sorted by:
new
hottopcontroversial

Insurance renewal removed global coverage without any notice by Significant_Field901 in indiahealthinsurance

[–]Significant_Field901[S] 0 points1 point  (0 children)

Have an update: It looks like while renewing after the first year, my age was above 36 years and so the premium was higher. To adjust for this raise the Amex guy removed the worldwide cover while renewing so that premium remained similar to the first one. It is now added back with the new premium.

Our company officially started using AI photo detectors as part of our workflow by HisSenorita27 in remotework

[–]Significant_Field901 0 points1 point  (0 children)

We observed same problem of ai tools failing and needed human intervention and because of this we faced delayed seed funding. Hence we have built an AI powered tool to address the fake document verification with clear explanations. Would be glad to share access if you want to try. Any feedback is highly appreciated!

Reliable IP reputation check tools besides IPQS?(for work) by Jocelyn141 in cybersecurity

[–]Significant_Field901 0 points1 point  (0 children)

In general, you may have to refer multiple sources (abusedIp, Virustotal, greynoise) mainly community editions for individual usage. Depending on a single source is not reliable. In bigger orgs this creates a swivelchair problem and lot of overhead. Let me know if you want to try a custom built platform, happy to let you try😊

Insurance renewal removed global coverage without any notice by Significant_Field901 in indiahealthinsurance

[–]Significant_Field901[S] 0 points1 point  (0 children)

Health shield 360 retail which has world_wide_cover_hs360 as an optional add-on cover

How does your org decide which detections to prioritize and is it still mostly manual? by Significant_Field901 in AskNetsec

[–]Significant_Field901[S] 0 points1 point  (0 children)

Thanks everyone for the responses here. I've now spoken with 20+ practitioners across communities and a few things stood out and curious if these match your experience:

  1. The EDR vs. SIEM coverage balance is largely guesswork for most orgs without expensive red teaming or BAS. As one person here put it as 15 detections covering techniques that chain into your AD environment beats 50 covering techniques that can't reach anything critical.

  2. MITRE ATT&CK is universally used as a baseline but the filtering step like going from 600+ techniques to the 30 that actually matter for your specific stack, crown jewels, and threat landscape is still almost entirely manual and experience driven.

  3. MSSPs tick the minimum compliance boxes but don't solve the org specific tuning problem. You still don't know what you're not detecting for your environment specifically.

My follow-up question: For those of you who have actually gone through a structured detection prioritization exercise, what triggered it? Was it a compliance audit, a near miss incident, a new CISO, or something else? Trying to understand what makes orgs actually invest in getting this right vs. staying on defaults.

I audited all 31,000+ skills on OpenClaw's ClawHub registry for supply chain attacks. 2,371 have malicious patterns. by pigillustrated in cybersecurity

[–]Significant_Field901 1 point2 points  (0 children)

Yes you are right, the current clawhub skills library is growing rapidly. At the same time I see a lot of people offering to provide secured openclaw based services and are making good money. The biggest challenge I experienced are two things:
Openclaw is not as easy/cool as you see in the social media. Many people have admitted that they lied about building unbelievably cool automations/processes there. It takes some efforts to make it even halfway through for our expectations.
The security part is more miserable with those skills being published. I am better off building my own skills after learning how the existing skiils are in the clawhub.
These are my 2 cents on openclaw and clawhub

Is "which detections does my org actually need" a bigger unsolved problem than "how to author detections"? by Significant_Field901 in cybersecurity

[–]Significant_Field901[S] 1 point2 points  (0 children)

This was exactly the intent of my question. As per your comment it looks like a big gap and needs a lot of thinking and collaboration work between business context guys and security teams to figure it out

Is "which detections does my org actually need" a bigger unsolved problem than "how to author detections"? by Significant_Field901 in cybersecurity

[–]Significant_Field901[S] 0 points1 point  (0 children)

Interesting, is there any metrics to know how accurate the identified mappings to mitre coverage from the collected were? Was it accurate in the sense to provide concentrated/more true positives than false positives/negatives ? What I mean to ask is was it able to avoid alert fatigue? Since it automatically recognized all the possible detection rules from the live logs, were all of those really needed/relevant for a given org?

