We just raised a $30M Series A: Read our story

Badges

User Activity

6 days ago
Both, but I prefer Nessus Pro (costs and you can define out-of-band your better presentation/xLAP platform). Tenable.io has its facilities and extra plugins/views/analytics, but nothing that can't be externally performed by another ETL/presentation tool (for a fraction of…
6 days ago
Both have the same purpose but not the same scope.  Ensuring CR does not guarantee BCP but guaranteeing BCP (properly following all plans and sub-plans as required by ISO22301 standard) guarantees CR. People often confuse DR (Disaster Recovery) with BCP but DR is just a…
7 days ago
Kali Linux distro, using a red-teaming framework, starting with tools for reconnaissance, vulns, exploitation, reporting and re-thinking/remediation.
7 days ago
https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf Only this :)
7 days ago
I don't know these 2 solutions but a very important point to consider is called Linux (or Macintosh - non-Windows platforms that must be inspected by the tool.
7 days ago
For me, the 4 main variables are costs, speed (of being operating), business knowledge and customization.  All others - will depend on these variables.
7 days ago
It is also interesting to think about: 1. Have an effective and tested continuity plan 2. Know and prioritize your risks 3. Constantly monitor and assess your assets and logs
8 days ago
Usually, CSPs provide a list of what is/isn´t presented in their SLA and services book.  If your provider doesn't offer this info, consider asking for the deadlines (times in hours) that each service is resolved at each support level (Level1, L2, L3..., mapped w/each…
8 days ago
You can simulate different types of access/attacks using the matrix suggested by MITRE: https://attack.mitre.org/matri... For example, you can transport one internal/specific problem/vulnerability of your environment to matrix and check/validate, possibilities and threats,…
29 days ago
I always like this order a lot: "Consider People and Process" and only after, Technology.
29 days ago
Lite & quick tip: 1. Transcribe the goal that made you think about acquiring a SIEM. 2. Transcribe or transform this objective into activities that the platform should serve (usually these are the most basic). 3. Start by testing "your process" using an open-source or…
About 2 months ago
Essential and fundamentals ETLs features, I think, that are available over all types and products. Not only for differences and features but about "first/baby steps" and "next step when maturity grow".Article in Portuguese, but I strongly recommended reading it (even if via…
About 2 months ago
You can start with OpenVAS (an excellent tool during "first steps").  Depending on your goals, you can add Kali Linux during tests for "deeper inspection" validation. Remember that Microsoft offers some security tools and consulting based on your "contract/plan".
3 months ago
Unfortunately, this is in Portuguese (pt-BR), but it's worth reading (even via Google Translator).  That vision can change your all future decisions forever. One day, I translate it into English. "When Gartner's Magic Quadrant isn't the best option for your company":…
3 months ago
Some products permit generating a native .MSI package. Sometimes, you can use PowerShell for connecting and installing packs in your environment. Not-trivial: using a secondary tool (an administrative tool, iLo/iDRAC, PHP, expect, ssh-win, ...) is available or built-in over…
3 months ago
@Evgeny Belenky Normally, i search for another similar orgs, inline with scope/product/type/function over analysis (Forrester, av-test.org, IT Central etc.).
3 months ago
Mistakes: 1. Choosing only using a Gartner magic quadrant. 2. Don't consider cross-platforms,like Linux, variants and mobile. 3. Evaluate the cost of each modules and TCO. Advices: 1. Test against pieces of real artifacts. 2. Consider geographic and political…
4 months ago
IMO, the previous version (Nessus) is more interesting in costs for some projects.  Tenable has recently added a presentation/analytics layer to its products but using a non-viable cost model (you can generate the same results and dashboards combining Nessus and others…
4 months ago
360° scanner and compliance checker inside authenticated environments.
4 months ago
integrated anti-malware/end-point (without additional costs), as ATP/ATA sensor, Linux local "agent" (recently) and HIDS. 
4 months ago
Apache Metron, ELK, OSSIM, Splunk and Qradar (in cost/benefit order for starters).
4 months ago
Microsoft PBI grew and improved a lot. Tableau and Qlik are very easy and interesting but, all 3 solutions are very expensive. If you are starting, you may try using OBIIE (an Oracle free solution for some type of licenses), Pentaho or any version of Hadoop-Like platforms.…
4 months ago
ELK, graylog, OSSIM and Apache Metron (or another Hadoop-like open implementation).  
5 months ago
Guardium could expand the templates beyond CIS/STIG by correlating with other market-templates (PCI, Sox, HIPAA...) and maybe, in the future, put a button that allows you to autofix the problem identified in the asset/database (like Symantec ESM did in the past com several…
6 months ago
Yes, essential*. You can start your program, for example, based on "Internet Facing" assets first, "Stringent" secondary, after "Baseline" and for last "workstation". If you have a "BCP" Continuity Program, another approach is to check "VBF" (Vital Business Function" assets…
7 months ago
(local or global) market reputation/recognition (+ founded time), quality of services/professionals, customers served (mainly business-line, some very good with application is not so good with hardware/telecom, for example), staff (who will meet the demand), laboratory/tools…
7 months ago
Proactive: Patch Mgmt Program, Continuos Vulnerability Scanner (search and fix), Monitoring by SOC/NOC or others secutiry tools (like a HIDS or NIDS components).Reactive: Incident Mgmt Plans categorized and specific by typication, BCP (complete Business Continuity Plan not…
7 months ago
New build-in use-cases for Enterprise Security, a fair price-model, improvement over SPL and index performance, adding and integrating with new connectors and market platforms (more open-source solutions too).
7 months ago
Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).
8 months ago
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise). Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
8 months ago
SAP Business One (depends on process maturity level of your company), MS Dynamics (the cost may be interesting if your model license is global/enterprise). Attention: try to use solutions that are easy for you "enter" and also "leave" the platform.
8 months ago
Fortinet has an excellent price for low-profile equipment that still offer great deliveries for small/medium businesses (beware with version versus EOL/License only). If you have 'qualified team' and the price is differential, you can even think about using an opensource…
8 months ago
Cost versus volume in the medium/long term are heavy. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". Before choose any tool…
8 months ago
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case"…
8 months ago
Answered a question: PoC template for SIEM
Hi, here you can download a vendor-neutral reference-document.Good luck with your decision (make it slowly). https://www.sans.org/media/vendor/evaluator-039-s-guide-nextgen-siem-38720.pdf
8 months ago
SIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.) and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools offer a central place to collect events and alerts, security data from network devices, servers, domain…
9 months ago
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset…
10 months ago
@James Dirksen thanks, i'll check it.
10 months ago
0. Your company maturity (to receive a excellent tool or if it can be a less commercial one) VERSUS speed to correct problems encountered;2. TCO and user-friendly (of operation, installation, training and maintenance);3. Ability to integrate/export to other platforms (ETL…
12 months ago
Authenticated users are a excellent way for you increase the quality and depth of your scanner. You can add/use cloud providers API-keys during tests, local or AD users/credentials with database, telecom devices and other types of digital assets. Normally, the difference…

