As an IT consulting firm, we have a bit of an edge over the general public in terms of understanding what toolsets are out there and what you should look for in a security offering. We have built a substantial partner network over the years that supplies both our firm as well as our clients with truly best-of-breed security tools.
As part of our cyber security solution suite, we help clients navigate the vast universe of cyber security tools and guide them on the best options for their specific needs. Inevitably during these conversations, we get asked “What do you recommend?”.
We have compiled a sample list of security tools and platforms that have served our small to mid-sized clients quite well over the years, helping them to maintain their security posture while continuing to enable and empower their internal and/or remote workforce.
And now for the tiny print… These tools have worked exceptionally well for our clients, but your security posture and needs will be quite unique to you. We recommend you first compile a list of your critical functionality and requirements before diving into platform evaluations to ensure the toolsets you select meet your unique needs now and for future growth.
Cyber Security Tools We Recommend to Manage your Security Posture
A good network security plan will have a combination of hardware and software solutions to meet your security needs. As a Cisco partner for over 20+ years, Emtec recommends Cisco’s product suite for secure employee access to internal systems and resources.
- Network Security Appliances - Network Security appliances provide centralized management of security and monitoring of potential threats for your company-wide network. Typical Network Security solutions are Firewalls, Network Switches, and software solutions. As an example, Meraki Network Security Appliances support several features including a firewall, an integrated Sourcefire intrusion prevention (IPS) engine, malware protection, cloud VPN, content filtering as well as high availability to ensure your network is secure.
- Firewalls - Firewalls are an essential first line of defense against hackers, trojans, spyware, viruses, and other nefarious threats. Today’s firewalls come in many flavors that can be tailored to your companies’ size and security concerns. A good choice for small to mid-sized firms is Cisco’s Meraki layer 7 "next generation" firewall, included in their MX security appliances. It includes an easy to use, centralized, web interface and gives administrators complete control over user access, content and applications on their network, while also monitoring traffic to maintain a solid perimeter of defense. For larger or more complex networks, we recommend Cisco’s 55xx firewall solutions in conjunction with additional hardware and software dependent on your needs.
- VPN Clients - A virtual private network (VPN) provides a secure encrypted pathway for communication between remote end user devices and your internal network, over a public network. Good options include Cisco’s Any Connect VPN Client for Cisco 55xx firewall users and Windows built-in VPN for Meraki users.
- Web Application Firewalls - If your website is hosted by an outside firm, we recommend you protect your website with an application firewall to ensure that visitors can only connect to the site and your services securely. This provides you with more control over your website security even when hosted externally. Check with your website hosting provider for security add-on options. If already enabled, it is a good idea to periodically check your settings. If you are hosting your site internally, websites are one of the top exploitation points that hackers use to infiltrate your network. For internally hosted websites, you may want to consider additional security beyond your network firewall by installing a web application firewall as well.
Your business demands a network that provides peak application performance and a quality user experience. Aryaka provides fully managed and integrated SD WANs, “as a service” in the cloud for secure global connectivity. This is an excellent option for interconnecting branch offices while preserving network performance. Replacing a MPLS WAN with a managed SD-WAN can provide big benefits including:
- Eliminating dependence on a single MPLS circuit or requiring a complex and/or costly failover plan. The SD-WAN appliance both load balances between circuits and seamlessly fails over if one of your internet connections fail.
- New office locations and relocations don’t have to be a nightmare with 90-120 day wait times for circuit installations. Implementing a SD-WAN with a dedicated internet circuit generally takes no more than 30 days. The solution also works very well over less-expensive Asynchronous circuits that be installed even faster.
- Reduced cost via utilization of existing internet connections you have already budgeted for.
LibreNMS Live Monitoring and Alerting System is a full-featured, open source network monitoring system utilizes SNMP (Simple Network Management Protocol) which helps IT teams monitor the performance and security of their network. LibreNMS provides automatic discovery of network components, live end point and IP monitoring for uptime/downtime, capacity management, detailed logs, and customizable alerts. It supports virtual machines on VMWare as well as integration with Android and iOS apps. With experienced configuration, this can be a great free tool to employ to ensure proper record keeping for compliance audits.
Mobile Device Management
Microsoft O365 MDM and Intune are two excellent options for streamlining and automating the deployment, provisioning, policy management, application delivery and device updates for your mobile devices (IOS, Android, Windows, and macOS). If a device is lost or stolen, no problem. You can remotely wipe the device to remove sensitive organizational information. These tools also come in handy for notification management for Business Continuity Plans in the event of a crisis.
