Re: Tool and Software Suggestions

["WALSH, BRENDAN" <bmwalsh () KENT EDU>]

I'm sure a number of responses will mention Splunk - in my mind, it's the best IT investment we have made.  There is a 
learning curve to it, but when it comes to log collection and correlation, Splunk is the best tool on the market.  You 
can probably start small (~10GB/day?) and grow from there - licensing is a little pricey and determined by your 
anticipated daily log volume.

You'll want to collect authentication logs (network authentication as well as application authentication) and AD events 
first and foremost.  If you have a faculty/staff/student portal, like Ellucian Luminis, go ahead and grab activity logs 
from there too.  That should give you a good baseline for being able to monitor account activity - particularly for 
compromised accounts.

If you're part of Internet2, you and your staff can take the Splunk Power User training course at no-cost 
(https://www.internet2.edu/news/detail/11515/)

As you get rolling, Splunk could help with some of the other categories you mention as well.

Cheers - and best of luck in your endeavors!

-Brendan

Brendan Walsh, MBA, CISSP
Manager, Security and Access Management
Kent State University
330-672-8551

[1499691309012_I4E-Bronze.png]



[https://acclaim-production-app.s3.amazonaws.com/images/5e6f5247-1d61-4932-a5da-999a7feec067/isc2_cissp2.png]<https://www.youracclaim.com/badges/4d9a35f4-6e94-40e1-ac27-4a784618330c/public_url>






________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Justin Hensley 
<justin.hensley () UCUMBERLANDS EDU>
Sent: Monday, November 19, 2018 4:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Tool and Software Suggestions


Hello All:

The Office of Information Security here at University of the Cumberlands was just opened this past spring and I moved 
from an operational IT role to Director of Information Security.  I have a new budget available to my office for the 
first time, and I’m working on getting budget numbers together.  I’m hoping that members of this group can suggest some 
tools and software that you use in your infosec office that is invaluable to you.  I’m primarily looking to start in 
the categories of vulnerability assessment and penetration testing, identity and access management monitoring (we’re an 
Active Directory shop), and patch configuration and management.  I’m aware of many tools and software packages in the 
market, but I’m always finding new ones by reading posts in this listserv so I’m hoping this will help me and others 
also.



Thanks.



Justin O. Hensley, CEH, CISSP
University of the Cumberlands
Director of Information Security
Division of Information Services
Gatliff Administration Building | Lower Level | Room 008
104 Maple Street, Williamsburg, KY, 40769
606.539.4197 Office | 606.539.4144 Fax
justin.hensley () ucumberlands edu<mailto:justin.hensley () ucumberlands edu>

www.ucumberlands.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ucumberlands.edu%2F&data=02%7C01%7Cbmwalsh%40KENT.EDU%7C88c66a5a81cb49b099f408d64e69933f%7Ce5a06f4a1ec44d018f73e7dd15f26134%7C1%7C0%7C636782612681274111&sdata=naZ06tLnlf3zOEpzJ6pK24m5dPdYHjOrY1g4%2FD3qSx8%3D&reserved=0>



CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged 
information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the 
sender and delete this email from your system. Thank you.