Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
N/A
SolarWinds Threat Monitor
Score 8.5 out of 10
N/A
SolarWinds Threat Monitor empowers MSSPs of all sizes by reducing the complexity and cost of threat detection, response, and reporting. You get an all-in-one security operations center (SOC) that is unified, scalable, and affordable.
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
Due to the high price that SolarWinds has, I do not recommend it for small companies. And if I recommend SolarWinds in large companies with complex infrastructures where constant monitoring and review of the network is required, this system is very complete and helps everyone in the technology team, both network administrators, database administrators, Security Administrators, and Server Administrators are all very happy with this system.
SolarWinds offers live chat support for all its products built-in. So if you are working on something you can just reach out to someone at that time, and usually get an answer pretty quick. If you are trying to get something done it's a lot better than submitting a ticket and waiting for the email response.
For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
Threat Monitor is very new on the scene. Its obviously not at the same level as some of the established vendors yet. We also deploy Alienvault for example and its nowhere near the same level as this, however the cost model between these two products reflects that. Alienvault however does have a physical footprint on the environment, whereas Threat Monitor doesnt. If you have the paitence to wait, Threat Monitor will surely only improve over time.
The positive impact that this system has on our company is that it has saved us a lot of expenses when it comes to investigating what the bank's network and systems are.
This saving translates into administrators' time when it comes to finding the problem quickly, expeditiously, and effectively.
It has helped us a lot and we have even required fewer hours from external providers when it comes to solving a problem.
