Top 8 Security Incident Response Tools
Carbon Black CB DefenseIBM ResilientFireEye HelixCarbon Black CB ResponseSecureworks Red Cloak Threat Detection and ResponseSECDO PlatformProofpoint Threat ResponseD3 Security
It is a very complete platform.
CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions.
This is a good solution that we recommend for customers.
The UBA, User Behavior Analytics, is very good.
It is kind of simple and very easily deployable. You can start working with it very fast.
I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good.
Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread.
The features that I have found most valuable are that the search capabilities are easy to use. The dashboards are good. The reports are good. It is just simple from a deployment standpoint - that was easy.
Technical support is great. Palo Alto is extremely helpful and responsive.
The ease of deployment is a valuable feature.
Support is very responsive.
It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so.
Advice From The CommunityRead answers to top Security Incident Response questions. 563,327 professionals have gotten help from our community of experts.
Hello security professionals, What is the main difference between these two terms in incident response: mitigation and remediation. Please share some examples, if applicable. Thanks,
Hi peers, I believe many of you have already heard of the recent Log4j/Log4Shell vulnerability that allows attackers to perform remote code execution (RCE). What does it mean for an organization? How can you check you're vulnerable and mitigate/patch it now, if at all? Lastly, what impact do you see this can have in the near future? Thanks
Hi community, I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it. Thanks
Hi, When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?
Hi dear community, Can you explain what an incident response playbook is and the role it plays in SOAR? How do you build an incident response playbook? Do SOAR solutions come with a pre-defined playbook as a starting point?