Cybersecurity Platform Open Source Security Tools and Know-how
Ovidiu Cical – [email protected] It’s all about Open Source. Who am I – Ovidiu – Founder Cyscale
- Cloud Security enthusiast
- 10+ years in Cybersecurity (7 in DLP and Endpoint Protection)
- 2 products in Gartner Magic Quadrant (Enterprise DLP and IIoT)
- OWASP Chapter Leader for Cluj-Napoca
- Chief Information Security Officer as a Service – multiple companies What should my Cybersecurity Platform contain? Blue Teams perspective
Network Protection Detection and Response Threat Intelligence
Firewall, IDS, IPS, Traffic Analysis Endpoint Protection, Collaborate, Collect, Endpoint Detection and Response, Evaluate, Analyze DLP, SOAR, OpenC2
Malware Analysis Cloud Security Centralized Logs & Management Sandboxes for file/email Public, Private and Hybrid detonation and inspection Cloud Security tools Compliance, Policies, Logs, Analysis Network Security – great OSS options
pfSense Zeek – Network Other great tools: Firewall Security Monitor Firewalls: NG Firewall (untangle) pfSense is one of the Powerful network analysis IPS offered by Cisco. Capable of Smoothwall (free) leading network framework real-time traffic analysis and OPNSense firewalls with a packet logging on IP networks. IPFire commercial level of features. WAF: Features: Features: Features: ModSecurity *and WAF-FLE UI
ü Great Firewall & ü Anomali and Signature ü Most widely deployed IDS in IDS/IPS: Suricata Router detections the world OSSEC ü High Performance ü IDS / IPS API ü 600,000+ Registered users ü Load Balancing ü High Performance ü Real-time traffic analysis Samhain Labs ü IDS/IPS with Snort ü Automatic protocol ü Protocol analysis Wireshark – network traffic inspection ü VPN detection ü Content searching/matching ü Proxy & Content ü Industry standard outputs filtering ü MIME Type Statistics OSQuery – Endpoint Visibility Incident Management & Response
TheHive – Security Incident Response Platform Cyphon.io – Incident Response Platform
Offers:
• Collect & Store – SIEM, DLP, EPP, Firewall
• Elaborate – investigate cases
• Analyze/Investigate – collaborate & assign
• Respond – ticketing, process, contain incidents, API calls, automatic actions Cybersecurity Threat Intelligence
OTX – Open Threat Exchange: AlienVault Open Threat Exchange
ThreatConnect Open - Access to 100+ open source intelligence feeds (OSINT) https://threatfeeds.io – List of open- source threat feeds github.com/hslatman/awesome- threat-intelligence Cybersecurity Threat Intelligence
YETI - Your Everyday Threat Intelligence
Open, distributed, machine and analyst-friendly threat intelligence repository. Malware Analysis
YARA - pattern matching swiss knife for malware researchers
Used in:
• Airbnb BinaryAlert (free) • Crowdstrike • FireEye • Kaspersky • Raytheon • Websense • Symantec Malware Analysis
Cuckoo Sandbox automated malware analysis system Cloud Security
Github – AWS security tools
Forseti Security – GCP
Cloud Discovery – Twistlock – AWS, Azure and GCP
They offer: • Inventory of VMs, Kubernetes, Container Registries, Serverless • Security Scanning for weak settings and authentication • Compliance (some) Features: Big Data Security • Monitor any telemetry source Analytics • Anomaly detection and real-time rules-based alerts Framework • Hadoop-backed storage for telemetry stream • Automated real-time indexing backed by Elastic Search
OpenSOC & Apache Metron Features: • ELK stack for log analysis Centralized • ES-Hadoop + Spark -> interact with ELK Stack to analyze data • GraphFrames - DataFrame-based Graphs for Spark Logs & Analysis • Jupyter Notebooks – Team collaboration on ML and AI algorithms
Incoming features: • OSQuery Data Ingestion HELK – Hunting ELK • MITRE ATT&CK mapping to logs or dashboards • Terraform integration (AWS, Azure, GCP) Ovidiu Cical – [email protected] Open Source Security - Tools
Vulnerability Scanning IAM APIs Infrastructure/Cloud/Server Security
• OWASP Vulnerability Scanning Tools List • OpenIAM – Community Edition • Let’s Encrypt free SSL Certificates - Free • OWASP Zed Attack Proxy (ZAP) - Free • Keycloak – Open Source • Qualys SSL Labs (server, browser tests) - Free • https://pentest-tools.com - Freemium • Soffid – Open Source • CloudStack - Free • Burp Suite • OneLogin, OKTA • Kali Linux • Accunetix Free • Amazon AWS • Metasploit • Qualys FreeScan • Googe IAM • HPE ConvergedSystem • SUCURI Free • Microsoft AD ... • ... • UpGuard Web Scan, Tennable, Rapid7 ...
Threat detection/prevention Web Apps/Code Security Container Security • AlienVault Open Source SIEM (OSSIM) • OWASP – Follow Top 10 lists • Peekr from Aqua Security • Suricata Intrusion Detection/Prevention • OWASP SonarQube – 20+ languages • Platform9 • OSSEC • OWASP Orizon – Mostly Java • Twistlock • OPSWAT • Bandit – Python code analysis - Free • Red Hat Atomic Scan • Snort IPS • w3af.org, Kali Linux + Nikto • Clair from CoreOS • Security Onion • Contrast Security, Kiuwan, Puma Sec • Anchore • Fail2ban … • Fortify - HP... Thank you!
Ovidiu Cical [email protected]
Connect Scan QR with LinkedIn App