Planned Site Maintenance
Due to scheduled maintenance, account creation for new Community users will be unavailable 11 a.m. Eastern October 23, 2020 – October 24, 2020. We apologize for any inconvenience.
I have been tasked with preliminary security product/service research for our organisation
Environment: Not-for-profit, MS shop, some cloud services (SaaS, IaaS), 500 staff.
Request: product/[cloud] service recommendations for the following:
Automated user access registration & de-registration
Automated user access review process
Network capacity monitoring
Privilege Access Management
Core interest right now: 3, 4 and 6
Apart from price, ease-of-use, ease-of-management and quality of tech support should be factored into any recommendations. Although of course I will do the grunt work, I would like to narrow the field so I can have targeted conversations or demos with a few vendors as opposed to a lengthy process of elimination. TL;DR: if you've used it and you like, tell me about it! And yes...open source solutions are welcome!
there are tons of open source solutions. For SIEM I would look at using elasticsearch. It may not be as robust as other solutions but it works and it captures all of the data we need. Use that in combination with Zeek, Suricata, Auditbeat, Filebeat you collect tons of data and can create useful dashboards. --
Re: Recommendations for Security Products/Services
For a vulnerability scanner, OpenVAS is still very good. I've automated mine even in a cloud infrastructure environment, so that it pulls all our latest infrastructure data (from AWS) builds the target list, and runs a scan every week. Even posts the report to our Confluence system. If you ever need to move up for scale or to get more support, etc. Greenbone has a paid service as well, and they have hardware for sale that is much more efficient than a standard system.
What kind of privileged access are you looking to manage?
Lastly, I agree on ElasticSearch. It sin't an out of the box SIEM, but it has a huge amount of flexibility, and you can put it to many great uses. You'r network capacity item could be addressed using metricbeat on the systems, though you may need something on router hardware, if you use it. I would personally reccomend Zabbix, if you need a SNMP type device for routing hardware.
On 1 and 2, if you find something, please let me know. I am in the process of writing scripts to pull audit of all our SaaS accounts. We're a cloud native business, and have dozens of SaaS products in use. I've looked at a couple Directory as a Service and other IAM type solutions, but everyone has let me down.