Cybersecurity tools are essential for protecting our digital assets and ensuring the safety of information systems, defending against malicious software, identifying system weaknesses, and monitoring for suspicious activity.
For instance, Splunk Enterprise Security (ES) provides advanced analytics and real-time monitoring to detect and respond to security threats, while Tenable offers vulnerability management to identify and mitigate potential risks.
By leveraging these tools we can enhance our ability to detect, respond to, and mitigate security threats, ensuring a robust cybersecurity posture.
Find out what tools and services we provide below:
Cybersecurity tools
Splunk Enterprise Security (ES)
Splunk Enterprise Security (ES) is a premium app of Splunk which is a comprehensive security information and event management (SIEM) solution that enhances an organisation’s ability to detect, respond to, and mitigate security threats. Built on the Splunk platform, it provides advanced analytics, real-time monitoring, and incident response capabilities.
The Risk-Based Alerting (RBA) in ES is a powerful feature that helps us prioritise security alerts based on risk assessments rather than just volume.
When should I use Splunk ES?
Use to analyse firewall logs and network traffic to detect potential attacks, such as port scanning or unusual outbound traffic. It can also be used to collect and analyse data to detect malware infections, unauthorised software installations, or abnormal process behaviour.
Access and training
Request access via the ASK portal
See the free training courses available on Splunk.
Or contact us at our systems management tooling, automation and testing mailbox for queries and support.
Splunk SOAR
SOAR is an automation tool linked to the Splunk Enterprise Security Coud platform.
When should I use SOAR?
To automate processes linked to the processing of Cyber Security data in Splunk, for example, locking accounts or banning machines based on security alerts. (NB: This is only available to ICT Tooling and Cyber Security teams only.)
You can use SOAR for platform automation.
Access and training
You can only use Splunk SOAR as a automation platform. Try a free hands on workshop for SOAR.
Or contact us at our systems management tooling, automation and testing mailbox for queries and support.
Tenable
Tenable is a Vulnerability Management platform which performs security vulnerability or benchmarking scans.
When should I use Tenable?
You should consider Tenable if you run your own servers and want to have them scanned to identify vulnerabilities or hardening options.
Access and training
Log a ticket via the ASK portal to request access to Tenable and have your servers setup to be scanned.
Honey Pots
Honey Pots Thinkst Canary are the company that provides our honey pot service giving us immediate visibility into suspicious activity.
When should I use Honey Pots?
If you need a service as a trip wire to highlight suspicious behaviour on your systems.
Access and training
Log a ticket via the ASK portal to request a conversation with the Tooling team about Honey Pot / Canary tools.
Pen Testing (Zoonou)
Pen Testing (Zoonou) is a third party supplier who provide Penetration Testing services.
When should I use Zoonou?
If you’re running an application, website, or infrastructure you must have your service tested for any Cyber Security issues.
Access and training
Use this ASK form to request a penetration test.
MS Defender
MS Defender is Microsoft’s security application deployed to all managed devices to support the universities Cyber Security strategy.
When should I use MS Defender?
Not available for general use.
Access and training
If you want to read more see the MS Defender website.
Burp Suite
Burp Suite is a web and API vulnerability scanner.
When should I use Burp Suite?
You can use Burp Suite to scan your website/s or APIs to identify vulnerabilities and provide you with advice.
Access and training
Log a ticket via the ASK portal to request access to Burp.