Security monitoring and cyber risk

Jorrit Folmer CISSP CCSP @jorritfolmer

Cyber Defense Engineering Consultant. Jorrit has implemented Security Incident and Event Management (SIEM) systems for government and financial SOCs. He is the author of several popular add-ons for Splunk Enterprise Security to onboard and process security-related data sources. He also gives regular talks on topics intersecting data analytics and security monitoring.

Carbanak+FIN7: MITRE EDR evaluations round 3

31 December 2021

What do the evaluation results and vendor marketing really tell you? A dive into Monday mornings, noise generators and end-to-end information loss.

Detecting APT29: MITRE EDR evaluations round 2

28 April 2020

Which EDR vendor detects most APT29 steps? Based on MITRE's set of EDR evaluation results, I used Splunk to analyze their data.

Comparing MITRE EDR evaluations results for APT3

15 August 2019

Which EDR vendor detects most APT3 steps? This is an analysis using Python and Splunk of the data MITRE published.