Malware Detection and Analysis
Security training pro Stu Sjouwerman has two free security tools in his arsenal. "Malwarebytes is doing a great job defending against ransomware," says Sjouwerman,cofounder of security training company KnowBe4, in Clearwater, Fla.
The free scanner detects and removes malware like worms, Trojans, rootkits, rogues and spyware. For more protection, the premium edition offers a real-time scanner that automatically prevents malware and websites from infecting a PC.
ModSecurity, the open source Web application firewall, provides a toolkit for real-time web application monitoring, logging, and access control."It helps us block any and all attacks on our website," Sjouwerman says.
Incident response teams that like to detonate malware in secure sandboxes for analysis might want to try Maltrieve, a free tool for retrieving malware directly from the source for security research."It parses URL lists to get malware location information," and it supports other forensics and malware analysis tools, Westervelt says.
For companies looking to sharpen their pentesting skills and knowledge, the Root the Box open source platform is a real-time scoring engine for computer wargames where hackers can practice and learn. Root the Box attempts to engage novice and experienced hackers by combining a fun game-like environment, with realistic challenges for some applicable, real-world learning.
"The reason that this is my favorite free tool is that it addresses the [biggest] threat in security today -- the lack of knowledgeable security professionals," says Chris Silvers, principal consultant at CG Silvers Consulting, an information security consultancy. "Combined with intentionally vulnerable virtual machines, Root the Box can be an integral part of a security training class," he says.
Advice for using free security tools
Before using any free security tool, first talk to your security peers and find out what works for them and why, Westervelt says. Next, take a close look at how active the development community is behind the tool. "If there's only a single developer or small group of active contributors to an open source project, it could very well die on the vine," he says.
Finally, determine how practical the tool is to your workflow. "You don't want to disrupt your entire workflow with the introduction of a new tool," Westervelt says. "You may not only impact your own workflow but that of your other team members" with a new tool. "That goes back to why you need a new tool in the first place. Maybe a process improvement will solve the problem."
The threat environment is constantly changing. "Security pros have to be ready to absorb new tool capabilities quickly," Borandi says. That requires a highly skilled security team. At the end of the day, he says, "my best tools are my relationships with peers and the education of my team using the tools."
Sign up for CIO Asia eNewsletters.