 year ago
Security Information and Event Management (SIEM)

Comments

6 months ago
Security Information and Event Management (SIEM)
7 months ago
Application Performance Management (APM)

About me

Writer, Speaker, Teacher and experienced professional with extensive know-how in IT (30+ years), Security (20+ years), Shared Services, Outsourcing (ITO/BPO), Cloud & Virtualization, Projects, Design & Architecture, Products Pricing and Definition. Professor for 10 years in MBA and post-graduation courses, teaching subjects within the field of corporate management, Unix, frameworks, governance and risk mgmt, security, IT, GRC, data governance and integration.
https://www.linkedin.com/in/jairowillian/