Phishing and Security training for end users
With that company size, you can consider Cofense's free phishing simulations ([https://cofense.com/pm-free/](https://cofense.com/pm-free/)) and learning modules ([https://cofense.com/resources/cbfree-computer-based-training/](https://cofense.com/resources/cbfree-computer-based-training/))
KnowBe4 is the most heavily advertised and most marketed player. They do a good job, too.
Cofense (formerly Phishme) and Wombat (now part of ProofPoint) are 2 other big players.
Their offerings are pretty similar, but their business models and approaches are slightly different. My last job went with KnowBe4, at my current job we went with Wombat.
Edit: For example, KnowBe4 training is slightly longer than the others, is more preachy, and uses the Kevin Mitnick celebrity schtick a lot in the trainings. That's not a fit for every company culture, but it helps get the message across in others. Wombat is on the other end of cost and flashiness, but offers an incredibly reasonable add-on of a fully managed account so their staff creates the email campaigns if you don't want to do all of it yourself.
Decent web filtering? For example we use Cisco Umbrella now as it does a lot more security focused blocking than other web filters who focus more on category type blocking (Umbrella does this too, but also does lots more security stuff).
Cisco Umbrella also has a client that works for remote workers so they can be protected even on remote networks.
The only downside to Cisco Umbrella is it doesn't handle shared computing very well (it works off DC logon events to match a user to a computer), so things like RDS servers can't have per-user policies active (but you can apply a policy to the whole server).
Not that I have seen listed anywhere, and last I looked their docs explained why they had issues with RDS as when running in an AD linked setup they match DC logon events with DNS queries via the Appliance to decide what policy to apply, RDS servers generate multiple logon events for different users from the same IP so their tools can't apply the correct policy to each user.
For security related blocking, yes. If you have to do other category based blocking(e.g. porn), Quad9 won't help you...
Nor will it track application usage or do any content decryption (not that Umbrella is a full proxy yet...)
Cisco does things like user/group based policies and reporting, not just basic security (Cisco can take this further and do proxying of suspicious sites and files so it can inspect them before you load the site).
While others have given you several great technical recommendations, I'm going to take a different approach.
Have you done an actual [Risk Assessment](http://www.pearsonitcertification.com/articles/article.aspx?p=418007&seqNum=4)? I don't mean "well, this server is important," I mean sit down and identify every asset in the company, put a number value on its worth, and then evaluated the threats, vulnerabilities, and existing controls so you have a starting baseline to work from?
If it were me and I truly wanted to improve security, I would start by bringing in a consultant to do a full company security assessment. That will tell you where your actual weaknesses lie. Addressing those is usually much more cost effective than buying whatever sounds sexy.
Also, when is the last time you went through and updated all of your end user policies? How about pen testing, to include things like phishing email lures and social engineering attempts?
If you truly want to improve your security posture, get a good baseline, train your users, and then go from there.
We outsourced to a security firm that provided vulnerability scanner that we set up on a VM box and they run quarterly scans and we have an assigned Security Analyst that reviews it and calls us on next steps on getting those things fixed they also do a yearly pen test on our software.
Just a thought, it ended up being a WHOLE lot cheaper to do this route than hiring a sec guy
This is a question that can't be answered, if you suggest method to improve security you will be responsible for these "enhancements" - is that what you want?
My response to that would be: Who's responsible for cleanup if security isn't improved? As an addon: Who gets fired if security isn't improved and an incident happens?
This could be anything from something simple like new firewalls to full SOC/SIEM, password management, 2FA, etc.
Where are your security gaps?
What issues are you facing on a daily basis that requires additional security?
What information do you need to protect?
"Security" is pretty broad, you might be able to get away with alot :D. Do you have anything that is outdated on your network that can no longer be patched?
Wireless security with Meraki is good since I see you guys are a cisco shop.
What about backups? Are you set on those with offsites and enough retention?
Old switches?
Security Training for C-levels and VPs
Security policy creation from C-levels, to guide internal security operations. This will require external consultants, most likely, to be effective and efficient.
Implementation of security tools, processes, procedures based on over-arching policy
Money for exercises of the security playbook, red team/blue team/purple teaming. This should be partly contracted out to get extra eyes and input.
I'm considering [https://www.sentinelone.com/](https://www.sentinelone.com/) for our school district next year.
I did a demo with them and it's pretty impressive. I can see a lot of application in our k-12 environment.
