What new security tools are you excited about?

There's a VC firm that we do a lot of work with and they bring new companies to us and they give us the pitch. There's this new company that they brought to me, and what this guy is doing is so cool. He didn't use the word SOAR once, but it's absolutely SOAR. What he does is he reads the NetFlow data, and if it meets criteria to equal bad, he then automates a command to the firewall to block the bad for an hour. And then after an hour, they revoke the command. And if the same source meets the same rules again, then it's put in time-out for two hours. I really dig this, because if you have a business problem, a legitimate business that's doing the real thing that hits the bad quotient, the outage is one hour. Which is time enough for you to report and find and end automatic revokes, and you can solve it. It's not a forever thing. They are all about cloud integration. Especially, there's a thing on Linux called eBPF, I've never heard of it before. But it's around turning the process and relationships into flow data, and they can automate that. And I'm like, "This is really cool. I really dig this." And this is something we can bring to multiple because it's flow data, low impact, low bandwidth, easy to implement, no kind of Metadata, IPA, IPB did this kind of exchange. And we could bring security value around this and automated reaction. Also, the CIS WorkBench is pretty cool. It's a tool you can download and it maps every ISO to CIS to NIST CSF.

Anonymous Author
There's a VC firm that we do a lot of work with and they bring new companies to us and they give us the pitch. There's this new company that they brought to me, and what this guy is doing is so cool. He didn't use the word SOAR once, but it's absolutely SOAR. What he does is he reads the NetFlow data, and if it meets criteria to equal bad, he then automates a command to the firewall to block the bad for an hour. And then after an hour, they revoke the command. And if the same source meets the same rules again, then it's put in time-out for two hours. I really dig this, because if you have a business problem, a legitimate business that's doing the real thing that hits the bad quotient, the outage is one hour. Which is time enough for you to report and find and end automatic revokes, and you can solve it. It's not a forever thing. They are all about cloud integration. Especially, there's a thing on Linux called eBPF, I've never heard of it before. But it's around turning the process and relationships into flow data, and they can automate that. And I'm like, "This is really cool. I really dig this." And this is something we can bring to multiple because it's flow data, low impact, low bandwidth, easy to implement, no kind of Metadata, IPA, IPB did this kind of exchange. And we could bring security value around this and automated reaction. Also, the CIS WorkBench is pretty cool. It's a tool you can download and it maps every ISO to CIS to NIST CSF.
0 upvotes