Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Ask The Experts

10/14/2019
07:00 AM
Edge Editors
Edge Editors
Ask the Experts
50%
50%

Can I Get More Mileage From My Existing Security Tools?

Some points to consider before you break open your wallet.

Question: How do I know whether I can get more mileage from my existing security architecture before deciding to spend on new tools?

Kevin Gosschalk, CEO at Arkose Labs: Start by ensuring your organization doesn't have any easily solved vulnerabilities. This is where things like bug-bounty programs come into play because they are really good at finding the low-hanging fruit.

The goal is to make it more expensive for attackers by moving the attack surface as far out to the perimeter as possible, making it more expensive for attackers to go after your company. Raising the bar of entry requires your firewalls are properly configured and staff are following policies around email and other user behaviors. 

If you're still unsure, consider reaching out to the solution provider to see whether the tools you already have can be leveraged to address problems before investing in new tools. It might just be a matter of proper configuration. I've seen companies that buy three of the same tools on top of each other. Don't let that be you.

What do you advise? Let us know in the Comments section, below.

Do you have questions you'd like answered? Send them to [email protected].

 

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
tdsan
50%
50%
tdsan,
User Rank: Ninja
11/21/2019 | 1:53:26 PM
There are a number of things

What do you advise?
  1.  Start looking into moving to IPv6, it gives users the abilityt to configure IPSec VPN AES256 connections to remote sites
  2. Enable SELinux on Centos/RHEL machines because of its ability to monitor filesystem, user, ports, network, applications and access to your system, most people have turned it off because the understand the power of it. NSA helped to develop it to thwart attacks
  3. User can utiize PfSense, this is apowerful security solution that gives users the ability to monitor, thwart network traffic (it allows the user to configure IPS/IDS, Network Monitoring, FW, routing, DNS which can all be done by configuring it on a virtual machine (free)
  4. Utilize UFW (Uncomplicated Firewall) along with logwatch, logwatch reviews the traffic from the Linux machine by extract log information and UFW blocks the traffic, we have found that UFW has blocked China, North & South Korea, Iran, Iraq locations
  5. Setup a honeypot and see what happens with the traffic accessing the network
  6. Confgure your cloud environment using a multi-layered approach (subnets) where Zone 0 (DB, Zone 1 (admin), Zone 2 (user), Zone 3 (DMZ) and Zone 4 (Internet), this can be done using Terraform, PowerShell or Python coding tools. Also, remove the public ip address from the machines that are not part of the DMZ or Internet. You could put your web traffic in the DMZ and isolate only certain ports where the SIEM (PfSense, Cisco, PaloAlto) can idenfity and mitigate that traffic
  7. Finally, if you a regional organization or national organizaiton, then add ACLs to block entire countries especially if the organization is not doing business in that country.
  8. Develop a relationship with certain vendors who have incorporated AI/ML in their mix of products, this will help the end-user make decisions even with a skeleton evening crew.

Todd
The Edge Cartoon Contest: You Better Watch Out ...
Flash Poll