I'm looking for advice on building out a solid security infrastructure for a software development company that's about 500 people strong. We have a mix of 60% Linux and 40% Windows devices, plus a Bring Your Own Device (BYOD) setup for mobiles. With multiple offices and a remote workforce, we need solutions that don't slow down our developers. Currently, our security is pretty basic—a standard firewall, a VPN, some open-source tools, but we lack mature Endpoint Detection and Response (EDR) systems, centralized logging, and device compliance enforcement.
We're looking to incrementally improve our security architecture without hindering productivity and need recommendations across these areas:
1. Endpoint Security: What EDR or XDR solutions work best for mixed Linux and Windows environments? Open-source or budget-friendly options?
2. BYOD Mobile: Should we opt for Mobile Device Management (MDM) or just Mobile Application Management (MAM) approaches? How can we enforce work profiles and secure company data?
3. Identity & Access: How do we effectively implement MFA and SSO while considering our Linux-heavy dev environments?
4. Monitoring & Detection: Any suggestions for centralized logging solutions or lightweight SIEM alternatives that support Linux visibility?
5. Developer Workflow Security: What tools can enhance the security of our Git and CI/CD pipelines, including secrets management and dependency scanning?
6. Network Security: Are there good Zero Trust alternatives to traditional VPNs for multi-location segmentation?
Our main constraints are proper Linux support, avoiding productivity slowdowns, cost-effective solutions, and accommodating remote work. I'd love to hear your real-world experiences and recommendations!
4 Answers
I’d focus on identity solutions first. Solutions like Okta or Entra ID with MFA and SSO are crucial because everything else hinges on knowing who’s accessing your systems. For EDR on mixed environments, consider Elastic Security or Wazuh; both are decent open-source options with good Linux support—but be ready to invest some oversight time into tweaking them. For BYOD, MAM-only strategies keep personal devices from turning into a headache. And don’t try to rebrand your VPN as Zero Trust; look into solutions like Tailscale or Cloudflare Access for affordable segmentation and remote access.
If you’re still in the early stages of logging and monitoring, start with a centralized visibility tool. It really simplifies incident response and threat hunting since everything is in one place. Getting a unified view of logs from your Linux and Windows devices, along with cloud services, can really reduce clutter and improve how you respond to security threats.
Honestly, you might want to consider getting Microsoft 365. If you don’t have a big security team, juggling multiple tools can just lead to chaos. I see so many teams getting in over their heads trying to manage best-in-class solutions or chasing the cheapest options. M365 simplifies a lot and gives you a comprehensive view of your security landscape.
Before diving into a tech stack, have you done a solid risk assessment? Taking a look at frameworks like NIST CSF or CIS Controls can help you build a strong foundation. You really need to identify what’s critical to your business first, then assess the risks to those assets. It’s important to put the right policies and tools in place without just jumping into random solutions.
Going into the Microsoft ecosystem would be pretty expensive for us. I’m worried about the overall costs.