Educause Security Discussion mailing list archives
Re: Tool and Software Suggestions
From: "WALSH, BRENDAN" <bmwalsh () KENT EDU>
Date: Mon, 19 Nov 2018 22:23:17 +0000
I'm sure a number of responses will mention Splunk - in my mind, it's the best IT investment we have made. There is a learning curve to it, but when it comes to log collection and correlation, Splunk is the best tool on the market. You can probably start small (~10GB/day?) and grow from there - licensing is a little pricey and determined by your anticipated daily log volume. You'll want to collect authentication logs (network authentication as well as application authentication) and AD events first and foremost. If you have a faculty/staff/student portal, like Ellucian Luminis, go ahead and grab activity logs from there too. That should give you a good baseline for being able to monitor account activity - particularly for compromised accounts. If you're part of Internet2, you and your staff can take the Splunk Power User training course at no-cost (https://www.internet2.edu/news/detail/11515/) As you get rolling, Splunk could help with some of the other categories you mention as well. Cheers - and best of luck in your endeavors! -Brendan Brendan Walsh, MBA, CISSP Manager, Security and Access Management Kent State University 330-672-8551 [1499691309012_I4E-Bronze.png] [https://acclaim-production-app.s3.amazonaws.com/images/5e6f5247-1d61-4932-a5da-999a7feec067/isc2_cissp2.png]<https://www.youracclaim.com/badges/4d9a35f4-6e94-40e1-ac27-4a784618330c/public_url> ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Justin Hensley <justin.hensley () UCUMBERLANDS EDU> Sent: Monday, November 19, 2018 4:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Tool and Software Suggestions Hello All: The Office of Information Security here at University of the Cumberlands was just opened this past spring and I moved from an operational IT role to Director of Information Security. I have a new budget available to my office for the first time, and I’m working on getting budget numbers together. I’m hoping that members of this group can suggest some tools and software that you use in your infosec office that is invaluable to you. I’m primarily looking to start in the categories of vulnerability assessment and penetration testing, identity and access management monitoring (we’re an Active Directory shop), and patch configuration and management. I’m aware of many tools and software packages in the market, but I’m always finding new ones by reading posts in this listserv so I’m hoping this will help me and others also. Thanks. Justin O. Hensley, CEH, CISSP University of the Cumberlands Director of Information Security Division of Information Services Gatliff Administration Building | Lower Level | Room 008 104 Maple Street, Williamsburg, KY, 40769 606.539.4197 Office | 606.539.4144 Fax justin.hensley () ucumberlands edu<mailto:justin.hensley () ucumberlands edu> www.ucumberlands.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ucumberlands.edu%2F&data=02%7C01%7Cbmwalsh%40KENT.EDU%7C88c66a5a81cb49b099f408d64e69933f%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1%7C0%7C636782612681274111&sdata=naZ06tLnlf3zOEpzJ6pK24m5dPdYHjOrY1g4%2FD3qSx8%3D&reserved=0> CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you.
Current thread:
- Tool and Software Suggestions Justin Hensley (Nov 19)
- Re: Tool and Software Suggestions Semmens, Theresa (Nov 19)
- Re: Tool and Software Suggestions WALSH, BRENDAN (Nov 19)
- Re: Tool and Software Suggestions Hagan, Sean (Nov 19)
- Re: Tool and Software Suggestions Camacaro Latouche, Jose David (Nov 20)