Cortex XDR (formerly Traps) replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.
N/A
ReliaQuest GreyMatter
Score 10.0 out of 10
N/A
ReliaQuest offers Open XDR-as-a-Service via ReliaQuest GreyMatter, a cloud-native Open XDR platform that brings together telemetry from any security and business solution—on-premises, in one or multiple clouds--to unify detection, investigation, response and resilience. ReliaQuest combines technology and 24/7/365 security expertise to give organizations the visibility and coverage they require to make their cybersecurity program more effective. ReliaQuest, headquartered in Tampa, boasts hundreds…
Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it.
Our company generates more than a terrabyte of log a day and it can easily go above 2 TB a day. We were using out of the box SOC Solution from splunk to manage our SOC. We lacked the know how of using splunk and also lacked the staff to keep the product up to date to help us tackle the latest threats. We outsourced our SIEM/SOAR service to RQ and they helped us with creating new use cases which addressed the latest threat to our organization. RQ has people who research the latest threats and helps us keep up to date on the day-to-day security operations. RQ also helps with data onboarding if required. So we would recommend RQ to customers who are short-staffed and who lack personnel who could research security threats to keep your organization safe from threat actors.
Some Analysts are relatively fresh to SOC. They sometimes get put into supporting large infrastructures.
RQ has a ton of correlation searches that they use to provide end-to-end visibility. Most of them can be restructured to get the same results and this can reduce the number of correlation searches.
Cortex XDR does a very good job of blocking suspicious and threatening items. However, as with all software of this nature, it will sometimes block known-good items. The difficulty is in manually whitelisting these known-good items. The interface to whitelist is confusing even for a seasoned IT professional and has been the single most frustrating experience of using Cortex XDR
The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.
Traps is the slickest interface, easy to use and intuitive rule making, and the rest just didn't quite stack up to the performance level of Traps. McAfee and Kaspersky just hog processor and RAM power. I didn't like the interface and functionality of SentinelOne as much as Traps. Palo Alto really put a lot of time into the development of this software, and had some of the founding fathers of IT Security heading the development process. Can't beat that.
Reliaquest is vendor agnostic. They have a lot of correlation searches that they use to provide security for your organizations. Compared to other products we have tried we felt that they are the only company that is doing proper market research on the latest and greatest threat to our vertical and coming out with the latest methods to keep up to date. RQ also has a good leadership structure that we could rely on if we run into any escalations. Compared to other products that we tried they try to work with you holding hands trying to resolve your problems.
RQ's Greymatter content has enriched our SOC experience because we always felt Splunk's out-of-the-box use cases were not sufficient enough to provide end-to-end coverage.
RQ specializes in a lot of big data solutions so that we can rely on them to help us troubleshoot tasks and also make sure our security solutions are working accurately.