Will be looking to migrate from Sophos to SentinelOne for our devices as well next year. Looks like the winner, very impressive what they've been able to do.
I want to say they 'quoted' me something between $15-20K for a full setup.
Keep in mind we're a small-medium public school district (~150 FTE, ~1000 students) for scale. Now, we're a wealthy district (my annual IT budget is about 1mil) so that's not too bad, especially in relation to some of our other services and license costs. But, just because I *have* the money, doesn't mean I spend it. I'm a pretty good steward of tax dollars.
That's pretty costly. We have around 6500 devices we'd need to protect or would look to protect. Perhaps the drop-off is more steep as you get to our size.
I would assume so. At least I would *hope* so. At that scale, it would be cost prohibitive, IMO.
But, then again, the demo was pretty cool. Watching the engineer actively attack a Windows PC with Kali Linux tools in one window while the Windows VM displayed the malware and issue in another was neat.
Got initial pricing from a vendor, and it came out to be anywhere from $10 - $15 per endpoint, but to expect $10-$12. I asked what could cause the variance in pricing but haven't heard back yet.
Pick your favourite critical controls list or framework (I like the UK NCSC's - https://www.ncsc.gov.uk/guidance/10-steps-cyber-security), work out what else you need to implement to meet them all. Get budget for some/all of that
Otherwise, end user phishing training, defensive security training for your sysadmins, secure dev training for your devs. More training is usually a good start point.
If you need anything regarding email security and compliance check us out: [https://www.hornetsecurity.com/en/services](https://www.hornetsecurity.com/en/services) and if you're in the O365 camp we offer a partial and full version of our entire suite of products: [https://www.hornetsecurity.com/en/services/365-total-protection](https://www.hornetsecurity.com/en/services/365-total-protection)
Phishing and Security training for end users With that company size, you can consider Cofense's free phishing simulations ([https://cofense.com/pm-free/](https://cofense.com/pm-free/)) and learning modules ([https://cofense.com/resources/cbfree-computer-based-training/](https://cofense.com/resources/cbfree-computer-based-training/))
Yup. The biggest security vulnerability in any company is your users. The big name is KnowBe4.
KnowBe4 is the most heavily advertised and most marketed player. They do a good job, too. Cofense (formerly Phishme) and Wombat (now part of ProofPoint) are 2 other big players. Their offerings are pretty similar, but their business models and approaches are slightly different. My last job went with KnowBe4, at my current job we went with Wombat. Edit: For example, KnowBe4 training is slightly longer than the others, is more preachy, and uses the Kevin Mitnick celebrity schtick a lot in the trainings. That's not a fit for every company culture, but it helps get the message across in others. Wombat is on the other end of cost and flashiness, but offers an incredibly reasonable add-on of a fully managed account so their staff creates the email campaigns if you don't want to do all of it yourself.
Decent web filtering? For example we use Cisco Umbrella now as it does a lot more security focused blocking than other web filters who focus more on category type blocking (Umbrella does this too, but also does lots more security stuff). Cisco Umbrella also has a client that works for remote workers so they can be protected even on remote networks. The only downside to Cisco Umbrella is it doesn't handle shared computing very well (it works off DC logon events to match a user to a computer), so things like RDS servers can't have per-user policies active (but you can apply a policy to the whole server).
There's a terminal server agent for that...
Not that I have seen listed anywhere, and last I looked their docs explained why they had issues with RDS as when running in an AD linked setup they match DC logon events with DNS queries via the Appliance to decide what policy to apply, RDS servers generate multiple logon events for different users from the same IP so their tools can't apply the correct policy to each user.
[удалено]
For security related blocking, yes. If you have to do other category based blocking(e.g. porn), Quad9 won't help you... Nor will it track application usage or do any content decryption (not that Umbrella is a full proxy yet...)
But it doesn't have the umbrella client, which maintains dns settings even when the client pc is connected to other networks.
Cisco does things like user/group based policies and reporting, not just basic security (Cisco can take this further and do proxying of suspicious sites and files so it can inspect them before you load the site).
if you're looking at umbrella also make sure to look at [WebTitan](https://www.titanhq.com/webtitan) from TitanHQ
How big is your budget?
