Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New security tools from Tenable, HP, Co3 attempt the impossible

By John Breeden II | Aug. 12, 2014
Automated incident response is one of the fastest growing fields in computer security. Alternatively called threat monitoring, vulnerability management or threat management, it encompasses the seemingly impossible task of defending a network from active threats as they happen, in addition to detecting every possible vulnerability that could be exploited by an attacker.

The Co3 Security Module is the strongest in this review when it comes to the response side of the equation. While the Co3 product is only just getting into the areas of helping to fix problems, it can illuminate a perfect and legally sound response to any incident. Given that most organizations fail at their response to attacks not notifying users, not bringing in the proper state or national authorities or not meeting their legally mandated responsibilities the Co3 Security Module is a good choice regardless of what program is actually guarding the gates.

Here are the individual reviews:

Tenable Network Security SecurityCenter

The SecurityCenter program from Tenable hits all three areas of detection, prevention and automated response as the most complete package in this review. It's simply the best in every tested area.

It achieves this feat by first inventorying every system on a network and giving administrators a complete view of everything that is running and how everything interrelates. For example, looking at the results of a scan, you can immediately tell how many systems on any given network have anti-virus programs installed, and which ones are up to date. It also shows the number of firewalls that are deployed, and what systems are actually being protected by which ones. This complete network picture can help to knock out the lowest hanging fruit type of problems, like systems outside of a network firewall or old antivirus definitions.

It can also identify devices and clients that may no longer serve a function, like an old print server or a network switch that used to be important but which is no longer used. If those devices have not been removed and decommissioned, they can still provide an attack path for a clever or lucky hacker. And almost every large enterprise network is going to have at least a few.

SecurityCenter was even able to find an old PC we stuck at the very edge of the test network, sitting behind a switch and three hubs, which had no function or active network connectivity. And it discovered a PlayStation 4 which was connected to the test network through a wireless connection that was accidentally not disabled prior to the test.

Once that is in place, SecurityCenter can be used to find variances that stick out, and it can get very granular in this part of the examination. Systems that have configurations outside of the default pattern or which are using more of their CPU than others performing similar tasks can be flagged for follow-up even before the main features of the program are brought online. Although not specifically designed as a network auditing or diagramming tool, SecurityCenter does a fine job providing this as the baseline the rest of the system is built upon.

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.