When it comes to detecting, preventing and analyzing information security threats, security teams need all the help they can get.
Cyber attackers were able to compromise organizations within minutes in 60% of the data breach cases studied in Verizon Enterprise Solutions' Data Breach Investigations Report 2015. Unfortunately, companies aren't getting any faster at detecting those threats. Verizon calls this a "detection deficit" between attackers and defenders.
Free, cheap and easy security tools are one way to help close the gap. We asked infosec and network security pros to offer up their favorite free security tools and, no surprise, their responses ran the gamut from upfront vulnerability scanners to post-discovery malware detonators and analysis tools.
"There's no perfect [security] tool that everybody loves," says Rob Westervelt, information security analyst at IDC. "It's what they feel comfortable using."
Todd Borandi focuses his security team on using a small set of tools that they understand very well. "These tools should change as frequently as tools used by those who would seek to expose information we are working hard to protect," says Borandi, lead information security architect. His team may use anything from publicly accessible websites, like Rapid7 Metasploit, that constantly change payloads and update vulnerabilities, to other open source web pen testing tools "favored by the bad guys," he says.
Though threats are constantly changing, Westervelt believes security tools don't have to be new to be effective. "Incident response people are still in love with some tools and are so skilled at using them that they still have the upper hand, at least for a while," he adds.
Security professionals offer up their favorite free security tools.
Team Cymru'sUnwanted Traffic Removal Service (UTRS) helps mitigate the largest, most concentrated distributed denial-of-service attacks and helps eliminate traffic that is invalid or unwanted.
The Border Gateway Protocol-based solution distributes routes and rules to participating networks using only vetted information about current and ongoing unwanted traffic. Receiving a UTRS BGP feed is open to most networks that are already holders of a registered autonomous system number and currently originate prefixes into the global Internet routing table.
The service is an important safeguard at DePaul University in Chicago. "With IT on a pretty tight budget, it's good to have allies in the network protection fight," says Arlene Yetnikoff, director of information security. The service "is one we can turn to quickly in the event of an attack."
Secpod Saner, a free vulnerability and compliance scanner with remediation for personal computers, was one of a dozen security tools selected for the Black Hat Asia 2015 Arsenal in March. Developers say that anti-malware products typically focus on cleaning already infected systems based on known malware signatures, but 67% of malware is actually unknown. The enterprise-grade tool identifies security loopholes and misconfigurations on desktop systems and end-user applications, and then proactively fixes them.
Sign up for CIO Asia eNewsletters.