Free, cheap and easy security tools

When it comes to detecting, preventing and analyzing information security threats, security teams need all the help they can get.

Cyber attackers were able to compromise organizations within minutes in 60% of the data breach cases studied in Verizon Enterprise Solutions' Data Breach Investigations Report 2015. Unfortunately, companies aren't getting any faster at detecting those threats. Verizon calls this a "detection deficit" between attackers and defenders.

Free, cheap and easy security tools are one way to help close the gap. We asked infosec and network security pros to offer up their favorite free security tools and, no surprise, their responses ran the gamut from upfront vulnerability scanners to post-discovery malware detonators and analysis tools.

"There's no perfect [security] tool that everybody loves," says Rob Westervelt, information security analyst at IDC. "It's what they feel comfortable using."

[ RELATED: Free and cheap ways to learn about IT security ]

Todd Borandi focuses his security team on using a small set of tools that they understand very well. "These tools should change as frequently as tools used by those who would seek to expose information we are working hard to protect," says Borandi, lead information security architect. His team may use anything from publicly accessible websites, like Rapid7 Metasploit, that constantly change payloads and update vulnerabilities, to other open source web pen testing tools "favored by the bad guys," he says.

Though threats are constantly changing, Westervelt believes security tools don't have to be new to be effective. "Incident response people are still in love with some tools and are so skilled at using them that they still have the upper hand, at least for a while," he adds.

Security professionals offer up their favorite free security tools.

Network Protection

Team Cymru'sUnwanted Traffic Removal Service (UTRS) helps mitigate the largest, most concentrated distributed denial-of-service attacks and helps eliminate traffic that is invalid or unwanted.

The Border Gateway Protocol-based solution distributes routes and rules to participating networks using only vetted information about current and ongoing unwanted traffic. Receiving a UTRS BGP feed is open to most networks that are already holders of a registered autonomous system number and currently originate prefixes into the global Internet routing table.

The service is an important safeguard at DePaul University in Chicago. "With IT on a pretty tight budget, it's good to have allies in the network protection fight," says Arlene Yetnikoff, director of information security. The service "is one we can turn to quickly in the event of an attack."

Vulnerability Scanners

Secpod Saner, a free vulnerability and compliance scanner with remediation for personal computers, was one of a dozen security tools selected for the Black Hat Asia 2015 Arsenal in March. Developers say that anti-malware products typically focus on cleaning already infected systems based on known malware signatures, but 67% of malware is actually unknown. The enterprise-grade tool identifies security loopholes and misconfigurations on desktop systems and end-user applications, and then proactively fixes them.

An IT security pro at a New York financial firm recommends Rapid7 NexposeCommunity edition vulnerability scanner, which aims to support the entire vulnerability management spectrum, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. The free, community edition scans 32 IPs on networks, operating systems and databases.

Rapid7 also offers a free version of its Metasploit penetration testing software for small businesses. The simple web interface lets companies safely simulate attacks on their network to uncover security issues.

Password management

Though password management tools have been around for years, users have shied away from them because they were too manual or too difficult to configure and manage, Westervelt says. But new versions, like LastPass, are more automated and easy to use. LastPass offers a free version for computers, and for an additional fee users can download the mobile app for smartphones and tablets.

"It's very intuitive," says Westervelt. "It automatically notices when you're on a site that has [your password] in the vault."

Windows security

Sometimes security features are hiding in plain sight. "I think that WSUS and EMET from Microsoft are overlooked by a lot of companies, but they are great tools to use," says Steven Becker, an associate vice president of IT security in New York.

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. It uses security mitigation technologies that throw obstacles in the way of the bad guys.

"EMET gives the ability to force programs to use different security mechanisms that are available in Windows," Becker says. For instance, "EMET uses a few different memory addressing protections that make it harder for malware to find the memory space it wants to execute in."

Other advanced features for certificate pinning can aid against phishing attacks, he adds. "Although it requires some homework, it is possible to push EMET and its protection profiles to an enterprise environment through group policy objects."

An overwhelming majority of attacks exploit known vulnerabilities where the patch had been available for months prior to the breach, according to Verizon's DBIR 2015. "So keeping software updated helps immensely against known vulnerabilities," Becker says. Windows Server Update Services allows administrators to manage the distribution of updates that are released through Microsoft Update to computers in their network.

"Ensuring that production machines have the proper security updates in a controlled manner is a huge burden that can be completely automated through the proper use of WSUS and group policy," Becker says. WSUS can also push out third-party updates, such as Java or Adobe Flash, using several different open source package publishers. Both Microsoft security tools are "free" to licensed Windows software or server customers.

Malware Detection and Analysis

Security training pro Stu Sjouwerman has two free security tools in his arsenal. "Malwarebytes is doing a great job defending against ransomware," says Sjouwerman,cofounder of security training company KnowBe4, in Clearwater, Fla.

The free scanner detects and removes malware like worms, Trojans, rootkits, rogues and spyware. For more protection, the premium edition offers a real-time scanner that automatically prevents malware and websites from infecting a PC.

ModSecurity, the open source Web application firewall, provides a toolkit for real-time web application monitoring, logging, and access control."It helps us block any and all attacks on our website," Sjouwerman says.

Incident response teams that like to detonate malware in secure sandboxes for analysis might want to try Maltrieve, a free tool for retrieving malware directly from the source for security research."It parses URL lists to get malware location information," and it supports other forensics and malware analysis tools, Westervelt says.

Security training

For companies looking to sharpen their pentesting skills and knowledge, the Root the Box open source platform is a real-time scoring engine for computer wargames where hackers can practice and learn. Root the Box attempts to engage novice and experienced hackers by combining a fun game-like environment, with realistic challenges for some applicable, real-world learning.

"The reason that this is my favorite free tool is that it addresses the [biggest] threat in security today -- the lack of knowledgeable security professionals," says Chris Silvers, principal consultant at CG Silvers Consulting, an information security consultancy. "Combined with intentionally vulnerable virtual machines, Root the Box can be an integral part of a security training class," he says.

Advice for using free security tools

Before using any free security tool, first talk to your security peers and find out what works for them and why, Westervelt says. Next, take a close look at how active the development community is behind the tool. "If there's only a single developer or small group of active contributors to an open source project, it could very well die on the vine," he says.

Finally, determine how practical the tool is to your workflow. "You don't want to disrupt your entire workflow with the introduction of a new tool," Westervelt says. "You may not only impact your own workflow but that of your other team members" with a new tool. "That goes back to why you need a new tool in the first place. Maybe a process improvement will solve the problem."

The threat environment is constantly changing. "Security pros have to be ready to absorb new tool capabilities quickly," Borandi says. That requires a highly skilled security team. At the end of the day, he says, "my best tools are my relationships with peers and the education of my team using the tools."

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsIDCVerizon Enterprise Solutionssoftwaredata protection

More about GatewayMalwarebytesMicrosoftRapid7ToolkitVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stacy Collett

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts