In a candid interview at SpiceWorld 2014, Nick Antone, Lead Geek at ESN, talks about his day-to-day experiences using AlienVault Threat Alerts in the Spiceworks dashboard.
Nick: I'm Nick Antone—Nick42 in the community. Been around SpiceWorld… I mean, Spiceworks, rather, for quite a while now. Been playing with Alien Vault since the integration started, 7.1 I believe. And, I work for a company called ESN—I'm the Lead Geek there.
Q: Hey Nick, what's your environment like?
Nick: We're spread out all over the country. We are actually all over the world at this point. I've got hosts that are Windows-based. I've got a few Macs out there; a couple of Linux boxes. That kind of thing.
Q: How are you currently using threat alerts in Spiceworks?
Nick: I read about the integration starting. Then when the 7.1 came out, it just started working. I started getting emails from this strange thing that said, "Hey, you have a host that might be talking to something malicious." I started looking in to it, and found out how useful it really, really was because I don’t have to sit and read logs. I don’t have to do any special configuration. It's just there.
Q: What value do those alerts provide to you?
Nick: I can't really measure it, to be honest with you because we don’t… It's not something that I've ever done before in the way that you guys are doing it. It's just letting me know ahead of time versus me having to sit down (with the morning coffee, or something like that) and read through logs, and go through security systems, and things of that nature.
It brings it to me. I get the alert and now I know what's going on. We stood up a new server. One of my Debs had actually put a piece of software on there that she was using. The software—it came from SourceForge, and your system flagged that as a potentially malicious source of a download. And I'm looking at this going like, "What is this download?" I had no idea what it was. It was legit, but it let me know what was going on.
Q: Would you recommend AlienVault Threat Alerts to Spiceworks users?
Nick: Definitely! Particularly if you're in an environment where you're really, really busy and you don’t have a dedicated security team (or something of that nature), then yeah, because you don’t have to do anything. It's just there in Spiceworks. You get these alerts. You dig in to it. You can see what it is, how long it's been since it happened.
And what I think the most value that would bring to a really small team, in particular, there's a lot of SMBs that are here at Spiceworld, and the problem that they probably have is something that I had a long time ago which is I don’t have a dedicated team to go and do this stuff 24/7.
So, having it pushed to them in real time is amazing.
Q: Got any advice for other SpiceHeads?
Nick: Give it a shot. I mean, you don’t have to do anything. It's just there and it's good data. And it's free.