I'm part of a growing department with just three members, and we're looking to implement FreshService for ticketing, asset management, change management, and onboarding workflows. I'd love to gather some opinions on preferred tools for the following areas, as I have a budget to bring some of these solutions on board:
1. User training – we're facing a lot of phishing attacks and have been using Defender simulations, which have not been effective.
2. Patch management or remote monitoring and management (RMM).
3. Endpoint detection and response (EDR) and security information and event management (SIEM) – we are currently using Defender XDR in a GCC High environment.
4. Email filtering and security solutions.
5. Web filtering and DNS security – we're using SmartScreen at the moment, but our users prefer Chrome and I'd like to explore better options.
So far, I've received some recommendations for FreshService, KnowBe4 for user training, N-able for patch management, and Huntress for EDR and SIEM. However, I am considering alternatives to Defender XDR and Sentinel.
If you have any other suggestions for foundational tools for a small department with fewer than 100 assets, I'm all ears!
3 Answers
Based on my experience, I'd recommend:
1. KnowBe4 for user training, but also consider addressing the root causes of phishing attacks, possibly through your email security tool.
2. For patch management, Action1 is a good option and is free for up to 200 endpoints. You might also look into ConnectWise Screenconnect for remote management.
3. I’ve heard great things about Crowdstrike for EDR—you might want to investigate that.
4. For email security, Cloudflare E-mail Security has been the best I’ve used, although it can get pricey.
5. For DNS security, I’m a fan of Cloudflare Zero Trust DNS filtering; it's technically free if you're just using it for DNS forwarding, and it's much better than alternatives like OpenDNS or NextDNS.
1. I suggest sticking with Defender for phishing simulations.
2. Consider Action1 or Ninite Pro for patch management.
3. You could keep using Defender XDR if you're comfortable.
4. Defender for Office might work well for email filtering.
5. Cloudflare Zero Trust is a solid choice for web filtering.
Thanks for the suggestions! Is Action1 your go-to choice because it’s free or do you think it has great features? Just curious about your take on it.
It’s crucial to think about how you’re choosing products. Are you aiming for a specific regulatory compliance? For web filtering, a DNS-based solution is lightweight and effective, while endpoint solutions require more commitment.
For email filtering, what's your MTA? Blocking spam is key, but also think about how to stop credential leakage. Implementing multi-factor authentication (MFA) can help a lot, but I didn't see that mentioned in your discussions.
I don’t have a specific mandate besides ensuring we meet requirements where filtering could be beneficial. We've got Exchange Online for emails, and spam blocking is one of my main goals. Even with MFA in place, I had an incident where a user was phished, which made me rethink our email defenses. What do you suggest for enhancing our protection?
I'll have to check out Crowdstrike, but I've been hesitant about the price. I’ll look more into Cloudflare too since I already use some of their products. Thanks for the tips!