McAfee ePolicy Orchestrator Questions
Sep 21 2021
I work as Lead of Incident Response at a Governmental institution.
Currently, we're moving from IBM MaaS360 to Microsoft Intune. Can anyone share a piece of advice on how easy is it to integrate Microsoft Intune with McAfee ePolicy Orchestrator?
Thanks a lot!(less)
Sep 17 2021
What do you like most about McAfee ePolicy Orchestrator?
Thanks for sharing your thoughts with the community!
Sep 17 2021
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Sep 17 2021
Please share with the community what you think needs improvement with McAfee ePolicy Orchestrator.
What are its weaknesses? What would you like to see changed in a future version?
Sep 17 2021
How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
Sep 17 2021
If you were talking to someone whose organization is considering McAfee ePolicy Orchestrator, what would you say?
How would you rate it and why? Any other tips or advice?
Security Orchestration Automation and Response (SOAR) Questions
Nov 22 2021
Hi community members,
Can you please share with other peers how Security Orchestration, Automation, and Response (SOAR) is different from XDR?
Thanks for the help!
Nov 23 2021
Why SOC is important for an organization? What are the main challenges of the modern SOC?
Sep 23 2021
We all know that it's important to conduct a trial / POC as part of the buying process.
Do you have any advice for your peers about the best way to conduct a SOAR trial or POC? How do you conduct a trial effectively?
What should be taken into consideration and are there any mistakes to avoid?(less)
Sep 13 2021
Hot data is necessary for live security monitoring.
Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).
As an example, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. So, to investigate the SolarWinds case, we have to go back to Sept. 4, 2019, from now on (July 13, 2021). In this case, we need at least 18 months of live data.
The second example of why hot data is critical is from the IBM data breach report. The average time to identify and contain a breach is 280 days, according to this report.
Hot data gives defenders the quick access they need for real-time threat hunting, but hot data is more expensive than the archive option in current SIEM solutions.
Keeping data hot for SIEM use is inevitably one of the most expensive data storage options.
What are your thoughts about it, dear professionals?(less)
Sep 03 2021
When one writes detection rules for SIEM solutions, what are the criteria of a good detection rule?
Can you share any examples?
Sep 08 2021
We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting?
Please share your opinion on how these trends are going to influence the future of the relevant solutions, tools, etc. used in SOC.
Looking forward to hearing your insights,
Hi, I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.
Can anyone help with insights?
Sep 22 2021
Hi dear community,
Can you explain what an incident response playbook is and the role it plays in SOAR? How do you build an incident response playbook?
Do SOAR solutions come with a pre-defined playbook as a starting point?
Aug 31 2021
SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security?
If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commonalities. They both collect data, but the quantity of data, type of data, and type of response is where they differ. As threats have advanced, security professionals may be in need of both.
That's where SOAR and SIEM come to the rescue, although there has been some confusion as to the difference between the two. The two technologies have different competencies, but can be combined to increase a security team's or SOC's effectiveness.
SIEM vs SOAR
In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts as the remediation and response engine to those alerts.
SIEM is the collection and aggregation of security data sourced from integrated platforms logging event-related data - firewalls, network appliances, intrusion detection and prevention systems, etc. - then correlates data across devices, categorizes, and analyzes incidents before issuing alerts. The alerts are identified by using sophisticated analytical techniques and machine learning, which require fine tuning. This leaves a lot of alerts for a security team or SOC to prioritize and remediate; a difficult, time-consuming process.
SOAR, on the other hand, is designed to help security teams automate the response process by gathering alerts, managing cases, and responding to the endless alerts generated by SIEM. With SOAR, security teams can integrate with security alerts and create adaptive, automated incident response workflows. This gives SecOps the ability to prioritize threats and deliver faster results.
When evaluating Security Orchestration, Automation, and Response (SOAR), what aspect do you think is the most important to look for?
Let the community know what you think. Share your opinions now!
Product CategoriesSecurity Orchestration Automation and Response (SOAR)
Download our free McAfee ePolicy Orchestrator Report and get advice and tips from experienced pros sharing their opinions.
- What is the difference between SIEM and SOAR platforms?
- What is an incident response playbook and how is it used in SOAR?
- How to evaluate SIEM detection rules?
- What are the latest trends in Security Operations Center (SOC)?
- Why a Security Operations Center (SOC) is important?
- When evaluating Security Orchestration, Automation, and Response (SOAR), what aspect do you think is the most important to look for?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- What's the best way to trial Security Orchestration, Automation and Response (SOAR) solutions?