Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Suggestions for security tools
12/25/2017 at 3:53 pm #12971
Curious to hear security tools/practices from anyone with experiences in business lacking the human, technical or financial resources to invest in security.
12/26/2017 at 7:33 am #12977
Have your company thought about a tool offered by Unisys called Stealth?
“Stealth can be deployed within any industry; it is particularly applicable to healthcare, legal firms, financial services, public sector and Federal government agency environments, which all possess critically private information and are subject to stringent data security regulations”
12/26/2017 at 8:01 am #12990
We have recently done a POC with the Adaptive Defense Protection from PandaSecurity, with a very positive result. The solution monitors every execution, checking it its a known software (goodware). If it´s unknown, Panda starts a validation process to determine if its malware o goodware. the solution has different modes to determine what to do with the unknown software from audit to blocking where only approved software will be executed. In addition, the information obtained from this monitoring is awesome. It is not expensive, easy to manage and improves the basic Antimalware solutions.
12/26/2017 at 10:29 am #12995
If your organization lacks everything you mentioned, then consider either outsourcing security completely or creating a hybrid model. I have had success implementing a security program using a hybrid approach, where you maintain Security Management and oversight internally and augment with managed/comanage services to fill the gaps. When you approach security from a program perspective it should include a risk/gap assessment followed on with a focus on people, process and technology. Security technologies won’t make you more secure unless you have the Governance (People/Process) component addressed as well.
Security technologies worth looking at:
People – Security Awareness – Wombat and Knowbe4 are both excellent and wombat has a Managed Services offering. Cover everything from material to online tranining to phishing campaigns
Process – Configuration Management, Asset Management, Change Control, Incident Response – Unless you are a large organization, consider establishing a retainer and don’t forget about post breach response activities (notifications, lawsuits etc) etc – Tools that can help manage and enforce these aspects, but I suggest a solid process.
-Endpoint – Cybereason, Crowdstrike, Cylance, Mcafee (DLP/Encyryption) etc – Managed Services available
-Network Security (Firewalls, SEIM, IPS, Email, DLP etc) – Multitude of boutique and large organizations providing Managed Services – Digital hands, Proficio, ATT, Verizon, Leidos etc). I prefer NG Firewalls, either Fortinet, Palo Alto, Checkpoint – All solid products
. SIEM technologyy – Becoming a fan of Splunk, but log rythm, RSA, ARCsight are all possible products. I would strongly recommend outsourcing your SIEM. Difficulty to manage and maintain inhouse expertise.
The above are just a few, there are many, many more. Hope this helps!
12/26/2017 at 11:34 am #13001
SIEM (Security Information and Event Management). TM (Threat Management) and Vulnerability Assessments are at different ends of the IT security spectrum. SIEM highlights where things went wrong, whereas VA aims to proactively identify weaknesses and prevent intrusions in the first place with a daily audit. Threat Management looks at possible threats to your company or industry. ‘
Combing all three can have many rewards giving an overall view of your companies security posture. Take business lines as an example, let’s call them biz1 biz2 and biz3. Looking at biz1 and all the technology it utilizes, servers, firewall and routers and creating a profile for biz1 technology then running a vulnerability scan plus looking at the threats to the vulnerability we can actually derive mathematical scores and compare them to other business lines. This helps senior management understand the risks of the business lines and helps them understand where and when investments are needed.
12/26/2017 at 9:10 pm #13027
It depends on what kind of tools you are looking for and the size of your organization. If you want to protect against insider threat to gain more visibility in terms of the 4 Ws, who, what, where and when then you can checkout Netwrix auditor, Stealth bit or Varonis. The last two are more for bigger organizations as they are bit pricey. With these, you can monitor your Active Directory, File Servers, and exchange server.
- This reply was modified 2 months, 2 weeks ago by smaouakk.
12/27/2017 at 8:50 am #13035
Dont forget the basics, simple hygiene – its free – strong passwords, regular communication with your employees – make them all part of the cyber defense team. Create a program around cyber – not a project – long term vs. one shot. We send regular communication to the team and we send fake emails that they need to spot and not open. All good practice for that “odd” phishing attempt.
12/27/2017 at 8:55 am #13037
The CSIAC has some good, easy to watch (short), videos on Cyber Awareness. You can see the series here: https://www.csiac.org/series/cyber-awareness-videos/
@avalon1 If you are looking for some more resources to specifically to make your team more aware of phishing techniques, I would suggest sharing these 3 videos with them:
12/27/2017 at 10:07 am #13043
Great question and insights.
Are there any free tools you recommend? Looking for something that will visualize what these tools can offer, and help convince management on the need for more robust/non-free tools. It will help with gaining fund approval if I can show the risks these tools can capture.
