Know Your Cybersecurity Tools

Provide your best answer to this multiple-choice question:

What is the best tool to use for hanging a picture frame?
Is it…
A) Hammer
B) Screwdriver
C) Pliers, or
D) Garden shears

The best tool is a hammer. But, why?

Because a hammer is specifically designed for driving nails into walls or other surfaces, making it the ideal tool for hanging a picture frame. While other options like a screwdriver, pliers, and garden shears might work in some situations, they’re not as effective or suitable as a hammer for this task.

Understanding the right tools for specific jobs is crucial in professions like carpentry, plumbing, gardening, nursing, and cybersecurity. Just as a carpenter knows the importance of choosing a hammer over pliers for driving nails, in cybersecurity, it’s essential to know and understand the appropriate security tools needed to manage cybersecurity risk and safeguard an organization.

Examples of Roles and Toolsets

Here’s how various cybersecurity roles involve different toolsets:

Non-Technical Roles

1. Cybersecurity Technical Writer: Documenting policies, procedures, and standards often involves content management systems (e.g., WordPress, MadCap Flare), word processors (e.g., Microsoft Word, Google Docs), and collaboration tools (e.g., Microsoft Teams, Slack).
2. Cybersecurity Trainer: Developing and delivering engaging training materials might use presentation software (e.g., Microsoft PowerPoint, Google Slides), learning management systems (LMS) (e.g., Moodle, Blackboard), and interactive simulations (e.g., KnowBe4 Gamification Platform, HackerRank).
3. Cybersecurity Auditor: Assessing compliance and identifying risks may utilize spreadsheets (e.g., Microsoft Excel, Google Sheets), risk assessment frameworks (e.g., NIST Cybersecurity Framework, ISO 27001), and reporting tools (e.g., Power BI, Tableau).

Technical Roles

1. Incident Responder: Investigating and mitigating security incidents requires using SIEM solutions (e.g., Splunk, Elastic Stack), forensics toolkits (e.g., SANS Investigative Forensics Toolkit, FTK Imager), network traffic analyzers (e.g., Wireshark, tcpdump), and endpoint detection software (e.g., CrowdStrike Falcon, Microsoft Defender for Endpoint).
2. Threat Hunter: Proactively search for threats often involve using vulnerability scanners (e.g., Nessus, OpenVAS), intrusion detection systems (e.g., Snort, Suricata), advanced threat intelligence platforms (e.g., Palo Alto Networks Cortex XDR, MacAfee Endpoint Security for Enterprise), and malware analysis tools (e.g., Cuckoo Sandbox, VirusTotal).
3. Cybersecurity Engineer: Designing and implementing secure systems involves network firewalls (e.g., Cisco Firewall, Palo Alto Networks Firewall), cloud security tools (e.g., AWS Security Hub, Azure Security Center), identity and access management (IAM) systems (e.g., Okta, Azure Active Directory), and configuration management solutions (e.g., Ansible, Puppet).

In this video, “A Day in the Life of a Cybersecurity Policy Analyst” I talk about the tools I use on a daily basis.

https://youtu.be/N4AenOnmaa0?si=TFWBlSmaYr4E0kgN

Knowing my tools is key to helping me maintain both the safety and accuracy of my work, ensuring that each task is approached with expertise and creativity.

With that in mind, here is another question…

John, a cybersecurity specialist at a financial firm, is tasked with monitoring the company’s computing resources for potential security threats. He decides to employ a tool that provides real-time analysis of
security alerts generated by the firm’s applications and network hardware.

What tool is John most likely to use?
A) NetFlow
B) Antivirus
C) Security Information and Event Management (SIEM)
D) Simple Network Management Protocol (SNMP)

The correct answer is C) Security Information and Event Management (SIEM)

Why? Because a SIEM is a set of tools and services offering a holistic view of an organization’s information security. It’s akin to the dashboard in your car that gives you a bunch of information about your car in a relatively easy to read panel.

SIEM tools provide real-time analysis of security alerts generated by applications and network hardware.

As for the other answer choices…

NetFlow is more focused on network traffic analysis, not security alert analysis. Antivirus is essential for detecting malware on individual systems but doesn’t provide a broad analysis of security alerts. Finally, Simple Network Management Protocol (SNMP) is used for managing network devices, not for comprehensive security alert monitoring like a SIEM.

Your Tools

Cybersecurity involves mastering your entire toolbox so let’s explore other key tools:

Risk Management Tools:

1. POAMs (Plan of Actions & Milestones): These organize the steps needed to fix known vulnerabilities. Think of them as roadmaps for addressing security concerns.
2. Risk Management Frameworks (e.g., NIST RMF, ISO 27001): Provide structure for evaluating and mitigating risk. They’re like blueprints for building a secure system.
3. Policy Templates: Pre-written cybersecurity policies ensure you’re not starting from scratch. They’re a handy starting point that can be tailored to your needs.
4. Cybersecurity Laws and Regulations: These define the legal landscape, just like the building codes a construction worker must follow.
5. GRC Systems (e.g., eMASS, similar non-government tools): Software platforms streamline your risk management, compliance, and reporting processes.

Technical Tools:

1. Log Aggregation: Akin to gathering puzzle pieces from various areas of a business. By assembling these pieces, you gain a comprehensive view of your security landscape.
2. Alerting: Like a vigilant guard dog that barks at any sign of trouble, alerting you immediately to potential issues.
3. Scanning: Resembles regular health check-ups for your network, ensuring its overall security and well-being.
4. Reporting and Archiving: Think of it as keeping a detailed diary of network activities, helping you understand what happened and why.
5. Data Loss Prevention (DLP): These tools are your guardians, making sure sensitive data doesn’t slip into the wrong hands.
6. Vulnerability Scanners: Act like detectors, identifying weak spots in the system so we can address them before attackers do.

The Art of Cybersecurity Choice

Selecting the right cybersecurity tool often feels like choosing between a hammer, screwdriver, or wrench — each has a specific purpose.

But knowing your craft is knowing your tools and it’s this knowledge and skill that sets you apart as a cybersecurity professional and also helps maintain the security and integrity of our ENTIRE digital world.