Coming October 25: PeerSpot Awards will be announced! Learn more

Badges

User Activity

About 1 year ago
Your requirements can be tackled from a network security perspective. Using a positive security model, you can allow only 80 or 443 to access that server (HTTP or HTTPS) Since it is windows, do not allow SMB or RDP into that server - this unhygienic practice can be found in…
About 1 year ago
To best understand Threat Modelling, an enterprise should be familiar with Cyber Threat Intelligence.  While ideally, threat modelling can be driven right from the LEFT (DevSecOps), using a framework to identify threats for your application development (Dev) stage, the…
About 1 year ago
Evgeny,  My personal experience tells me that SOC will be driven by next-generation platforms that can enable multiple use cases instead of just SIEM. The current SOC with a SIEM approach lacks the following aspects: 1. Data architecture platform which is not built on top…
About 1 year ago
Hi Elsayed, I would personally recommend using a different approach for penetration testing. As you know penetration testing relies heavily on humans. Today, there are already penetration testing tools that can provide you with continuous penetration testing (24x7) in an…
About 1 year ago
That's excellent, @Chiheb Chebbi. Now you would want to see if all your Windows environments have been configured to send all the logs, especially on the endpoint level. Ensure you get all the authentication logs at the very least. You could opt to get the OS level audit…
About 1 year ago
No, Navin,  The use of SIEM products will focus a lot broader on managing all sources of target systems log integration and correlation, while InsightIDR will work best with existing Rapid7 solutions.  Alternatively, several SIEM would have a plugin to integrate VA result…
About 1 year ago
Hi @Navin Rehnius, The IDR focus is on the correlation of the host system vulnerability with the exploit activity. In a way, it will classify if an exploit or attack event is most potentially an incident.  However, IDR works by scanning the whole segment of the target…
About 1 year ago
The differences are: Detection methods standpoint Antivirus uses traditional method of database signature. It combines malware information such as hashes of the file, name, certain code signature in the virus functionality. It is static.  EDR uses different method such as…
About 1 year ago
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF is that the solution only includes generic level of web application…
About 1 year ago
@Evgeny Belenky to be honest, I am consulting provider for banks, we sought after this solution to reduce our dependency on human-based pentest - so no human error.  We provide this service for banks using this technology. The system runs 24/7 with a pre-defined / custom…
About 1 year ago
Hi Evgeny, There is one automated penetration testing tool that performs way beyond VAPT. We are using an AI-based automated pentest platform (robot) that performs penetration testing without the intensity work from human pentester.  The tool utilizes thousand of scenarios…
Over 1 year ago
Before answering to your needs, we need to understand that there are two distinctive features from SCCM and BigFix. SCCM since 2020 has stopped its support for Linux Patching, so in its entirety, if you are only using Windows, you might consider SCCM. It still support Mac…
Over 1 year ago
There are two categories of Threat Intelligence so-called "tools" 1. Threat Intelligence Platform 2. Threat Intelligence Feed Service (premium provider) A threat intelligence platform such as Anomali Threat Intelligence Platform, EclecticIQ, ThreatQuotient only provides…
Over 1 year ago
There are two approaches to answer your needs. You can either select: 1. SIEM / SOC Platform that could ingest more than 1 TI feed service  2. Threat Intelligence Platform If you are looking to simply integrate the TI sources into one single centralized system, for…
Over 1 year ago
DIfference between internal and external threat intelligence is:Internal threat intelligence revolves around what is happening in your cyber environment (inside your organization). Any findings about a specific cyber attack, malware samples and other malicious activities…
Over 1 year ago
Contributed a review of Group-IB Threat Intelligence: Helps end users increase ROI and avoid costly incidents
Over 1 year ago
Contributed a review of Group-IB Digital Risk Protection: Broad protection, good stability, fast support, and reasonable pricing

Reviews

Group-IB Threat Intelligence Logo
Over 1 year ago
Group-IB Threat Intelligence
Group-IB Digital Risk Protection Logo
Over 1 year ago
Group-IB Digital Risk Protection

Answers

About 1 year ago
User Behavior Analytics - UEBA
About 1 year ago
Threat Intelligence Platforms
About 1 year ago
Information Security and Risk Consulting Services
About 1 year ago
Information Security and Risk Consulting Services
About 1 year ago
Security Information and Event Management (SIEM)
About 1 year ago
Security Information and Event Management (SIEM)
About 1 year ago
Security Incident Response
About 1 year ago
EDR (Endpoint Detection and Response)
About 1 year ago
Web Application Firewall (WAF)
About 1 year ago
Application Security Testing (AST)
Over 1 year ago
Server Monitoring
Over 1 year ago
Threat Intelligence Platforms