Badges
User Activity
10 days ago
Answered a question: Do you think, it's better for a company to evolve IT tool consolidation, or change tools by revolt?
Evolve first, revolt at the end (always based on some company's reference architecture, 'age' of tools and upgrade plans as well).
About 1 month ago
Answered a question: What is your recommended IT Service Management (ITSM) tool in 2022?
Service Now (is compliant with ITSM in all modules).
GLPi continues increasing a lot.
4 months ago
Answered a question: What is the difference between mitigation and remediation in incident response?
Mitigation: the act of reducing how harmful, unpleasant or bad something is.
Remediation: the process of improving or correcting a situation.
Please, see this material from CERT and check phases and differences.
https://github.com/certsociete...
4 months ago
Answered a question: What software solution would you recommend to monitor user machines?
- pure-SNMP (multi-platform, free-costs and facility to distribute/manage).
- Microsoft O365 build-in modules (if you have a contract, now with good features for Linux and mobile too).
- Wazuh (price and versatility).
- Manage Engine, IBM Tivoli (may have been rebranded),…
4 months ago
Answered a question: How do you decide about the alert severity in your Security Operations Center (SOC)?
1. Original thresholds from your tool.
2. Number #1 plus an internal business sense for each asset (other tools, CMDB attribute, SID - Security ID and/or classification tags (baseline, stringent, internet-facing, workstation...).
3. A combination of both, for example, and…
4 months ago
Answered a question: Which is the best SaaS-based SIEM tool and why?
ELK.
Why? Price, easiness, vendor-neutral and customization.
4 months ago
Answered a question: What are the main benefits of modern IT Asset Discovery tools?
Real-time and reliable inventory/CMDB (that can help entire company and others IT Governance domains to validade a trustworthy environment).
4 months ago
Answered a question: What are the Top 5 cybersecurity trends in 2022?
1. [True!] Cloud Security hardening/assessment.
2. AI (for massive data processing).
3. Data (protection) and breaches.
4. eGRC (enterprise GRC integrated with eRM and vendor-neutral xLAP visual presentation platform).
5. Collective Intelligence (MISP/Hive and similar…
5 months ago
5 months ago
Answered a question: Is it possible to integrate ServiceNow with LeanIX?
IMHO, ServiceNow is a complete ITSM tool, designed to support tradictional/waterfall and digital/agile "business" and is completely adherent with ITIL (and others frameworks). LeanIX offers a more limited setup of inventary, correlation and others tools (for example, offers…
5 months ago
Replied to Jairo Willian Pereira What does the Log4j/Log4Shell vulnerability mean for your company?
@Evgeny Belenky Yes, exactly with 1 point: not exactly "reactive" but a secondary tool to check environment.
The main problem is that majority of companies are using VS as the primary tool (and using patch mgmt as a secondary one). In this case, you resolve the problem but…
6 months ago
Answered a question: What does the Log4j/Log4Shell vulnerability mean for your company?
One excellent opportunity for the company to test your CMDB/Inventory (at medium and big companies).
Tenable, and I think, other Vulnerability Scanners offer a specific plugin used to check your infrastructure against Log4shell.
If you don't have VS, you can try looking…
6 months ago
Answered a question: Why a Security Operations Center (SOC) is important?
Visibility for proactive actions, whether business (BOC) or security (SOC).
6 months ago
Answered a question: What types of Security Operations Center (SOC) deployment models do exist?
I´m not sure about the answer, but I'll try...
Insourcing or outsourcing, partial or full MSS, Beginner, Intermediate or Professional (based on your maturity with subject/controls), SOC or BOC (Business Operation Center) - when you attack business IoC/IoT), on-premises or…
6 months ago
Answered a question: What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Both, but I prefer Nessus Pro (costs and you can define out-of-band your better presentation/xLAP platform).
Tenable.io has its facilities and extra plugins/views/analytics, but nothing that can't be externally performed by another ETL/presentation tool (for a fraction of…
6 months ago
Answered a question: What is the difference between cyber resilience and business continuity?
Both have the same purpose but not the same scope.
Ensuring CR does not guarantee BCP but guaranteeing BCP (properly following all plans and sub-plans as required by ISO22301 standard) guarantees CR.
