cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer III

Recommendations for Security Products/Services

Hi!

 

I have been tasked with preliminary security product/service research for our organisation

Environment: Not-for-profit, MS shop, some cloud services (SaaS, IaaS), 500 staff.

 

Request: product/[cloud] service recommendations for the following:

  1. Automated user access registration & de-registration
  2. Automated user access review process
  3. SIEM
  4. Vulnerability Scanner
  5. Network capacity monitoring
  6. Privilege Access Management

Core interest right now: 3, 4 and 6

 

Apart from price, ease-of-use, ease-of-management and quality of tech support should be factored into any recommendations.  Although of course I will do the grunt work, I would like to narrow the field so I can have targeted conversations or demos with a few vendors as opposed to a lengthy process of elimination.  TL;DR: if you've used it and you like, tell me about it!  And yes...open source solutions are welcome!  

 

Thanks in advance!

2 Replies
Highlighted
Newcomer I

Re: Recommendations for SIEM

there are tons of open source solutions. For SIEM I would look at using
elasticsearch. It may not be as robust as other solutions but it works and
it captures all of the data we need. Use that in combination with Zeek,
Suricata, Auditbeat, Filebeat you collect tons of data and can create
useful dashboards.
--

*Branden Wagner*
PureIntellect.Com
branden@pureintellect.com
Highlighted
Contributor I

Re: Recommendations for Security Products/Services

For a vulnerability scanner, OpenVAS is still very good.  I've automated mine even in a cloud infrastructure environment, so that it pulls all our latest infrastructure data (from AWS) builds the target list, and runs a scan every week. Even posts the report to our Confluence system.  If you ever need to move up for scale or to get more support, etc.  Greenbone has a paid service as well, and they have hardware for sale that is much more efficient than a standard system.

 

What kind of privileged access are you looking to manage?

 

Lastly, I agree on ElasticSearch.  It sin't an out of the box SIEM, but it has a huge amount of flexibility, and you can put it to many great uses.  You'r network capacity item could be addressed using metricbeat on the systems, though you may need something on router hardware, if you use it.  I would personally reccomend Zabbix, if you need a SNMP type device for routing hardware.

 

On 1 and 2, if you find something, please let me know.  I am in the process of writing scripts to pull audit of all our SaaS accounts.  We're a cloud native business, and have dozens of SaaS products in use.  I've looked at a couple Directory as a Service and other IAM type solutions, but everyone has let me down.