Go to the profile of NOREX Inc.
NOREX Inc.
Serving IT shops for more than 35 years, NOREX continues to evolve as the growing needs of our members evolve.

FREE List of Tools to Crush IT Security Risks

Part 2 in IT Security Threats and How to Overcome Them

This list is made up of raw notes from one of our NOREX Member Roundtable Events. During a discussion about IT Security Threats the following list of tools and resources was compiled.

You will find notes on which tools work and which don’t. As you’ll see this isn’t a polished story it’s raw data in note form, that you can actually use! Everything written before was contributed by actual IT Professionals from real life experience.

Various security tools used and recommended

  • LogRhythm, yes it is OK
  • Vulnerability scanning = nessus
  • Nessus, yes for vulnerability scanning
  • Tenable Security Center (Nessus)
  • Fortinet products; Tripwire is being installed/configured
  • Priviledged access mgmt = Cyberark
  • We just installed DarkTrace (network monitoring). We also have Solutionary SIEM. Smantec Endpoint Protection.
  • McAfee with ePO at the desktop
  • We have Fortigate firewalls
  • Sophos active threat management (recommend),
  • F5 ASM, Rapid 7, WebSense, Cisco IronPort Email Protection
  • Network segmentation = VMWare NSX
  • I have heard Cylance is superb, but we don’t have it.
  • Malwarebytes, Bitlocker, TrustWave, AristotleInsight, etc.
  • Sumologic for network and application logging (SEIM type solution), AWS tools, Sonicwall firewall
  • We recently added Cisco FirePOWER to our Cisco ASA firewalls. It includes IPS, advanced malware protection and URL filtering. We also updated to Trendmicro OfficeScan ver 11 which includes ransomware protection. It worked great for us when it stopped some ransomware that started on a user’s system. In addition to the Cisco products I mentioned, we implemented two-factor authentication using DUO.
  • We are just starting with SumoLogic so too early to tell.
  • Shavlik (patching)
  • We are just implementing Splunk and Splunk UBA.
  • Privileged access mgmt = Cyberark
  • We also generally use Google Apps and discourage use of outlook but encourage use of the Browser, which can flag potential phishing, removes viruses or flags email for potential viruses.
  • We just installed DarkTrace (network monitoring). We also have Solutionary SIEM. Smantec Endpoint Protection.
  • We use Panda for A/V and Remote desktop access. Been very happy with them. Cost and effectiveness
  • McAfee with ePO at the desktop
  • Firewall/IPS/IDS
  • CyberArk also purchased ViewFinity which provides Elevated privileges so that non administrators can install approved apps
  • Sophos active threat management (recommend),
  • F5 ASM, Rapid 7, WebSense, Cisco IronPort Email Protection
  • Network segmentation = VMWare NSX
  • Malwarebytes, Bitlocker, TrustWave, AristotleInsight, etc
  • Barracuda Web security controls access to approved websites, limiting access to malicious sites and it has an agent that follows network devices on laptops.
  • We use Cisco Next Gen ASA for our firewall which includes an IPS. Also IronPort for Web Filtering and Malware Protection, Fortinet for our Application FIrewall and Trend Micro for Antivirus.
  • Cisco FirePOWER, OpenDNS, Trendmicro OfficeScan ver 11, DUO two-factor authentication.
  • Lansweeper for asset management.
  • Absolute is a good for self encrypting drives and a “low jack” agent for company assets.
  • Confidential data protection = Tokenex.
  • Palo Alto as IDS; Splunk for log aggregation and some pattern matching; Rapid7 Nexpose vulnerability scanning and Metasploit to validate a vulnerability; nmap to validate scans; local Qualys for web site scanning to suppliment network scanning or website and network from Whitehat and Qualys and SecureIdeas; DELL Secureworks as an MSSP; Wombat for Phishing.
  • Sophos Encryption on WIndows; Filevault on macs.
  • Shavlik (patching)
  • Wireshark, netflow, Nmap
  • Web app scanning = Burp suite pro
  • Also using Dell KACE for patching.
  • Splunk is working well at speed of search.
  • We’re using Symantec’s cloud-based Antispam solution for our Office365. Has worked very well for us.
  • We use GlobalRelay (cloud based), Kerio Control scanning at firewall, and Kaspersky for Exchange (as well as the Exchange client).
  • While I don’t like some facets of Kaspersky Endpoint, for Exchange it works well.
  • Symantec
  • Kaspersky Endpoint Security 10.
  • Symantec and Cisco FireAMP.
  • McAfee Endpoint Protection with the ePO Management Center.
  • MAx RM for end point protection.
  • We also use Malwarebytes with the management console.
  • MaxRm does 3rd party patching as well as windows, AV, and remote access.
  • To clarify we are using Symantec Hosted Endpoint (SEP) which is centralized.
  • We have 2 products on the workstation.
  • I believe PCI-DSS requires anti-virus be in place.
  • Symantec does not do well with Ransomware at all.
  • Here is a good resource https://ransomwaretracker.abuse.ch/blocklist/. It is constantly changing. We try to stay up on exploit kit gates as well.
  • System Center Endpoint protection works for stopping malware.

Data Loss Prevention tools

  • We currently use Symantec for DLP
  • Currently evaluating Varonis for DLP
  • Sophos for DLP and also Digital Gaurdian
  • Evaluating Varonis as well
  • RSA DLP
  • SIFT Workstation
  • Some of the tools within the SIFT workstation are free, while others are not.
  • Not free, Encase product line has the functionality we have not used that part though.

Make sure to follow us here on Medium for more!

Connect with us on social media at the links below!

Facebook

Twitter

LinkedIn