People often confuse DR (Disaster Recovery) with BCP but DR is just a…
6 months ago
Answered a question: What penetration testing tool (or tools) do you recommend for SMB/SME?
Kali Linux distro, using a red-teaming framework, starting with tools for reconnaissance, vulns, exploitation, reporting and re-thinking/remediation.
6 months ago
Answered a question: What are the best practices for Security Operations Center (SOC)?
https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
Only this :)
6 months ago
Answered a question: How does Microsoft Defender for Endpoint compare with Carbon Black CB Defense?
I don't know these 2 solutions but a very important point to consider is called Linux (or Macintosh - non-Windows platforms that must be inspected by the tool.
6 months ago
Answered a question: What are the pros and cons of internal SOC vs SOC-as-a-Service?
For me, the 4 main variables are costs, speed (of being operating), business knowledge and customization.
All others - will depend on these variables.
6 months ago
It is also interesting to think about:
1. Have an effective and tested continuity plan
2. Know and prioritize your risks
3. Constantly monitor and assess your assets and logs
6 months ago
Answered a question: What to include into Service Level Agreement (SLA) when purchasing cloud penetration testing services?
Usually, CSPs provide a list of what is/isn´t presented in their SLA and services book.
If your provider doesn't offer this info, consider asking for the deadlines (times in hours) that each service is resolved at each support level (Level1, L2, L3..., mapped w/each…
6 months ago
Answered a question: How can you use the MITRE ATT&CK framework for improving enterprise security?
You can simulate different types of access/attacks using the matrix suggested by MITRE: https://attack.mitre.org/matri...
For example, you can transport one internal/specific problem/vulnerability of your environment to matrix and check/validate, possibilities and threats,…
7 months ago
Commented on The Essential Guide to AIOps
I always like this order a lot: "Consider People and Process" and only after, Technology.
7 months ago
Answered a question: What's The Best Way to Trial SIEM Solutions?
Lite & quick tip:
1. Transcribe the goal that made you think about acquiring a SIEM.
2. Transcribe or transform this objective into activities that the platform should serve (usually these are the most basic).
3. Start by testing "your process" using an open-source or…
8 months ago
Answered a question: In which scenarios, one should select commercial ETL tools rather than open-source ones?
Essential and fundamentals ETLs features, I think, that are available over all types and products. Not only for differences and features but about "first/baby steps" and "next step when maturity grow".Article in Portuguese, but I strongly recommended reading it (even if via…
8 months ago
Answered a question: Which tool can you recommend for Vulnerability Assessment and Penetration Testing for an application built on the Microsoft Stack?
You can start with OpenVAS (an excellent tool during "first steps").
Depending on your goals, you can add Kali Linux during tests for "deeper inspection" validation. Remember that Microsoft offers some security tools and consulting based on your "contract/plan".
9 months ago
Answered a question: What is your opinion of the 2021 Gartner Magic Quadrant for Analytics & BI Platforms?
Unfortunately, this is in Portuguese (pt-BR), but it's worth reading (even via Google Translator).
That vision can change your all future decisions forever. One day, I translate it into English.
"When Gartner's Magic Quadrant isn't the best option for your company":…
9 months ago
Answered a question: How to deploy SIEM agents in large scale Windows environments?
Some products permit generating a native .MSI package. Sometimes, you can use PowerShell for connecting and installing packs in your environment.
Not-trivial: using a secondary tool (an administrative tool, iLo/iDRAC, PHP, expect, ssh-win, ...) is available or built-in over…
9 months ago
Replied to Jairo Willian Pereira What's the best way to trial endpoint protection solutions?
@Evgeny Belenky Normally, i search for another similar orgs, inline with scope/product/type/function over analysis (Forrester, av-test.org, IT Central etc.).
9 months ago
Answered a question: What's the best way to trial endpoint protection solutions?
Mistakes:
1. Choosing only using a Gartner magic quadrant.
2. Don't consider cross-platforms,like Linux, variants and mobile.
3. Evaluate the cost of each modules and TCO.
Advices:
1. Test against pieces of real artifacts.
2. Consider geographic and political…
10 months ago
Answered a question: What is your experience regarding pricing and costs for Tenable.io Vulnerability Management?
