Hi, guys!
I'm still new at this whole world of computer networking, on my way to my 3rd month working as a Network Monitoring Analyst, so bare with me if my question is, somehow, stupid.
Our environment consists of a Zabbix Server (3.4), for monitoring the data our SonicWall appliances generate, Grafana (5.4), for data visualization since it has some nice graphs and our clients enjoy that, and a little bit over 60 SonicWall appliances (around 63 to 65 of 'em).
Our monitoring system is, right now, not that advanced, at least not the way we want it to be. Our limitation lies on the fact we can monitor pretty much anything at the hardware level (CPU usage, memory usage, current number of active connections, firmware, bandwidth, etc) but we couldn't find a way to monitor in a very precise way, for example, IPS, GAV (Gateway Anti-Virus), GAS (Gateway Anti-Spyware), Access Rules and events related to network security.
We have many log files being created/updated on a daily basis so there's a lot of data everywhere but right now we couldn't find a way to process it and inform us what is going on or what it could happen if certain actions are not executed. We want to "transform" all this data into useful information that, hopefully, put us ahead of problems that may occur.
So my question is: what has been the solution your company uses when it comes to SOAR (Security Orchestration Automation and Response)? I'm currently getting in touch some companies that offer tools that could help us out but I'd like to hear from the community how they deal with this (and maybe get some recommendations).
Again, I'm still new to this but I'll do my very best to reply and provide as much information as possible so my question can be clearer.
No comments:
Post a Comment