Badges
User Activity
Over 1 year ago
Answered a question: Which UEBA solution do you recommend and why?
UEBA for firewall analytics or are you talking about anomaly detection for firewall traffic behaviors?
Over 1 year ago
Answered a question: What is the difference between SIEM and Next-Gen SIEM solutions?
"SIEM" and "Next-Gen SIEM" are often used in marketing and may not have a clear definition. Each vendor may have their own interpretation of these terms. The main difference between SIEM and Next-Gen SIEM (often called XDR) is the responsibility for creating security…
Over 1 year ago
I noticed that you mentioned a few SOAR vendors in the list, however, I would like to bring to your attention that Critical Start, Exabeam Fusion, and McAfee ePolicy are not SOAR providers.
Over 1 year ago
Answered a question: How do you decide about the alert severity in your Security Operations Center (SOC)?
There are various approaches that organizations can take to help ensure that alert severity is properly assessed and to mitigate the impact of alert fatigue
- One approach is to use a standardized system for evaluating and assigning severity levels to alerts. For example,…
Over 1 year ago
Answered a question: What tools and solutions do you use for automated incident response in an enterprise in 2022?
Advanced SOAR. It has no-code automation but also has intelligence embedded to auto correlate alerts like XDR does. Something between SOAR and XDR.
Over 1 year ago
Replied to Maged Magdy What is an incident response playbook and how is it used in SOAR?
@Maged Magdy agree. These playbooks are a good starting point and need to be customized.
Over 1 year ago
Answered a question: What is an incident response playbook and how is it used in SOAR?
An incident response playbook is a set of pre-defined steps and procedures that outline how to respond to a specific type of security incident. The playbook typically includes detailed instructions on how to identify, contain, and remediate the incident, as well as any…
Over 1 year ago
Answered a question: What were your main pain points during the SIEM product purchase process?
We've worked in SOC for many years. Here are a few pain points in SIEM solution purchases
Difficulty evaluating and comparing different SIEM products: With a large number of SIEM products on the market, it can be challenging for organizations to determine which product is…
Over 1 year ago
Answered a question: What is the difference between SIEM and SOAR platforms?
SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) are both tools used in cybersecurity to monitor and respond to security threats. However, they have different primary functions and use cases
SIEM is primarily used…
Projects
Over 1 year ago
1) Ph.D. in computer science. 2) leader in1) Ph.D. in computer science.
2) leader in the field of security operations analysis and data science at Microsoft.
3) five-time patent holder.
4) founder of Dtonomy, a security orchestration, and automation company.
Answers
Over 1 year ago
Security Information and Event Management (SIEM)
Over 1 year ago
Network Monitoring Software
Over 1 year ago
IT Alerting and Incident Management
Over 1 year ago
IT Alerting and Incident Management
Over 1 year ago
Security Information and Event Management (SIEM)
Over 1 year ago
Security Information and Event Management (SIEM)
Comments
Over 1 year ago
Security Orchestration Automation and Response (SOAR)
About me
Co-founder of DTonomy(www.dtonomy.com), an AI-based security analysis and response company
and NoiseTotal (https://noisetotal.io/), threat intelligence on false positives, the opposite of NoiseTotal
and Phish AIR, the popular plugin for quick phishing analysis and reporting
Interesting Projects and Accomplishments
Over 1 year ago