Advertisement
I’m looking into ways we can improve the security of our org. We’re all on prem still, ESXi hosts and Exchange Server.<\/p>\n
Currently pretty much all we have is Sophos X-Intercept (no XDR/MDR) and an email filter. I was looking into the Sophos MDR, what do you guys think of it?<\/p>\n
No logging other than event logs on DC’s.<\/p>\n
We have an older Cisco ASA, should we replace that with something newer? What softwares would you guys recommend we look into?<\/p>\n
Is there some sort of software/appliance to monitor network traffic we should look into?<\/p>\n
We’re pretty basic here so anything will help.<\/p>","upvoteCount":8,"answerCount":6,"datePublished":"2023-05-10T19:47:39.000Z","author":{"@type":"Person","name":"itmoose","url":"https://community.spiceworks.com/u/itmoose"},"acceptedAnswer":{"@type":"Answer","text":"
Some time ago we have conducted research on state of vulnerability remediation, which I recommend you to check: 2023 State of Vulnerability Remediation Report | Action1<\/a> (actually, we have more materials you might consider useful, for example How to Manage Security Vulnerabilities<\/a> article).<\/p>\n But simply put:<\/p>\n I’m looking into ways we can improve the security of our org. We’re all on prem still, ESXi hosts and Exchange Server.<\/p>\n Currently pretty much all we have is Sophos X-Intercept (no XDR/MDR) and an email filter. I was looking into the Sophos MDR, what do you guys think of it?<\/p>\n No logging other than event logs on DC’s.<\/p>\n We have an older Cisco ASA, should we replace that with something newer? What softwares would you guys recommend we look into?<\/p>\n Is there some sort of software/appliance to monitor network traffic we should look into?<\/p>\n We’re pretty basic here so anything will help.<\/p>","upvoteCount":8,"datePublished":"2023-05-10T19:47:39.000Z","url":"https://community.spiceworks.com/t/security-stack/951647/1","author":{"@type":"Person","name":"itmoose","url":"https://community.spiceworks.com/u/itmoose"}},{"@type":"Answer","text":" Up-to-date antivirus is a good start. I think it was Roger Grimes (KnowBe4) who posted several weeks ago that the two most efficient pathways into your systems are via phishing and vulnerabilities that exist in unpatched/unsupported hardware and software. Using that logic and given limited resources (time/money) I would make sure that all your software/hardware is supported and patched, and begin a training program for your organization that covers email and web safety practices. Good luck.<\/p>\n @roger-knowbe4<\/a><\/p>","upvoteCount":2,"datePublished":"2023-05-10T21:12:30.000Z","url":"https://community.spiceworks.com/t/security-stack/951647/2","author":{"@type":"Person","name":"spiceuser-m3bdp","url":"https://community.spiceworks.com/u/spiceuser-m3bdp"}},{"@type":"Answer","text":" Yep, social engineering is involved in 70% to 90% of all successful attacks. Unpatched software is involved in 20% to 40%. Those two root access methods account for 90% to 99% of the risk in most environments. Yes, you can be hacked other ways, but mitigating those two things very well is probably the difference between becoming a victim or not for most organizations. It is the failure of most organizations to appropriate focus on those two root causes first and best that allows hackers and malware to be so successful.<\/p>\n I cover it more here: The Two Best Things You Can Do to Protect Yourself and Organization<\/a><\/p>\n\n