Badges

User Activity

4 months ago
Forescout is a very powerful NAC product that does not rely on port level configuration. It can detect and block unauthorized devices very quickly. But it has a lot of capabilities and really would take at least one person dedicated to train up in Forescout, plus a backup…
7 months ago
The biggest single mistake I see businesses making in monitoring cyber threats is relying on humans to check these threats manually. This is a big mistake and a waste of human capital. Humans are prone to error, and the large number of threat warnings that inevitably show up…
8 months ago
No single product will detect all vulnerabilities. That is why in security we use the concept of "defense in depth". So for example, on the outside of the network, at the Internet/Enterprise edge, we should have a Next Generation Firewall (NGFW). Palo Alto or Cisco Firepower…
About 1 year ago
I am not sure how LogRhythm would be less expensive than Splunk. Splunk charges licensing by the GB of incoming logs. LogRhythm sells an appliance and it has a certain capacity. If you want more capacity you need an additional appliance. Splunk you add additional indexers…
Over 1 year ago
Answered a question What Is SIEM Used For?
Security Incident and Event Management (SIEM) is an automated way to detect patterns that might indicate a security incident. Usually, the SIEM product will collect logs from all the networking devices and resources in an environment, and use AI or other logic to correlate…

About me

18 years experience with routing, switching, voice, wireless, security, storage, and NMS. Cisco and Splunk certifications.