12/28/2017 at 1:17 pm #13064
There is a very good saying “Prevention is Better than Cure”. We all play a very important role in compromising data that gets hacked to a certain extent and certain initiatives taken up would definitely help prevent any cyber hack.
1. Updating Software Regularly & keeping it up to date.
2. Good Password Management & changing it regularly by keeping a strong – secured one.
3. Taking extra pre-caution on links/URLs we visit on the internet.
4. Taking a backup of your data regularly.
5. Using Cellular devices with extra care & protecting them with a Pin/TouchID.
6. Taking care of sensitive information by not leaving them un-attended.
7. Building a strong Firewall for the system.
8. Installing an anti-virus on the system.
12/31/2017 at 4:49 pm #13111
Apologies for the long note on suggestions. Though there are number of security tools available against various security areas, the list below provides some insight to open source tools available and in the end listed few commercial tools.
OPEN SOURCE SECURITY TOOLS
End point Protection
This host-based intrusion detection system (HIDS) has recently been gaining popularity among enterprise users, in part because of its high scalability. If an attack overcomes your network defenses, Ossec HIDS stops the attack at the host level, and it can be configured to notify the network administrator when an attack occurs. It’s compatible with many firewalls and all the major operating systems.
Network Intrusion Detection/Prevention
Snort is an open-source network intrusion prevention and detection system (IDS/IPS), developed by Sourcefire, that combines signature, protocol and anomaly-based inspection. With millions of downloads and approximately 300,000 registered users, Snort is also one of the most widely deployed IDS/IPS technologies worldwide.Its capabilities include performing protocol analysis and content searching/matching. It can also be used to detect a variety of attacks, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts, among other things.
Cisco’s open source security analytics framework called OpenSOC. Aimed at helping organizations leverage big data for security, the new tool provides a platform for the application of anomaly detection and incident forensics to data loss. “By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation,”
AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation
ModSecurity provides a wide range of protection for Web applications. While this site offers software, not hardware, you can also purchase an appliance similar to other commercial product from Breach Security.
OWASP Security Frameworks
Number of security frameworks/API are available on Open Web Application Security Project. ESAPI is the most popular API to provide security modules within Application
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
Patch Management Software
Whilst there are number of commercial patch management products available such as manageengine, shavlik, Altiris, Bladelogic, the patch management software from One Commodo is available for free:
NXLog. Open source agent system with log management
Other Security/Scanning utilities/Bundles
VA Scanner: NESSUS
VA/PT Tools: Nexpose/Metaspolit/OpenVAS
Packet Sniffer: Wireshark
WiFi security scanner/intruder: Kismet
Web application Scanning tool: Nikito
Port Scanning: Nmap
Linux Based Security Bundles: Kali, Backtrack, Security Onion, Vyatta
End-Point protection: McAfee, SOPHOS, KASPERSKY, SYMANTEC, MORPHISEC, CYLANCE
Data Governance: Varonis
DDoS Protection: Imperva, Arbor Networks, Akkamai
Identity and Access Mgmt: OIM/OAM, TIM/TAM, COURION
Application Code Reviews: Veracode, Checkmarx
PASSWORD VAULT: CYBERARK, POWER-BROKER
MDM: AIRWATCH, MOBILE-IRON
FIREWALL: Check Point, Cisco PIX/ASA, Juniper, Sonicwall, Netgear, Watchguard, Firewall Config: FORTIMON, TURIN
01/02/2018 at 8:05 am #13154
Automating Operational Technology (OT) vulnerability evaluation
The following article from Automation.com recommends automating the Operational Technology (OT) vulnerability evaluation process and increased visibility, to improve OT networks resilience. In addition, cybersecurity experts emphasized the importance of having visibility into the networks we are trying to protect.
What are good methods or tools to automate ICS and SCADA vulnerability evaluation?
What are the industry standards that utilities can implement to increase the visibility of their SCADA and ICS networks?
01/02/2018 at 6:13 pm #13208
Maltego is the best easy to use tool for open-source intelligence and forensics.
01/02/2018 at 11:34 pm #13209
There are many security tools which can be used in performing a VAPT test. In my view for a specific application security testing before going live in production I would recommend using some Dynamic Scan or Static Scan of the end to end application. There is a tool available from Company Veracode who specializes in application security testing and finding the security flaws and vulnerabilities which exists in the code. It is a paid tool.
From Network VAPT perspective there are tools like DarkTrace which can scan and perform the analysis of all the endpoints and network ports where the traffic is passing through in Ingress or Egress fashion to find out if there are any vulnerabilities in the environment. It can also detect any new Hash Signatures which is introduced in the network as part of Malware or Ransomware or Wannacry type of signatures which are blacklisted by security threat detection companies.
You must be logged in to reply to this topic.