For unified endpoint management, we recommend Manage Engine’s Desktop Central. Desktop Central is a desktop and mobile device management solution that helps your IT administrators easily manage the plethora of servers, laptops, desktops, smartphones, and tablets from a centralized repository. It provides tools to remotely manage software deployments, policy updates, patch management, asset management, configurations, as well as remote desktop sharing to facilitate issue resolution. They offer four different levels of functionality for SMBs through to large Enterprises.
Cyber security threats continually morph and evolve. Securing the volumes of endpoints or end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious cyber security threats is vital. Endpoint security systems include traditional antivirus software, firewalls, and web protection as well as newer integration of machine learning and automation technologies that provide additional threat prevention and protection against more sophisticated ransomware, malware and zero-day threats. McAfee provides a nice option in their McAfee End-Point Security toolset with drive encryption.
Poorly coded or maintained applications are another top entry point that hackers exploit to gain access to your systems. Internal custom-built applications with bad code, packaged applications lacking critical upgrades, or insecure third-party components integrated into your systems can be infiltrated. Emtec’s partner, Veracode, offers a suite of tools that help organizations safeguard these types of applications.
Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing protection against zero-day threats and SafeLink functionality. It also provides powerful data classification tools for information across your network, SharePoint, OneDrive and email environments to help ensure against data breaches and data loss.
- Microsoft Outlook / O365 / Office 365 - Phish Alert Button - While not a security toolset, this Outlook add-in empowers users to instantly report phishing or suspicious emails to your IT Security team that may have gotten through quarantine rules and other email defenses. Once reported via the Phish Alert Button, the emails in question are reviewed by your IT team and additional actions can be taken including new quarantine rules or policy changes. A nice tool to have in your bag of tricks to help thwart social engineering attempts.
As mentioned previously in the Cyber Security Tips for IT Leaders blog, providing regular security awareness training to your employees is key to reducing your risk. Regular communications around security do’s and don’ts, as well as stimulated Phishing campaigns to assess employee diligence will keep them hyper-aware of potential phishing and social engineering attacks. A few training partners to consider are KnowBe4, Digital Defense, and Skillsoft.
Stop your employees from using sticky notes! We strongly recommend you offer a password manager to your end users to help them manage the plethora of passwords they need to remember. Password managers provide a secure environment for password storage and reduce risk of breaches while providing quicker access for users. A good option for personal and business use is Roboform.
Enterprise Password Management / Privileged Access Management (PAM)
Tools like Manage Engine Password Manager Pro and Secret Server provide a secure environment via a web browser for internal and even external users to access your company resources. The user only needs one username and password to access all systems they are authorized for. This can be utilized with or without a VPN and security administrators can control user access from a single point.
Security Incident Management and Tracking
Well defined security management processes are key to meeting compliance standards including ISO, GDPR and others. Proactive tracking and resolution of security incidents can be accomplished through an IT Service Management system like BMC Helix ITSM. Security incidents automatically trigger a service ticket for resolution vs. waiting for a user to report it. ITSM systems maintain a history of incidents and resolution to meet compliance requirements and provide for quicker remediation time. Many of the above security tools we have mentioned can be integrated via API with BMC Helix to automate and streamline your security management processes.
Vulnerability and Threat Management
In the realm of cyber security, vulnerability and threat management are key to maintaining a solid defense. Digital Defense, an Emtec partner, provides a robust suite of vulnerability and threat management SaaS solutions under their Frontline™ brand that we have found quite simple to deploy and utilize yet very powerful in terms of performance and compliance. Security tools offered in the suite include vulnerability management, web application scanning, active threat sweep, as well as penetration testing.
Not everyone can afford a full team of security analysts monitoring countless logs and employee activity. This is where Artificial Intelligence (AI) can help. Our partner, Cybraics, offers exceptional threat detection tools under their nLighten™ brand which combine machine learning and sophisticated artificial intelligence algorithms with advanced threat detection to cut through the noise and deliver actionable threat data to your IT team.
Navigating the Vast Cyber Security Ecosystem
These are just a handful of the many cyber security tools and platforms that we have found to be extremely effective as well as economical. What tools have you found helpful in the fight against cyber security threats? Drop us a comment below.