Top 10 Security Tools/Systems

Posted on July 16th, 2007 by Drazen Drazic

We recently polled a sample of senior security managers and specialists to get their thoughts on what they perceived were the 10 most important security tools/systems for their organisations.

Why? For no other reason than we were interested to see what industry people were thinking, using and planning for.

The following is a summary of the findings:

Top 5 Responses:

  • Firewalls and Antivirus, not surprisingly headed most lists (not all though) as either 1st or 2nd in terms of importance. Specific products mentioned included: Cisco ASA, Checkpoint – Nokia and McAfee, Symantec and Kaspersky. From here on, there was no clear pattern of order in the Top 4.
  • Vulnerability Assessment was prominent on most lists. Only products mentioned were QualysGuard and Nessus. (Note: kind of paints the picture of how that market is evolving in my opinion: QualysGuard for Enterprise deployment and Nessus for ad-hoc/department testing).
  • Spam/Email Filtering also made most lists not surprisingly.
  • IDS/IPS made approximately only half the lists. Best comment: “Snort – and IDS is good too!”. Bro, Tipping Point IPS got a couple of mentions and others were just generic references to the technology.

The rest of the Top 10:

  • Nmap: I did mention this was security guys we polled.
  • Application layer filtering devices made a few lists. Examples included: F5 BigIP, F5 ASM (Traffic Shield). SSL VPNs.
  • Web Content Filtering.

There were no clear standouts for the rest of the Top 10. Surprisingly, anti-spyware / malware was rarely seen in most lists. I assume that most organisations now include this in their Anti-virus “bundle”. This is interesting because do the big players actually compete well against the likes of Webroot, PC Tools SpyWare Doctor, SpyBot Search and Destroy, Ad-Aware etc? Is there still a gap between consumer and Enterprise sales and most importantly, detection capability? Are most organisations depending upon products that just come bundled to the detriment of detection capability?

And in no particular order, the others mentioned:

  • Personal Firewalls
  • Wireless Detection; AirMagnet, Netstumbler
  • Patch Management Systems (Note: Am not surprised that these systems aren’t rated as highly.
  • There’s a lot of hype around them and you really need to cut through the marketing and promises, spend a good deal of time setting them up and then pray).
  • RSA SecurID
  • PGP Enterprise
  • Hardware security modules (banking)
  • Web Application Scanners; Acunetix, AppScan.
  • HIDS, Tripwire (Note: Once again, not surprised that these systems were rarely mentioned).
  • Network Monitoring Systems, Nagios
  • NetCat
  • Metasploit
  • Paros
  • Honey Pot / Darknet
  • BackTrack
  • Ethereal / Wireshark
  • PKI (One mention)
  • Centralised Identity Management
  • Kismet
  • tcpdump
  • John
  • OpenSSH
  • OpenVPN
  • Hping2
  • Endpoint Security Solutions; Safend

Leave a Reply