Badges

20 Points
2 Years

User Activity

Over 2 years ago
Your requirements can be tackled from a network security perspective Using a positive security model, you can allow only 80 or 443 to access that server (HTTP or HTTPS) Since it is windows, do not allow SMB or RDP into that server - this unhygienic practice can be found in…
Over 2 years ago
To best understand Threat Modelling, an enterprise should be familiar with Cyber Threat Intelligence.  While ideally, threat modelling can be driven right from the LEFT (DevSecOps), using a framework to identify threats for your application development (Dev) stage, the…
Over 2 years ago
Evgeny,  My personal experience tells me that SOC will be driven by next-generation platforms that can enable multiple use cases instead of just SIEM. The current SOC with a SIEM approach lacks the following aspects 1. Data architecture platform which is not built on top of…
Over 2 years ago
Hi Elsayed I would personally recommend using a different approach for penetration testing. As you know penetration testing relies heavily on humans. Today, there are already penetration testing tools that can provide you with continuous penetration testing (24x7) in an…
Over 2 years ago
That's excellent, @Chiheb Chebbi Now you would want to see if all your Windows environments have been configured to send all the logs, especially on the endpoint level. Ensure you get all the authentication logs at the very least. You could opt to get the OS level audit…
Over 2 years ago
No, Navin,  The use of SIEM products will focus a lot broader on managing all sources of target systems log integration and correlation, while InsightIDR will work best with existing Rapid7 solutions.  Alternatively, several SIEM would have a plugin to integrate VA result…
Over 2 years ago
Hi @Navin Rehnius The IDR focus is on the correlation of the host system vulnerability with the exploit activity. In a way, it will classify if an exploit or attack event is most potentially an incident.  However, IDR works by scanning the whole segment of the target hosts…
Over 2 years ago
The differences are Detection methods standpoint Antivirus uses traditional method of database signature. It combines malware information such as hashes of the file, name, certain code signature in the virus functionality. It is static.  EDR uses different method such as…
Over 2 years ago
Hi Varun I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF is that the solution only includes generic level of web application protection.…
Over 2 years ago
@Evgeny Belenky to be honest, I am consulting provider for banks, we sought after this solution to reduce our dependency on human-based pentest - so no human error.  We provide this service for banks using this technology The system runs 24/7 with a pre-defined / custom…
Over 2 years ago
Hi Evgeny There is one automated penetration testing tool that performs way beyond VAPT. We are using an AI-based automated pentest platform (robot) that performs penetration testing without the intensity work from human pentester.  The tool utilizes thousand of scenarios…
Almost 3 years ago
Before answering to your needs, we need to understand that there are two distinctive features from SCCM and BigFix SCCM since 2020 has stopped its support for Linux Patching, so in its entirety, if you are only using Windows, you might consider SCCM. It still support Mac…
Almost 3 years ago
There are two categories of Threat Intelligence so-called "tools" 1. Threat Intelligence Platform 2. Threat Intelligence Feed Service (premium provider) A threat intelligence platform such as Anomali Threat Intelligence Platform, EclecticIQ, ThreatQuotient only provides you…
Almost 3 years ago
There are two approaches to answer your needs. You can either select 1. SIEM / SOC Platform that could ingest more than 1 TI feed service  2. Threat Intelligence Platform If you are looking to simply integrate the TI sources into one single centralized system, for instance:…
Almost 3 years ago
DIfference between internal and external threat intelligence is:Internal threat intelligence revolves around what is happening in your cyber environment (inside your organization). Any findings about a specific cyber attack, malware samples and other malicious activities…
Almost 3 years ago
Contributed a review of Group-IB Threat Intelligence: Helps end users increase ROI and avoid costly incidents
Almost 3 years ago
Contributed a review of Group-IB Digital Risk Protection: Broad protection, good stability, fast support, and reasonable pricing

Reviews

Group-IB Threat Intelligence Logo
Almost 3 years ago
Group-IB Threat Intelligence
Group-IB Digital Risk Protection Logo
Almost 3 years ago
Group-IB Digital Risk Protection

Answers

Over 2 years ago
User Entity Behavior Analytics - UEBA
Over 2 years ago
Threat Intelligence Platforms
Over 2 years ago
Information Security and Risk Consulting Services
Over 2 years ago
Information Security and Risk Consulting Services
Over 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
Security Information and Event Management (SIEM)
Over 2 years ago
Security Incident Response
Over 2 years ago
EDR (Endpoint Detection and Response)
Over 2 years ago
Web Application Firewall (WAF)
Over 2 years ago
Application Security Testing (AST)
Almost 3 years ago
Server Monitoring
Almost 3 years ago
Threat Intelligence Platforms