Reviews

Questions

Answers

7 days ago
Information Security and Risk Consulting Services
7 days ago
Information Security and Risk Consulting Services
8 days ago
Intrusion Detection and Prevention Software (IDPS)
29 days ago
Security Information and Event Management (SIEM)
3 months ago
Security Information and Event Management (SIEM)
3 months ago
Endpoint Protection for Business (EPP)
4 months ago
Endpoint Protection for Business (EPP)
4 months ago
SOC as a Service
4 months ago
Security Information and Event Management (SIEM)
7 months ago
Endpoint Protection for Business (EPP)
7 months ago
Log Management
8 months ago
Security Information and Event Management (SIEM)
8 months ago
Security Information and Event Management (SIEM)
9 months ago
Security Information and Event Management (SIEM)

Comments

7 days ago
Security Information and Event Management (SIEM)
29 days ago
Application Performance Management (APM)

About me

Writer, Speaker, Teacher and experienced professional with extensive know-how in IT (30+ years), Security (20+ years), Shared Services, Outsourcing (ITO/BPO), Cloud & Virtualization, Projects, Design & Architecture, Products Pricing and Definition. Professor for 10 years in MBA and post-graduation courses, teaching subjects within the field of corporate management, Unix, frameworks, governance and risk mgmt, security, IT, GRC, data governance and integration.
https://www.linkedin.com/in/jairowillian/