Pros' picks: 5 must-have security tools

Trusted IT security gear protects data, authenticates users, and monitors systems for suspicious events

5 must-have security tools
Philip Grabowski, Ziv Maor and Yagnesh Patel

New York’s Montgomery County, located at the foot of the Adirondacks, consists of 10 towns, one city and 50,000 residents. To protect the data that pertains to its citizens and operations, Montgomery County added DatAdvantage from Varonis to its arsenal of security wares. The data security platform is designed to show organizations where sensitive data exists, who is accessing it, and how to keep it safe.

“This system captures activity from Active Directory and Windows system logs, tracking everything from user sign-on to file manipulation. It then presents this information in an easy-to-use dashboard with advanced reporting options,” says Gregory Oliver, senior network systems administrator for Montgomery County.

DatAdvantage “has helped us recover a massive amount of data that a user inadvertently moved; helped us track down a rogue device that was signing in on behalf of a user; and helped us uncover a situation where a user was unknowingly saving potentially confidential data to a non-secure area,” Oliver says. “While most of this information could have been found with a few weeks of manual inspection, running a five-minute scan and report process to get the same result has already saved us thousands of dollars in payroll.”

Oliver shared Montgomery County’s experience with DatAdvantage as part of Network World’s annual Fave Raves project, which asks IT pros to talk about their favorite enterprise tech products. This year, a number of IT pros chose enterprise security products as their favorites. (Related: 31 tech pros share favorite IT products).

Vectra’s cybersecurity platform won over Daniel Basile, executive director of the security operations center at Texas A&M University System.

“There are very few tools that allow you to distil cybersecurity event information to a level where a tier-1 analyst can make a meaningful decision with the information presented to him within five minutes,” Basile says. “If the tool can do this without agents, without signatures, and without logs, many people would claim disbelief. With Vectra, we are able to obtain this.”

The effectiveness of Vectra has allowed Texas A&M University System to monitor its system network and run a security operations center with an extremely small staff. “We are able to leverage student workers with an affinity for cybersecurity to act as our tier-1 analysts. This turns our titled tier-1 individuals effectively into tier-2 analysts,” Basile says.

Philip Grabowski also raved about a security product that college students are learning to handle. Grabowski, who is an IT, network, and security forensic instructor at Pittsburgh Technical College, shared his experience with Paessler’s PRTG network monitoring software.

“Within minutes you can begin monitoring your network and get a visual on the topology. Immediately you can start researching problems on your network and fix them,” Grabowski says.

“I use PRTG in a botnet lab to show students an attack from a Low Orbit Ion Cannon (LOIC), which creates a denial of service on the domain controller. We are also monitoring traffic in the botnet lab to detect if client machines are downloading torrents,” Grabowski says. “Students get hands-on experience using the product in the classroom without fear of harming a production environment. This provides confidence in the product in the field.”

PingIdentity’s PingID multi-factor authentication impressed Yagnesh Patel, global infrastructure and operation manager at Sungard Availability Services.

PingID multi-factor authentication (MFA) is a ‘strong’ authentication solution that enables users to authenticate to applications using multiple factors. It provides the perfect balance of user experience and security,” Patel says.

“With Ping ID MFA, our team was able to enable our employees to seamlessly and securely authenticate to SaaS applications via a swipe on their phone, biometrics on their phone, or via a one-time passcode delivered by voice and SMS. Our IT team was also able to remove the existing RSA token solution, which was hard to administer and required expensive hardware tokens that need to be issued, shipped, revoked and maintained.”

For Ziv Maor, chief information security officer at Cellcom Israel, the Demisto Enterprise incident management platform is a must-have security product.

“Demisto allows me to utilize my resources and my security products. By automating many of the security operations’ tasks, and by following well-defined playbooks and managing the cases for me, Demisto Enterprise allows us to do a lot more,” Maor says. “Demisto orchestrates and automates the products and the procedures.”

Two other IT pros also cited DatAdvantage as a favorite: Roger Cotrofeld, information security and compliance officer for Tompkins County, New York, and Chris Bohlk, information security officer at Pace University in Briarcliff Manor, N.Y.

“DatAdvantage has helped us immensely in managing and securing our infrastructure. Just a few examples are finding stale objects in Active Directory, stale data filling our enterprise storage, protected data on open shares, and spotting malware behavior and shutting down the offending account,” Cotrofeld says.

DatAdvantage has allowed Pace to locate its sensitive data, identify who has access to it, determine the data owner, and automate the process of reviewing and removing unneeded access, Bohlk says. “We are also able to detect anomalous user activity or events, including ransomware.”

Bohlk particularly appreciates the visibility DatAdvantage delivers: “Imagine driving slowly down a winding road in low visibility fog. Now imagine the fog immediately lifting and racing down a highway and seeing all the details and vibrant living colors during an ideal spring day.”

This story, "Pros' picks: 5 must-have security tools" was originally published by Network World.

Copyright © 2017 IDG Communications, Inc.