The tools and appliances available within the IT landscape have expanded the analysis and monitoring capabilities available to IT security personnel. However, these tools, like FireEye, Nessus, Rapid7, Bro and Kibana, rarely integrate with each other and are often not designed to play well outside their defined scope. While Security Analysts have more power at their fingertips than ever before to identify and track down threats, without an automated way to connect these systems, numerous cycles are wasted performing tedious tasks that detract from time that could be spent better understanding and monitoring the security threats faced by the university.
The IT Security Office has developed several web applications and tools that leverage the APIs of various security appliances, Google Drive and Service-Now in order to provide connective tissue where appropriate and eliminate manual data entry whenever possible. Each tool facilitates the adoption of the CIS Controls and allows Security Analysts to focus on performing incident analysis rather than data entry or dealing with ticket system tedium.
FEINT, the FireEye ITSO Notification Tool, is part of ITSO’s Malware Defense, CIS Control 8. HOIST, the Hands-Off ITSO Scanning Tool, ties into ITSO’s Boundary Defense, CIS Control 12. CRIT, the Credential Reset Incident Tool, is a web application that addresses CIS Control 16. SLIC, the Security Log Incident Creator.
