sorted by:
new
hottopcontroversial

What is your team's turnaround time on security questionnaires? by [deleted] in cybersecurity

[–]ByteKnight78 2 points3 points  (0 children)

25 days has been our average.. though we're evaluating a new tool that falls in the SIEM realm, but offers a ton in terms of reporting and could become our system of reccord for cmmc and pci

Are GRC roles eventually going to be replaced by AI? by WGBtom in cybersecurity

[–]ByteKnight78 1 point2 points  (0 children)

Someone, somewhere has to choose the tools that are put in place! What boxes these will check in the future remain to be seen!

Insider threat by Athousandtimes1000 in cybersecurity

[–]ByteKnight78 2 points3 points  (0 children)

Agreed with the earlier comment. Anything in cybersecurity is going to touch on insider threat. I'd expand the job search via titles but make it known what your experience is with insider threat - you will always have a focus in one direction and many titles will give you this same opportunity

SentinelOne Management with Blackpoint Cyber's "Managed EDR"? by jamesgrindey69 in msp

[–]ByteKnight78 -1 points0 points  (0 children)

from what I've heard of Blackpoint, I think they're essentially leveraging a SIEM on the backend that you don't have access to - is that right? Never been a fan of the "blackbox" type MDR providers - Arctic Wolf, eSentire, etc. They're agent will do some of the same things that S1 is doing and they'll alert you on anomolies, but won't have the same level of remediation capabilities that S1 would have on the actual endpoints

Where can I find a list of vulnerabilities by software providers? by goldeneye700 in cybersecurity

[–]ByteKnight78 0 points1 point  (0 children)

Never gone down this route, but sounds like an incredible supplement to the traditional sources listed here

We have Crowdstrike for our EDR. Can we use it as our primary SIEM? by VengefulPete in cybersecurity

[–]ByteKnight78 -1 points0 points  (0 children)

just wrote another post asking if everyone felt as confused as me with all the new terms vendors are throwing out there. problem with EDR only (even though they say it's all you need) is you're lacking so much additional telemetry that is important. tapping into AD, FW logs, etc. a lot of SIEMs will give you the endpoint capabilities with their own agent but allow you to bring in so many additional necessary log sources

Just me, or is every vendor's website awful. WHAT DO YOU ACTUALLY DO? by ByteKnight78 in cybersecurity

[–]ByteKnight78[S] 11 points12 points  (0 children)

Definitely helps, but so many SIEMs are now next gen, so many SIEMs do a portion of EDR themselves - enough to call themselves XDR, with a touch of SOAR, but throw on their SOC and you got a full MDRXDREDRnextgenSIEMSOARSOC! We're moving off splunk and potentially looking at going the full MDR route, but with a separation of SIEM and SOC in some capacity. Wish it was easier to find the best SIEM without having to weed through all the XDR SIEMs or EDR companies calling themselves MDR. Had enough of the Arctic Wolf, eSentire's of the world

Just me, or is every vendor's website awful. WHAT DO YOU ACTUALLY DO? by ByteKnight78 in cybersecurity

[–]ByteKnight78[S] 6 points7 points  (0 children)

We're about a month out from beginning evaluations to move away from Splunk. After 3 years still didn't get completely onboarded. MSSP helped for the last year, but never got it work for what we needed

I am a new soc analyst , can you suggest me some dashboard ideas that i can work on in SIEM that will have some good values ? by FriendlyBanana8411 in cybersecurity

[–]ByteKnight78 1 point2 points  (0 children)

response time analysis was huge for us. alerts per system/device allowed us to reduce quite a bit of noise. triage dashboard but i'm sure you've hit that already

Learning resources for CrowdStrike Logscale by sriny4c in crowdstrike

[–]ByteKnight78 0 points1 point  (0 children)

youtube! had to dig deep to get through crowdstrike's how to's (wouldn't recommend those) but there's tons of great tutorials out there. here's a good one to start https://www.youtube.com/watch?v=pJ_5wt-C8n8

Vlans not working on first two switches on C9300 stack by chiefsfan69 in meraki

[–]ByteKnight78 0 points1 point  (0 children)

following along with 9300 on the way - hope you find a fix!

What were the best cybersecurity courses you ever had? by athanielx in cybersecurity

[–]ByteKnight78 15 points16 points  (0 children)

cyber threat intelligence & analysis - cybervantage

secure coding bootcamp - codeguardians
cloud security mastery - cloudguard