I need a simple, cost-effective way to be able to ascertain if any systems for which I am responsible are/have been compromised.
It seems that there are solutions that cost a gazillion dollars (so I will never know if they work -- management won't spend that kind of money), or there are scanners and such that are free or low-cost but offer little in the way of solutions to the problem.
Do you have a solution that we can live with (and pay for)? What happened to good old Yankee ingenuity?
Well, this can be a complicated matter if we get down to the nitty gritty of looking at logs from an incident response perspective. Perhaps the best way to address this is for you to run tests against your own systems to see what the bad guys see (ethical hacking). There are a lot of variables here (OS, network design and so on), but here a few good tools you can use for starters to see where you stand:
- SuperScan for Windows systems
- Nessus vulnerability scanner
- QualysGuard (definitely the most bang for your buck -- it will scan practically every platform for tons of vulnerabilities. You definitely get what you pay for here)
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.