Cyber Risk Coverage Application

HI Everyone
this is a second application I'm looking for an SMB trying to get Cyber Risk Coverage Insurance Policy.
All of our SMB clients already have Firewall, Antivirus, Disaster Recovery, etc. But this form is asking for more and we are struggling to find affordable solution or solutions.
We need intrusion detection software - I guess Sonicwall ID does not count?
We need event log recording, monitoring and alerting. - We use Labtech MMP, but this is more for system performance things and is limited on how long logs are saved and what is detected.
We need to have a program in place to test and audit network security controls. Would scanning network perimeter from SecurityMetrics (PCI compliance tester) would be sufficient? We can also get a device from them to periodically perform vulnerability scanning.
Anyone can help with advice?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sean JacksonInformation Security AnalystCommented:
For intrusion detection, I cannot recommend anything stronger than I do OSSEC.  It's open source, easily configured, and it will do any alerting you need, save for making a phone call.

I also recommend setting up an aggregate log system using syslog-ng.  Have all your servers point their logging to a central machine, and that collects everything and reports on anything amiss.  Again, open source.

I recommend putting an instance of Splunk on each of these to create a GUI representation, making it easier for you to see what's going on in your systems.

Yes, SecurityMetrics is good for scanning your perimeter.  They can also help you with your PCI compliance, if that's something you need to worry about.

You can also look at Qualys for external scans, I recommend Acunetix and Nessus for internal scanning.  You can get a license for Nessus and run that internally yourself.  

Based on what you're saying, it sounds like you could use someone to get this all going for you, maybe just to set it all up, but all these tools are what I call 'work amplifiers'.  If you have them in place, you have to have someone working with them to make them really hum and purr.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mavrukinAuthor Commented:
Sean, yes we could use sine help. Can you help us?
Sean JacksonInformation Security AnalystCommented:
I'd be happy to. I sent you a message.
mavrukinAuthor Commented:
Sean was super helpful. Thank you.
Sean JacksonInformation Security AnalystCommented:
Thank you, Mavrukin.  Glad to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.