I work for a non profit and over the past year I have done a lot to re-shape how things are done and have implemented VLANs, an MDM, Anti-virus for all computers, patch management for Windows devices, on-site/off-site server backups and much more. I am now focusing on protecting our network further. We currently have Cisco Meraki for our firewall, and although it does a good job blocking threats it’s not provide super detailed logs. For instance I setup a trial Syslog yesterday and was shocked how many times a day IPs were trying to connect to our network via RDP. It caused me to really think about how much activity is going on without our knowledge.
My biggest concern is our on-site Windows Server / Active Directory. So what should be my focus? I know SIEM can cost a lot and I don’t have the budget to shell out $1,000’s a year. Would something like Alienvault OSSIM be the best way to go to monitor our server / network? I’m all ears, thanks!