Cybersecurity Platform Open Source Security Tools and Know-How

Cybersecurity Platform Open Source Security Tools and Know-how

Ovidiu Cical – [email protected] It’s all about Open Source. Who am I – Ovidiu – Founder Cyscale

- Cloud Security enthusiast

- 10+ years in Cybersecurity (7 in DLP and Endpoint Protection)

- 2 products in Gartner Magic Quadrant (Enterprise DLP and IIoT)

- OWASP Chapter Leader for Cluj-Napoca

- Chief Information Security Officer as a Service – multiple companies What should my Cybersecurity Platform contain? Blue Teams perspective

Network Protection Detection and Response Threat Intelligence

Firewall, IDS, IPS, Traffic Analysis Endpoint Protection, Collaborate, Collect, Endpoint Detection and Response, Evaluate, Analyze DLP, SOAR, OpenC2

Malware Analysis Cloud Security Centralized Logs & Management Sandboxes for file/email Public, Private and Hybrid detonation and inspection Cloud Security tools Compliance, Policies, Logs, Analysis Network Security – great OSS options

pfSense Zeek – Network Other great tools: Firewall Security Monitor Firewalls: NG Firewall (untangle) pfSense is one of the Powerful network analysis IPS offered by Cisco. Capable of Smoothwall (free) leading network framework real-time traffic analysis and OPNSense firewalls with a packet logging on IP networks. IPFire commercial level of features. WAF: Features: Features: Features: ModSecurity *and WAF-FLE UI

ü Great Firewall & ü Anomali and Signature ü Most widely deployed IDS in IDS/IPS: Suricata Router detections the world OSSEC ü High Performance ü IDS / IPS API ü 600,000+ Registered users ü Load Balancing ü High Performance ü Real-time traffic analysis Samhain Labs ü IDS/IPS with Snort ü Automatic protocol ü Protocol analysis Wireshark – network traffic inspection ü VPN detection ü Content searching/matching ü Proxy & Content ü Industry standard outputs filtering ü MIME Type Statistics OSQuery – Endpoint Visibility Incident Management & Response

TheHive – Security Incident Response Platform Cyphon.io – Incident Response Platform

Offers:

• Collect & Store – SIEM, DLP, EPP, Firewall

• Elaborate – investigate cases

• Analyze/Investigate – collaborate & assign

• Respond – ticketing, process, contain incidents, API calls, automatic actions Cybersecurity Threat Intelligence

OTX – Open Threat Exchange: AlienVault Open Threat Exchange

ThreatConnect Open - Access to 100+ open source intelligence feeds (OSINT) https://threatfeeds.io – List of open- source threat feeds github.com/hslatman/awesome- threat-intelligence Cybersecurity Threat Intelligence

YETI - Your Everyday Threat Intelligence

Open, distributed, machine and analyst-friendly threat intelligence repository. Malware Analysis

YARA - pattern matching swiss knife for malware researchers

Used in:

• Airbnb BinaryAlert (free) • Crowdstrike • FireEye • Kaspersky • Raytheon • Websense • Symantec Malware Analysis

Cuckoo Sandbox automated malware analysis system Cloud Security

Github – AWS security tools

Forseti Security – GCP

Cloud Discovery – Twistlock – AWS, Azure and GCP

They offer: • Inventory of VMs, Kubernetes, Container Registries, Serverless • Security Scanning for weak settings and authentication • Compliance (some) Features: Big Data Security • Monitor any telemetry source Analytics • Anomaly detection and real-time rules-based alerts Framework • Hadoop-backed storage for telemetry stream • Automated real-time indexing backed by Elastic Search

OpenSOC & Apache Metron Features: • ELK stack for log analysis Centralized • ES-Hadoop + Spark -> interact with ELK Stack to analyze data • GraphFrames - DataFrame-based Graphs for Spark Logs & Analysis • Jupyter Notebooks – Team collaboration on ML and AI algorithms

Incoming features: • OSQuery Data Ingestion HELK – Hunting ELK • MITRE ATT&CK mapping to logs or dashboards • Terraform integration (AWS, Azure, GCP) Ovidiu Cical – [email protected] Open Source Security - Tools

Vulnerability Scanning IAM APIs Infrastructure/Cloud/Server Security

• OWASP Vulnerability Scanning Tools List • OpenIAM – Community Edition • Let’s Encrypt free SSL Certificates - Free • OWASP Zed Attack Proxy (ZAP) - Free • Keycloak – Open Source • Qualys SSL Labs (server, browser tests) - Free • https://pentest-tools.com - Freemium • Soffid – Open Source • CloudStack - Free • Burp Suite • OneLogin, OKTA • Kali Linux • Accunetix Free • Amazon AWS • Metasploit • Qualys FreeScan • Googe IAM • HPE ConvergedSystem • SUCURI Free • Microsoft AD ... • ... • UpGuard Web Scan, Tennable, Rapid7 ...

Threat detection/prevention Web Apps/Code Security Container Security • AlienVault Open Source SIEM (OSSIM) • OWASP – Follow Top 10 lists • Peekr from Aqua Security • Suricata Intrusion Detection/Prevention • OWASP SonarQube – 20+ languages • Platform9 • OSSEC • OWASP Orizon – Mostly Java • Twistlock • OPSWAT • Bandit – Python code analysis - Free • Red Hat Atomic Scan • Snort IPS • w3af.org, Kali Linux + Nikto • Clair from CoreOS • Security Onion • Contrast Security, Kiuwan, Puma Sec • Anchore • Fail2ban … • Fortify - HP... Thank you!

Ovidiu Cical [email protected]

Connect Scan QR with LinkedIn App