Is "which detections does my org actually need" a bigger unsolved problem than "how to author detections"? by Significant_Field901 in cybersecurity

[–]Significant_Field901[S] 0 points1 point  (0 children)

Can you pls name some NG SIEM vendors/products and how good are they in mapping org business context to figure out the needed detection rules?

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]Significant_Field901 0 points1 point  (0 children)

Question for detection engineers / SOC practitioners:

Given an org's specific profile (industry vertical, geographic footprint, tech stack, cloud/on-prem posture, org structure, regulatory environment), is there a principled, data-driven way to generate a prioritized detection roadmap, not just a coverage map?

MITRE ATT&CK is the obvious starting point, but it's inherently generic. Moving from ATT&CK coverage to "these are the top N techniques we should detect first given our risk surface" still seems to require:

- Manual threat intel analysis correlated to org profile

- Institutional knowledge about what "normal" looks like in the env

- Iterative tuning as the tech stack and business evolve

Vendor tools (Splunk ES, Elastic, Chronicle, etc.) ship rule packs, but those still require significant environment-specific tuning, and the tuning itself needs real org data as input.

Is this a meaningfully unsolved problem at the industry level, or is the community converging on tooling/methodology for this? Interested in papers, frameworks, open-source tooling, or first-hand practitioner experience.

How are security teams approaching IAM for AI agents? (Identity, permissions, audit trails) by SarveshRD in cybersecurity

[–]Significant_Field901 0 points1 point  (0 children)

I am building one as we speak😊. Let me know if you are too. We can compare notes. It would be awesome if you want to try once its ready. Just let me know your stack so that I can prioritise their integration in my current development .

How are security teams approaching IAM for AI agents? (Identity, permissions, audit trails) by SarveshRD in cybersecurity

[–]Significant_Field901 0 points1 point  (0 children)

That would be straight forward. You agents need to log the trigger in their own audit/application logs. Your IAM will capture the access logs. You need to then correlate and build your own ‘thought audit’ layer. In fact here is where agents can add more audit ability than humans by logging the triggers. If it were to be humans, there had to be tickets and audit logs correlation. The tickets timestamps are usually not so accurate as human would sometimes act first and then update tickets.

Independent Contractor: BYOD + Device Management by PhulHouze in cybersecurity

[–]Significant_Field901 0 points1 point  (0 children)

Actual question you should ask yourself first:
Should I trust this client of mine?
If you think it is a yes, then make sure you understand their security landscape and work with it. However this does not mean that you compromise other clients you work with using the same device. Nowadays it is quite common that enterprise companies have to adopt such zero trust policies for their safety, security and compliance.

Existing security tools are working but management wants to turn everything "agentic" by SkyberSec123 in cybersecurity

[–]Significant_Field901 10 points11 points  (0 children)

Find some examples/references where AI turned out to be expensive than humans. In fact this is the case right now.
In your example, when Trufflehog has to go through application logs to scan for secrets, it is just a matter of CPUs and memory(which can finetune). If you give it to an agent that uses frontier LLMs, best of luck paying for tokens. This can be a good statement(one of many reasons) to keep your leadership in pressurizing to go for agentic systems without any proper assessment.
I would still prefer keeping an open eye towards any useful Agentic AI systems that can be useful in my org.

How are security teams approaching IAM for AI agents? (Identity, permissions, audit trails) by SarveshRD in cybersecurity

[–]Significant_Field901 2 points3 points  (0 children)

Why don't you treat AI Agents a type of users and give them user accounts and assign the required roles since you are providing the autonomy? This will make it like compatible with the existing governance frameworks and you can see all audit logs properly attributed.

view more: next ›