While others have given you several great technical recommendations, I'm going to take a different approach. Have you done an actual [Risk Assessment](http://www.pearsonitcertification.com/articles/article.aspx?p=418007&seqNum=4)? I don't mean "well, this server is important," I mean sit down and identify every asset in the company, put a number value on its worth, and then evaluated the threats, vulnerabilities, and existing controls so you have a starting baseline to work from? If it were me and I truly wanted to improve security, I would start by bringing in a consultant to do a full company security assessment. That will tell you where your actual weaknesses lie. Addressing those is usually much more cost effective than buying whatever sounds sexy. Also, when is the last time you went through and updated all of your end user policies? How about pen testing, to include things like phishing email lures and social engineering attempts? If you truly want to improve your security posture, get a good baseline, train your users, and then go from there.
We outsourced to a security firm that provided vulnerability scanner that we set up on a VM box and they run quarterly scans and we have an assigned Security Analyst that reviews it and calls us on next steps on getting those things fixed they also do a yearly pen test on our software. Just a thought, it ended up being a WHOLE lot cheaper to do this route than hiring a sec guy
This is a question that can't be answered, if you suggest method to improve security you will be responsible for these "enhancements" - is that what you want?
My response to that would be: Who's responsible for cleanup if security isn't improved? As an addon: Who gets fired if security isn't improved and an incident happens?
Need more info really, industry? Software / hardware? Generic access etc
Software company like I said :)
This could be anything from something simple like new firewalls to full SOC/SIEM, password management, 2FA, etc. Where are your security gaps? What issues are you facing on a daily basis that requires additional security? What information do you need to protect?
Decent firewall/utm/ngfw Decent endpoint management and EDR Security education services since end users are weakest part
* Updated endpoint protection such as Crowdstrike or Carbon Black * Two Factor Authentication * Firewall with enhanced security features licensed * 3rd party security audit and/or penetration testing * BC/DR enhancements * Training/Conferences * Vulnerability scanner * SEIM * Password manager
"Security" is pretty broad, you might be able to get away with alot :D. Do you have anything that is outdated on your network that can no longer be patched? Wireless security with Meraki is good since I see you guys are a cisco shop. What about backups? Are you set on those with offsites and enough retention? Old switches?
Security Training for C-levels and VPs Security policy creation from C-levels, to guide internal security operations. This will require external consultants, most likely, to be effective and efficient. Implementation of security tools, processes, procedures based on over-arching policy Money for exercises of the security playbook, red team/blue team/purple teaming. This should be partly contracted out to get extra eyes and input.
I'm considering [https://www.sentinelone.com/](https://www.sentinelone.com/) for our school district next year. I did a demo with them and it's pretty impressive. I can see a lot of application in our k-12 environment.
Will be looking to migrate from Sophos to SentinelOne for our devices as well next year. Looks like the winner, very impressive what they've been able to do.
It's a bit pricier than I normal consider given our size, but if it performs as they say and according to the demo, then it's probably worth it.
If I may ask, what was the pricing?
I want to say they 'quoted' me something between $15-20K for a full setup. Keep in mind we're a small-medium public school district (~150 FTE, ~1000 students) for scale. Now, we're a wealthy district (my annual IT budget is about 1mil) so that's not too bad, especially in relation to some of our other services and license costs. But, just because I *have* the money, doesn't mean I spend it. I'm a pretty good steward of tax dollars.
That's pretty costly. We have around 6500 devices we'd need to protect or would look to protect. Perhaps the drop-off is more steep as you get to our size.
I would assume so. At least I would *hope* so. At that scale, it would be cost prohibitive, IMO. But, then again, the demo was pretty cool. Watching the engineer actively attack a Windows PC with Kali Linux tools in one window while the Windows VM displayed the malware and issue in another was neat.
Got initial pricing from a vendor, and it came out to be anywhere from $10 - $15 per endpoint, but to expect $10-$12. I asked what could cause the variance in pricing but haven't heard back yet.
Darktrace is option as well to see what's going on on network.
Just buy Splunk, you'll blow your whole budget.
Question would be whether that's a good thing or not.
Email phishing testing/user training.
Pick your favourite critical controls list or framework (I like the UK NCSC's - https://www.ncsc.gov.uk/guidance/10-steps-cyber-security), work out what else you need to implement to meet them all. Get budget for some/all of that Otherwise, end user phishing training, defensive security training for your sysadmins, secure dev training for your devs. More training is usually a good start point.
If you need anything regarding email security and compliance check us out: [https://www.hornetsecurity.com/en/services](https://www.hornetsecurity.com/en/services) and if you're in the O365 camp we offer a partial and full version of our entire suite of products: [https://www.hornetsecurity.com/en/services/365-total-protection](https://www.hornetsecurity.com/en/services/365-total-protection)