IMO, the previous version (Nessus) is more interesting in costs for some projects.
Tenable has recently added a presentation/analytics layer to its products but using a non-viable cost model (you can generate the same results and dashboards combining Nessus and others…
10 months ago
Answered a question: What is your primary use case for Tenable.io Vulnerability Management?
360° scanner and compliance checker inside authenticated environments.
10 months ago
Answered a question: What is your primary use case for Microsoft Defender for Endpoint?
integrated anti-malware/end-point (without additional costs), as ATP/ATA sensor, Linux local "agent" (recently) and HIDS.
10 months ago
Answered a question: What SOC product do you recommend?
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
10 months ago
Answered a question: What is your opinion of the 2021 Gartner Magic Quadrant for Analytics & BI Platforms?
Microsoft PBI grew and improved a lot. Tableau and Qlik are very easy and interesting but, all 3 solutions are very expensive.
If you are starting, you may try using OBIIE (an Oracle free solution for some type of licenses), Pentaho or any version of Hadoop-Like platforms.…
10 months ago
Answered a question: Which SIEM for small and medium-sized companies do you consider the most economical?
ELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open implementation).
11 months ago
Answered a question: What needs improvement with IBM Guardium Vulnerability Assessment?
Guardium could expand the templates beyond CIS/STIG by correlating with other market-templates (PCI, Sox, HIPAA...) and maybe, in the future, put a button that allows you to autofix the problem identified in the asset/database (like Symantec ESM did in the past com several…
12 months ago
Answered a question: What are the benefits of continuous scanning for vulnerability management?
Yes, essential*. You can start your program, for example, based on "Internet Facing" assets first, "Stringent" secondary, after "Baseline" and for last "workstation".
If you have a "BCP" Continuity Program, another approach is to check "VBF" (Vital Business Function" assets…
About 1 year ago
Answered a question: When evaluating outsourcing your Penetration Testing Services what is the most important aspect to look for?
(local or global) market reputation/recognition (+ founded time), quality of services/professionals, customers served (mainly business-line, some very good with application is not so good with hardware/telecom, for example), staff (who will meet the demand), laboratory/tools…
About 1 year ago
Answered a question: What is the best for ransomware infection?
Proactive: Patch Mgmt Program, Continuos Vulnerability Scanner (search and fix), Monitoring by SOC/NOC or others secutiry tools (like a HIDS or NIDS components).Reactive: Incident Mgmt Plans categorized and specific by typication, BCP (complete Business Continuity Plan not…
About 1 year ago
Answered a question: What needs improvement with Splunk?
New build-in use-cases for Enterprise Security, a fair price-model, improvement over SPL and index performance, adding and integrating with new connectors and market platforms (more open-source solutions too).
About 1 year ago
Answered a question: What is your primary use case for Splunk?
Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).
About 1 year ago
Answered a question: Which is the best ERP for a mid-sized AEC company?
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise).
Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
About 1 year ago
Answered a question: Which is the best ERP for a mid-sized AEC company?
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise).
Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
About 1 year ago
Answered a question: Which is the best network firewall for a small retailer?
Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource…
About 1 year ago
Answered a question: What is your experience regarding pricing and costs for Splunk?
Cost versus volume in the medium/long term are heavy. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". Before choose any tool…
About 1 year ago
Answered a question: What advice do you have for others considering Splunk?
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case"…
About 1 year ago
Answered a question: PoC template for SIEM
Hi, here you can download a vendor-neutral reference-document.Good luck with your decision (make it slowly).
https://www.sans.org/media/vendor/evaluator-039-s-guide-nextgen-siem-38720.pdf
About 1 year ago
Answered a question: How does Network Detection and Response (NDR) Differ from SIEM?
SIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.) and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools offer a central place to collect events and alerts, security data from network devices, servers, domain…
About 1 year ago
Answered a question: Which SIEM is best fit with Palo Alto Cortex XDR?
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset…
Over 1 year ago
Replied to James Dirksen Vulnerability Management and Risk Management Integration
@James Dirksen thanks, i'll check it.
