Security Tools Assignment Damon Terry II
docx
keyboard_arrow_up
School
Central Washington University *
*We aren’t endorsed by this school
Course
248
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
4
Uploaded by AdmiralCrane92
Security Tools, SIEM Assessment – Module 10
Objective:
It takes a variety of cybersecurity tools working in conjunction to feed into a SIEM and ingest
the logs so that the SOC engineer can use the data to make decision on what is happening on the
network.
The reality of today’s defense-in-depth is that many companies are moving to the cloud.
However, many
are still working with a variety of environments and ensuring that they all provide inputs to the SIEM is
important. On-premise hardware is still a viable environment along with data stored in datacenters as
well as cloud environments.
This lesson provides the learner an opportunity to research various security tools being used.
The list is
long of all the various security companies who provide such protections.
Another objective for this
assignment is for the learner to understand various domains and functions in those domains to ensure a
holistic security posture for the company or organization.
Instructions:
1)
Go out to the internet and research various security tools in each one of these domains:
Application Security
Device Protection
Network Security
Data Protection
Identity and Access Management
Cloud
Governance, Risk and Compliance
Provide a list of what you found and what domain they go with.
Application Security
-Web application firewalls (WAF), Static Application security
testing.
Device Protection
– Antivirus software, Device encryption, Find my device.
Network Security
– Network scanners, Network access control.
Data Protection
- Firewalls,
Data Encryption
Identity and Access Management
–
Single sign on(SSO), Multi factor authentication,
User provisioning and deprovisioning.
Cloud
– Access controls, Firewalls.
Governance, Risk and Compliance
–
Risk assessment and management, policy
management, Audit management.
2)
Next pick one or two functions that protect that domain.
For example, for Network Security;
Remote Access is a function to protect the network.
Or for data protection, you have the
function of file encryption.
There are many functions for each tool; however, choose at least
1 or 2 to add to your table.
The cloud to protect the domain there are many security measures like encryption, access
controls and regular backups.
Device protection includes security by including strong password requirements and biometric
authentication.
3)
Pick a tool or tools that would like to see deployed in “your” company. List the tool/tools
next to the functions you listed above. Make sure you have defense in depth and cover all
the domains which could be affected by either an insider or external attacker. A table would
be the easiest way to list them out. You do not need to list a tool for each function unless
you want to.
If you go this route, you are building a function catalog which every company
should have one to reference at all times.
If I had to choose security tools for my company, I would aim for a defense in-depth approach to cover
various domains and protect against both insider and external threats. Here's a table listing the tools and
their corresponding functions.
Domain
Security Tools
Network Security
Firewall, IDS/IPS, VPN
Device Protection
Antivirus Software, Device Encryption
Application Security
Web Application Firewall (WAF)
Data Security
Data Loss Prevention (DLP)
Physical Security
Access Control Systems
User Awareness Training
Security Awareness Training
By implementing these tools, we can establish multiple layers of security to safeguard our company's
network devices applications, data, and physical premises. Additionally user awareness training will help
educate employees about potential risks and best practices.
a.
Example:
Cloud
Cloud Web Application Firewall (WAF)
4)
After you have listed out the tool of choice, research for each tool how they provide the
necessary protections for your domain.
For example, Palo Alto Next Generation Firewalls
can provide IDS/IPS for your perimeter, and list how they do this – special signatures or
behavior based.
Firewall -
A firewall, such as Palo Alto Next Generation Firewalls, can provide IDS/IPS for the network
perimeter. They use a combination of special signatures and behavior-based analysis to detect and
prevent unauthorized access, malicious activities, and potential threats.
Antivirus Software -
Antivirus software protects devices by scanning files and programs for known
malware signatures, heuristic analysis, and behavior monitoring. It can detect and remove viruses,
trojans, and other malicious software, ensuring the security of the device.
Web Application Firewall (WAF)
- A WAF protects web applications by filtering and monitoring HTTP
traffic between the application and the internet. It uses rule-based policies and signature-based
detection to identify and block common web-based attacks, such as SQL injection and cross-site scripting
(XSS).
Data Loss Prevention (DLP)
- DLP tools help prevent unauthorized access, use, or transmission of
sensitive data. They use content analysis, data classification, and policy enforcement to identify and
protect sensitive information, such as personally identifiable information (PII) or intellectual property.
Access Control Systems
- Physical access control systems use various methods like biometrics, keycards,
or PINs to restrict entry to authorized personnel, ensuring that only authorized individuals can access
sensitive areas or assets.
Security Awareness Training
- User awareness training programs educate employees about security best
practices, such as recognizing phishing emails, creating strong passwords, and being cautious with
sensitive information. These programs aim to enhance employee knowledge and reduce the risk of
insider threats.
These tools work together to provide a multi-layered defense, covering different domains and protecting
against various types of threats.
5)
Once you have found out how they protect the domain, you are tasked with finding out how
(or if) they can ingest logs into a SIEM and what type of SIEM (Exabeam, Sentinel One,
Splunk, Kibana, etc). Add this to your table.
Domain
Security Tools
SIEM Integration
Function
Network Security
Firewall (Palo Alto
NGFW)
Splunk, Exabeam
protecting the
network
infrastructure from
unauthorized access
Device Protectio
Antivirus Software
Splunk- Sentinel One
safeguarding
individual devices
Application Security
Web Application
Firewall (WAF)
Splunk- Exabeam
protecting web
applications from
attacks and
vulnerabilities
Data Security
Data Loss Prevention
(DLP)
Splunk- Exabeam
protecting sensitive
data from
unauthorized access
Physical Security
Access Control
Systems
Exabeam- Kibana
securing physical
assets
User Awareness
Training |
Security Awareness
Training
Splunk-Exabeam
educating employees
about security best
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
practices to reduce
the risk of insider
threats
Each domain plays a crucial role in maintaining the overall security posture of an organization.
6)
In order to get full credit, your table should look something like this:
Domain
Function
Security
Tool/Application
SIEM
Compatibility
Comments/Details
Network
Remote
Access
Palo Alto Global
Protect VPN
Exabeam,
Splunk,
Kibana
Total Points Possible: 50 points