Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Good network security platform? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Good network security platform?
Hey all! First of all, I'm new to this forum so I just wanted to say hello and that I am excited to get involved in some info sec talk.

Second, I was tasked by a client to find a good network security platform. They are a small business and have had their systems hacked multiple times so they want to find some sort of wholesome network security platform that will prevent hacks/threats before they even occur. Responsiveness is also really important to them - they want to make sure they can contact someone quickly and easily to resolve their problems.

Anyone know of any good platforms? I'm doing some of my own research as well, but wanted to post in here first to see if anyone had any good recommendations. Thanks!
Anonymous

Have a look at SecurityOnion... (security-onion-solutions.github.io/security-onion/). It's a nice Linux distro which embed very nice NSM tools in a central place. Xme

536 Posts
ISC Handler
I've used SecurityOnion before - It's good and uses Snort as well as other monitoring services - make sure you consider the cost of using a professional feed, which you will have to on a Business network.

Also, if there is a lot of traffic going through then you'll need a lot of processing power, plus you'll need the ability to mirror ports on a switch or tap into the link.
amilroy

9 Posts
I use OSSIM, the open source version of alienvault. It provides NIDS, HIDS and event correlation. It can take time to get set up to work the way you want it; but is a very good product. Lots of documentation and forum support. Anonymous

Sign Up for Free or Log In to start participating in the conversation!