Security Tools - 4.4

Summary

Security tools play a crucial role in maintaining and enhancing system security. SCAP standardizes the identification of vulnerabilities, while benchmarks establish minimum security standards for systems. SIEM aggregates and analyzes security data, antivirus software detects and removes malware, and DLP prevents the leakage of sensitive data. SNMP manages network devices, and vulnerability scanners identify and address potential security flaws.

Notes:

Security Content Automation Protocol (SCAP)

  • A unified terminology designed so that multiple systems have a common way to identify the names and types of vulnerabilities.
  • Leads to better orchestration between security systems, ensuring consistent identification and reporting of vulnerabilities.

Benchmarks

  • Sets a minimum standard that software and hardware should adhere to for security purposes, ensuring compliance and secure configurations.
  • The "benchmark" is the security target that organizations should aim for to ensure a secure posture.

Agents / Agentless

  • Agents: Installed software that can monitor devices in real time for security issues.
    • Requires that software is installed on the device and kept up to date.
  • Agentless: Monitoring that occurs under certain conditions, such as logging into a system. It is not constant but does not require additional software to be set up and maintained on the monitored device.

Security Information and Event Management (SIEM)

  • Software that collects, aggregates, and analyzes logs and monitoring data from various systems and devices into a central location, providing a holistic view of security events.
  • SIEMs help identify complex security issues and provide real-time alerts to security teams.

Antivirus

  • Software tasked with the identification and removal of malicious software or applications, such as viruses, ransomware, and spyware.

Data Loss Prevention (DLP)

  • Tools designed to prevent the unauthorized transmission of sensitive data (e.g., Social Security numbers, financial information, or intellectual property) from leaving the network.
  • DLP monitors and controls network traffic to ensure that sensitive data is not shared or leaked outside of the organization.

Simple Network Management Protocol (SNMP)

  • A protocol used for network management, responsible for monitoring, identifying, and alerting administrators to security or operational concerns on network devices such as routers, switches, and servers.
  • Trap: An event which triggers the SNMP to perform an action, such as sending an alert to notify administrators of specific network events.

NetFlow

  • A network protocol developed by Cisco for collecting and analyzing network traffic data as it enters or exits an interface, providing valuable insights into network usage and performance.

Vulnerability Scanner

  • Software that scans systems to detect known vulnerabilities, such as outdated software versions, misconfigurations, or unpatched security flaws.
  • Regular vulnerability scanning helps organizations identify and address potential security weaknesses before they are exploited.
Previous: Security Monitoring