Security Incident Response Questions
Navin Rehnius
Security Engineer at a tech services company with 201-500 employees
Aug 02 2021

What is the difference between Incident Detection Response (IDR) e.g. in Rapid7 InsightIDR and Endpoint Detection and Response (EDR) in other solutions?

Thanks.

John RendyHi @Navin Rehnius, The IDR focus is on the correlation of the host system… more »
Evgeny Belenky
IT Central Station
May 21 2021

Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom, according to BBC.

Earlier this month, Hugh has written about it in this article: The Colonial Pipeline Ransomware Attack: Preventing the Next Cybercrime Disruption of Critical Infrastructure

Lessons from the Colonial Pipeline ransomware attack

Dear community, let's share your professional opinion with other peers on what lessons can we learn from this ransomware attack.

What can be done better in the future? Is it about backup and recovery tools? About EDR? 

Should the incident response be managed in a different way?

Thanks

ITSecuri7cfdAt minimum, do the basics. Patch or mitigate vulnerabilities by isolating the… more »
Evgeny Belenky
IT Central Station
Sep 08 2021
Trends in Security Operations Center (SOC)

Hi community,

We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting? 

Please share your opinion on how these trends are going to influence the future of the relevant solutions, tools, etc. used in SOC.

Looking forward to hearing your insights,

Thanks!

John RendyEvgeny,  My personal experience tells me that SOC will be driven by… more »
Rony_Sklar
IT Central Station
Sep 22 2021

Hi dear community,

Can you explain what an incident response playbook is and the role it plays in SOAR? How do you build an incident response playbook? 

Do SOAR solutions come with a pre-defined playbook as a starting point?

Maged MagdyHi, what an incident response playbook?  Incident Response Playbook is the… more »
Robert CheruiyotHi Rony,  Playbook automates the gathering of threat intelligence from a… more »
David SwiftIncident Response playbooks detail how to act when a threat or incident occurs… more »