Over 1 year ago
Answered a question: When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
0. Your company maturity (to receive a excellent tool or if it can be a less commercial one) VERSUS speed to correct problems encountered;2. TCO and user-friendly (of operation, installation, training and maintenance);3. Ability to integrate/export to other platforms (ETL…
Over 1 year ago
Asked a question: Vulnerability Management and Risk Management Integration
Over 1 year ago
Authenticated users are a excellent way for you increase the quality and depth of your scanner. You can add/use cloud providers API-keys during tests, local or AD users/credentials with database, telecom devices and other types of digital assets. Normally, the difference…
Almost 2 years ago
Contributed a review of Tenable Nessus: Tests against cloud providers, database profiles, several types of telecom devices, and other highly customizable scans
Projects
Almost 2 years ago
Enterprise Vulnerability Analysis - 2012, 2014, 2016 and 2018Enterprise Vulnerability Analysis - 2012, 2014, 2016 & 2018
Over 15.000 active assets out|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in paralel with a photography of IT/Security maturity through three main…
Over 1 year ago
Migrating from COBIT 4.1 (maturity) to COBIT5 (capacity)Team worked migrating and consolidating COBIT5 into a single overarching framework, providing one consistent and integrated source of guidance/PAs for the ITB (integrated IT Board and using old printed information/mapping generated by Modulo Risk Manager).Staff responsible…
About 1 year ago
Customer Phase-Out Strategy (IBM to HP)Wintel Tower Leader responsible for main actions in developing a migration strategy. Some of these actions will take in parallel, such as the definition of activities and the discussions with stakeholders who will be responsible in the future for the account.- Organizing…
Product Leaderboard Rank
Tenable Nessus (1st)
Category Leaderboard Rank
Vulnerability Management (1st)
Currently Researching
Experience
Other Skills
Unix, SAP, Hardening, OS, TCPIPFollowing
Reviews
Almost 2 years ago
Tenable Nessus
Questions
Answers
10 days ago
IT Service Management (ITSM)
About 1 month ago
IT Service Management (ITSM)
4 months ago
IT Alerting and Incident Management
4 months ago
Business Activity Monitoring
4 months ago
Network Monitoring Software
4 months ago
Security Information and Event Management (SIEM)
6 months ago
Network Monitoring Software
6 months ago
Vulnerability Management
6 months ago
Backup and Recovery Software
6 months ago
Information Security and Risk Consulting Services
6 months ago
Information Security and Risk Consulting Services
6 months ago
Endpoint Protection for Business (EPP)
6 months ago
Vulnerability Management
6 months ago
Intrusion Detection and Prevention Software (IDPS)
7 months ago
Security Information and Event Management (SIEM)
8 months ago
Business Intelligence (BI) Tools
8 months ago
Vulnerability Management
9 months ago
Business Intelligence (BI) Tools
9 months ago
Security Information and Event Management (SIEM)
9 months ago
Endpoint Protection for Business (EPP)
10 months ago
Vulnerability Management
10 months ago
Vulnerability Management
10 months ago
Endpoint Protection for Business (EPP)
10 months ago
Business Intelligence (BI) Tools
10 months ago
Security Information and Event Management (SIEM)
11 months ago
Vulnerability Management
12 months ago
Vulnerability Management
About 1 year ago
Penetration Testing Services
About 1 year ago
Security Information and Event Management (SIEM)
About 1 year ago
Security Information and Event Management (SIEM)
Over 1 year ago
Vulnerability Management
Comments
6 months ago
Security Information and Event Management (SIEM)
Over 1 year ago
Vulnerability Management
About me
Writer, Speaker, Teacher and experienced professional with extensive know-how in IT (30+ years), Security (20+ years), Shared Services, Outsourcing (ITO/BPO), Cloud & Virtualization, Projects, Design & Architecture, Products Pricing and Definition. Professor for 10 years in MBA and post-graduation courses, teaching subjects within the field of corporate management, Unix, frameworks, governance and risk mgmt, security, IT, GRC, data governance and integration.
https://www.linkedin.com/in/jairowillian/
Interesting Projects and Accomplishments
Almost 2 years ago
Over 1 year ago
About 1 year ago
