We just raised a $30M Series A: Read our story

Badges

User Activity

29 days ago
Your requirements can be tackled from a network security perspective. Using a positive security model, you can allow only 80 or 443 to access that server (HTTP or HTTPS) Since it is windows, do not allow SMB or RDP into that server - this unhygienic practice can be found in…
About 1 month ago
To best understand Threat Modelling, an enterprise should be familiar with Cyber Threat Intelligence.  While ideally, threat modelling can be driven right from the LEFT (DevSecOps), using a framework to identify threats for your application development (Dev) stage, the…
About 2 months ago
Evgeny,  My personal experience tells me that SOC will be driven by next-generation platforms that can enable multiple use cases instead of just SIEM. The current SOC with a SIEM approach lacks the following aspects: 1. Data architecture platform which is not built on top…
About 2 months ago
Hi Elsayed, I would personally recommend using a different approach for penetration testing. As you know penetration testing relies heavily on humans. Today, there are already penetration testing tools that can provide you with continuous penetration testing (24x7) in an…
2 months ago
That's excellent, @Chiheb Chebbi. Now you would want to see if all your Windows environments have been configured to send all the logs, especially on the endpoint level. Ensure you get all the authentication logs at the very least. You could opt to get the OS level audit…
3 months ago
No, Navin,  The use of SIEM products will focus a lot broader on managing all sources of target systems log integration and correlation, while InsightIDR will work best with existing Rapid7 solutions.  Alternatively, several SIEM would have a plugin to integrate VA result…
3 months ago
Hi @Navin Rehnius, The IDR focus is on the correlation of the host system vulnerability with the exploit activity. In a way, it will classify if an exploit or attack event is most potentially an incident.  However, IDR works by scanning the whole segment of the target…
3 months ago
The differences are: Detection methods standpoint Antivirus uses traditional method of database signature. It combines malware information such as hashes of the file, name, certain code signature in the virus functionality. It is static.  EDR uses different method such as…
4 months ago
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF is that the solution only includes generic level of web application…
4 months ago
@Evgeny Belenky to be honest, I am consulting provider for banks, we sought after this solution to reduce our dependency on human-based pentest - so no human error.  We provide this service for banks using this technology. The system runs 24/7 with a pre-defined / custom…
4 months ago
Hi Evgeny, There is one automated penetration testing tool that performs way beyond VAPT. We are using an AI-based automated pentest platform (robot) that performs penetration testing without the intensity work from human pentester.  The tool utilizes thousand of scenarios…
4 months ago
Before answering to your needs, we need to understand that there are two distinctive features from SCCM and BigFix. SCCM since 2020 has stopped its support for Linux Patching, so in its entirety, if you are only using Windows, you might consider SCCM. It still support Mac…
5 months ago
There are two categories of Threat Intelligence so-called "tools" 1. Threat Intelligence Platform 2. Threat Intelligence Feed Service (premium provider) A threat intelligence platform such as Anomali Threat Intelligence Platform, EclecticIQ, ThreatQuotient only provides…
5 months ago
There are two approaches to answer your needs. You can either select: 1. SIEM / SOC Platform that could ingest more than 1 TI feed service  2. Threat Intelligence Platform If you are looking to simply integrate the TI sources into one single centralized system, for…
5 months ago
DIfference between internal and external threat intelligence is:Internal threat intelligence revolves around what is happening in your cyber environment (inside your organization). Any findings about a specific cyber attack, malware samples and other malicious activities…

Reviews

Group-IB Threat Intelligence Logo
7 months ago
Group-IB Threat Intelligence

Answers

29 days ago
User Behavior Analytics - UEBA
About 1 month ago
Threat Intelligence Platforms
About 2 months ago
Information Security and Risk Consulting Services
About 2 months ago
Information Security and Risk Consulting Services
2 months ago
Security Information and Event Management (SIEM)
3 months ago
Security Information and Event Management (SIEM)
3 months ago
Security Incident Response
3 months ago
Endpoint Detection and Response (EDR)
4 months ago
Web Application Firewall (WAF)
4 months ago
Application Security Testing (AST)
4 months ago
Server Monitoring
5 months ago
Threat Intelligence Platforms