Home Page Forums Attendees & Members Your Toolkit

  • Michael

    Member
    November 16, 2020 at 22:25

    So all of us work in security in some shape or form; anywhere from c-level executives to the junior security person. One thing I was hoping to learn from Security Congress is what other people are using that makes their life easier or better. What is the one tool you just think everyone should have. This could be anything from an ACAS scanner, McAFee Host Base Intrusion, Solarwinds for monitoring, splunk, or something that follows ITIL and makes compliance easier. I was hoping to see some of these companies on hand to show us the latest security products they are offering. This way we might learn of something new that we can take back to our own companies or industries. I’ll post my response below as well. So grab a drink and lets have some fun

  • Wade

    Member
    November 16, 2020 at 22:52

    Hard to pick a single tool. Given user training (or lack of) these days I offer two suggestions:

    – Cisco Umbrella DNS

    – Malwarebytes

    But Fortinet firewalls deserve an honorable mention at least!

    • Michael

      Member
      November 17, 2020 at 13:50

      Malwarebytes is a great product! Any time I work with a small business that has a limited budget I recommend it to them as a good way to help protect their local machines.

  • John

    Member
    November 16, 2020 at 23:30

    One tool we’ve recently implemented as part of our Privileged Access Management (PAM) initiative is Thycotic’s Secret Server Cloud product. It makes managing and auditing the use of privileged accounts much easier. Users have access to privileged accounts without ever having to know the password, and password rotation is easily accomplished which helps eliminate “pass-the-hash” vulnerabilites associated with cached hashes of privileged accounts.

  • Michael

    Member
    November 17, 2020 at 02:15

    I really can’t recommend Bomgar by BeyondTrust enough. It has not only allowed my help desk to provide better support to our customers. It has opened doors for our engineer group to better manage servers across our enterprise. It allows us to control access easier and also shutdown RDP ports.

    ACAS is amazing as well for reporting vulnerabilities but I really wish I could see some better patch management automation tools.

    Right now I am trying to find a good KMIP server to help manage encryption of some appliances.

  • Michael

    Member
    November 17, 2020 at 13:18

    There are five tools we use on a non-stop basis. They are worth every penny you will spend on them:

    CrowdStrike

    ProofPoint

    Ivanti Management Suite (specifically application blocking/patch management)

    Cisco Umbrella

    LogRhythm

    We have deployed all of these tools over the last five years. Just finished a Pen Test and five day Purple Team exercise. These products performed without issue and make us sleep so much better every night.

    • Theresa

      Member
      November 17, 2020 at 13:41

      I’m glad to hear the Crowdstrike review. We are currently evaluating them as a replacement for a competitor.

      • Michael

        Member
        November 17, 2020 at 15:24

        I can not explain how easy it was to introduce Crowdstrike into our organization. We also subscribe to Overwatch, which is a real person looking at our network 24/7 since we have to sleep. If something is noticed they contact us. Additionally, no matter what network connection your user/system is on you will have remote access to it so you can shut down any attack and gather data in real time.

    • Michael

      Member
      November 17, 2020 at 13:42

      What level of the Umbrella product do you use? Haven’t done a deep dive, but find the reporting tough to really dig easily – may just be me. “another Michael”

      • Michael

        Member
        November 17, 2020 at 15:29

        We currently have Umbrella DNS Security along with Essentials. We have a web proxy on site, and got interested in off network proxy solution based on transitioning the workforce to work from home. Its been very effective as of today.

    • Michael

      Member
      November 17, 2020 at 13:55

      Those all look really awesome! LogRhythm really caught my eye. Working for the DoD we are kind of limited to what big brother pushes down onto us sometimes. So we are sometimes forced to use their tools. Right now my organization is really struggling with information overload and trying to parse that data in one location and get the important information quickly. PatchManagement I often wonder if we are the only ones struggling with! So many zerodays causing us to rush to fix todays newest big issue.

      -Yet Another “Michael”

      • Michael

        Member
        November 17, 2020 at 15:35

        You really have to send time with LogRhythm to tailor it for your business. Its extremely powerful, but of course if you can not find a way to block the “noise” then it does generate a lot of false alarms. We have had the product for two years, and are continuously tweaking it. We recently had a five day purple team exercise, and it was an wonderful way to tailor/test our definition algorithms in the SIEM. Its like most of SIEMs in my experience you get out of it what you put into it.

