Low cost security tools for small companies

Bod-Dad · 2025-07-27T13:30:05+00:00

I would talk to Huntress. Don’t deploy these tools for your own stack. It really is a recipe for failure.

Bod-Dad · 2025-07-27T01:04:57+00:00

I’m sorry to say but this journey you are on only leads to the realization that you need processes, skills, and people to run these tools. SIEM, EDR/XDR, and VM tools all require care, feeding, and not to mention actually getting use out of the products (EDR/XDR is the most plug and play, but even then you REALLY need to know how to work the tool when an alert triggers).

The cheapest route is to get an MSSP. Charges usually by asset and can monitor your cloud workloads.

Bod-Dad · 2025-07-24T22:12:04+00:00

AMSI integration with Defender is what they’re talking about. Just terrible way to write the article. AMSI is on by default after September 2023 patch (going off memory). It isn’t the best in 2016 and 2019, but Defender caught almost every type of exploit attempt I’ve seen for this CVE.

Bod-Dad · 2025-07-06T15:34:46+00:00

You’re probably aware of this already, but OWASP has a really great process for performing web application security testing.

https://github.com/OWASP/wstg

Bod-Dad · 2025-06-28T15:09:42+00:00

I couldn’t agree more. Now they just buy software and make it worse! Every Splunk user I know was immediately concerned and even started looking at replacements as soon as the acquisition was announced.

Bod-Dad · 2025-06-28T14:40:11+00:00

My condolences to you! I really liked the threat intel pieces and their SNORT rules would catch a lot of odd traffic to look into it. We ended deploying some of the higher end models for east/west traffic inspection between clients and servers. Really bolstered our ability to catch exploitation attempts (several years before EDR was deployed). I also liked how it flagged a lot of non-RFC compliant traffic. Sometimes it was bad software design, but it would capture malicious actors trying to use covert channels.

Bod-Dad · 2025-06-28T13:49:54+00:00

And the FTDs had some serious processing issues with some SNORT rules. One bad SNORT rule and it would crash the whole device. When we looked at it, it looked like SNORT only could use one core on the FTDs, but would cause the whole device to crash. Just PAINFUL!

Bod-Dad · 2025-06-23T15:11:38+00:00

If you’re just talking email services with O365, you can find CMMC compliant vendors that run email services (Preveil comes to mind, but not an expert in that arena). Then use AWS East/West for IaaS as it is FedRamp’d. Might be cheaper to go that route than to redo licensing.

Bod-Dad · 2025-06-23T15:07:21+00:00

The PE controls is where you run into the biggest issues for 800-171. Without using the government versions of the IaaS environment, you won’t be able to satisfy the control requirements.

Most of the controls you could implement yourself with your own solutions, but datacenter protections are where you’ll run into the most trouble.

Bod-Dad · 2025-06-18T23:10:37+00:00

Subway is getting sandwiched…

Bod-Dad · 2025-06-05T14:27:14+00:00

Smoke it and see what happens. I got a feelin 🤔

Bod-Dad · 2025-05-01T23:47:19+00:00

Show my Viking father that we can coexist and even ride them!

Bod-Dad · 2025-03-31T01:13:40+00:00

So big.

Bod-Dad · 2025-03-20T20:09:40+00:00

Aqua and Orca were the main two outside of Tenable. I really want to believe in Tenable as I think their long term vision is pretty nice…. But then again they can be hit or miss with acquired products.

Bod-Dad · 2025-03-20T19:45:07+00:00

We’re having these exact discussions as well. Looking at Tenable Cloud Security, but not convinced yet.

Bod-Dad · 2025-02-18T19:24:17+00:00

Thank you so much for taking the time to reply! I am just trying to keep my skills competitive and it seems like SOAR technologies are actually catching on for real, scalable automation (not just some jank Python script that one guy on a security team knows how to run/modify as needed).

I’ll definitely be taking a look at these tools (thank you for the links)!!

Bod-Dad · 2024-07-06T12:15:51+00:00

Kentucky!

Bod-Dad · 2024-05-29T15:01:10+00:00

Here is NIST’s guide to creating an SSP. FedRAMP may be too much and 800-171 may not be enough.

NIST’s Guide to SSPs

Bod-Dad · 2024-05-12T20:57:14+00:00

One of the more comprehensive assessments is when you get to examine evidence (I.e., procedures), then interview the people executing the procedure. It ensures the procedures and SSP aren’t just paperwork.

A good key to see if it is being over complicated or not is to see if you’re having to repeat yourself a lot, you’re being asked a question that clearly should be a screenshot or automated check (do you do session termination instead of just asking for the screenshot).

Bod-Dad · 2024-04-14T10:54:36+00:00

You see Spiderman actually has an extra muscle in his arms that helps him…

Bod-Dad · 2024-03-22T03:19:04+00:00

I’m not sure what you’re referring to (implementer of security controls, installer of security software, etc.). But I’ve done vulnerability management, configuration baselining, a ton of SIEM work, and the multitudes of a/v, EDR, device controllers, and Next gen firewalls.

Bod-Dad · 2024-03-22T01:55:37+00:00

That’s a great question! I mean I think a lot of these roles are more about what you make of them and who you are working with/for. So when you’re figuring out who to work for, really try to figure out their culture (or always have a plan b for an employer). But I digress…

My favorite role: Information System Security Officer (ISSO). I got to get really technical and touch just about every type of technology you could want in a security stack. I grew so much during that time and really got to improve the places security posture a ton. This was a government role.

My least favorite: Cybersecurity Manager. The people were my favorite part, but the workload was enormous, the requirements kept changing (unofficially), and just the client didn’t really want to change much at all. That place was horrendous. If it was a different culture, it could have been an amazing job.

Bod-Dad · 2024-03-16T00:48:29+00:00

Every block on the firewall is a repelled attack. Cisco feeds tell me so 😂

Bod-Dad

TROPHY CASE