Peer-Driven Insights

Threat Intelligence & Incident Response

Active Ambassadors in This Topic

Chris Oehlerking

Chris Oehlerking

Honeywell

Manufacturing, 1k - 5k

United States
Joseph Doyle

Joseph Doyle

Okta

Software, 5k - 10k

US
Vanshul Chawla

Vanshul Chawla

Nielsen

Software, 10k+

IN
View All Community Ambassadors

Community Posts

What tools/services do you use for CTEM (continuous threat exposure management)?

Read More Comments

Employee Count and Licensing Usage:

- What is your employee count?

- Do you use Microsoft E3, E5, or a variation (e.g., E3 + Security E5)?

- Do you rely only on Microsoft EOP and/or Defender for O365 for email protection? If not, what other product(s) do you use (e.g., Proofpoint, Abnormal)?

Read More Comments

Does anyone have experience or feedback regarding use of Wazuh as a SIEM, specifically for a small (~50 person) company and with all infrastructure in the public cloud?

Read More Comments

How often do you scan for vulnerabilities in production?

We have consistent real-time scan visibility.18%

Once a day29%

Once a week25%

Once a month14%

Once every 6 months2%

Other (Comment below!)10%

View Results

I'd like to better understand industry standards for the number of P1 and P2 incidents for a retail company. Would any of you know where I could find these standards?

Any examples you can share of effective use cases for threat intelligence beyond cybersecurity? Have you had success applying threat intelligence beyond IT/cybersecurity to increase its ROI or better justify that investment?

Read More Comments

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Read More Comments

Any recommendations you can share for evaluating or implementing AI-driven network detection and response (NDR)?

Read More Comments

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

Read More Comments

With so many different cybersecurity solutions, how do you ensure the tools talk to one another?

Use vendor integrations41%

Fragmented ecosystem62%

Utilize in-house staff41%

Other (comment below)1%

View Results

London Borough of Hackney has been struggling to recover from a ransomware attack that happened back in October 2020, noting that it could be up to a year before their technologies are back to normal. How long did it take your organization to fully recover from your last attack?

1-2 weeks13%

3-4 weeks52%

1-2 months13%

2 months +9%

Other (Comment below)11%

View Results

How are your companies addressing Insider Threats?

What sorts of advanced threat detection tools would you recommend for monitoring multi-cloud environments?

Read More Comments

If your org’s implemented threat intelligence software, how do you measure its ROI? What key metrics do you track to assess its impact on overall posture?

How does network detection and response software (NDR) impact your org's reliance on other solutions for endpoint protection or SIEM?

Read More Comments

Any tips on optimizing incident response for cloud under the shared responsibility model? How are you managing third-party access and visibility effectively?