  • Wade

    Member
    November 17, 2020 at 16:45

    Anyone used / heard of this solution? I am considering giving it a chance.

    https://www.fortify24x7.com/

  • Brent

    Member
    November 17, 2020 at 17:10

    The most valuable tool I’ve used in the past year is also built into every Windows installation: Powershell. Not because it provides any security directly, but it can be used to get system status at a large scale and compare it to known good or historic values so you can gain assurance that your security infrastructure is continuing to operate the way it’s supposed to. I use it to audit Active Directory accounts (what took hours now takes seconds), antivirus, business critical processes, and we’re rolling it out to monitor metrics and KPIs with our other security tool environments.

    As we become more adept with it, we plan on dumping various information to a database to start a dynamic inventory management system and service catalog. We use our ticketing environment (Jira) as the front end of the monitoring system so aside from the ~30 line script I wrote to sanitize and format data to meet hypertext standards, we avoid design headaches.

    Qualys has been an eye opener, though it’s a bit cumbersome at first; I highly recommend the agent for servers instead of a network vulnerability scan. Also, I’ll second the Fortinet environment. Rock solid for us at great prices.

    • Michael

      Member
      November 17, 2020 at 18:50

      I know for our team Powershell is under utilized and I don’t think we realize how powerful it is. Do you have any resources you found useful for learning Powershell or places where you can find scripts others have built? It would be nice to see how others are using it in large scale operations.

      • Fabian

        Member
        November 17, 2020 at 20:57

        I use PowerShell to get systems inventory both hardware and software. I have been self taught by browsing the net to when I want to try different things. The scripts I have built pull AD information such as OS version, last used, userid, system serial number, monitor(s) serial number, IPs, software installed, version, updates installed,etc. PowerShell has been more reliable than other methods such as SCCM or BigFix to obtain the same information. I have also used PowerShell to perform data backups and install software.

      • Brent

        Member
        November 18, 2020 at 19:13

        There are two best resources for leveraging Powershell: a problem and motivation to solve problems or at least a desire to embrace automation. And the former is, oddly enough, more important because you will learn new tricks as new problems present themselves. Technical resources are all in the standard places: stack overflow, Microsoft documentation (helpful, believe it or not), random blog posts from talented experts, etc. You don’t need a high degree of sophistication (we’ve gotten to the point of manually executed build scripts, but CI/CD is daunting) to make a useful script as long as you have a few key elements to solving your problem: the problem itself, the desired outcome, the input you’ll need and how you, the user, will make sense of the data being provided.

        As another example, we had to use Powershell to manually disable a certain AV product in the Windows Security Center because it failed to do when uninstalled, leaving the configuration that the new product relied on to avoid realtime AV scanning conflicts.

  • Alexander

    Member
    November 17, 2020 at 17:10

    Where many of the tools listed are capable in some form or function, it does come down to what requirement are you trying to secure. The organization, within the Department of Defense, I support just made the investment in Extrahop Reveal(x), enterprise version. I will say if you are not aware of all the layer 2 through 7 traffic on your network then your in for a big surprise. We still have much to discover and looking forward to every minute of it.

  • Louisa

    Member
    November 17, 2020 at 21:51

    Thanks, Michael, for kicking off this discussion. My focus is tech risk management, which means oversight over are the tools configured correctly to forestall pentest and and code review findings. Any comments, folks?

  • Kent

    Member
    November 17, 2020 at 22:08

    Carbon Black is another great option for endpoint security.

    Non-related to this thread – really wild to see all of the Michaels that are not the same person on this thread. Perhaps should append a number to our name for unique engagement in the future. 😉

    • Michael

      Member
      November 18, 2020 at 14:01

      I Claim Michael (#1), haha

    • Michael

      Member
      November 18, 2020 at 15:27

      As a Michael I feel that I am qualified to speak for all Michaels. We are used to being in a room and dominating the name space. So when someone says our name we just all turn around, it’s normal for us and we’ll all answer the question even if it wasn’t directed towards us personally.

      Oh and we appreciate everyone spelling it correctly AEL not EAL! lol

      • Wade

        Member
        November 18, 2020 at 16:00

        rofl this comment is classic

      • Michael

        Member
        November 18, 2020 at 17:33

        Yeah, what’s with the spelling issue anyway?! I have never met a Michael who spells it EAL and yet nearly every time someone is writing down my name during a conversation they ask “is that AEL or EAL?”

    • Michael

      Member
      November 18, 2020 at 15:35

      For fun… Agree with Michael – love dominating the name space!

  • Ronald

    Member
    November 18, 2020 at 15:32

    For me – this year was my first use of EventTracker in an Azure environment and I have been very happy with it.

Log in to reply.

Original Post
0 of 0 posts June 2018
Now