protection - All Articles - CISO Platform2024-03-29T08:41:21Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/protectionTop 5 Emerging Application Security Technology Trendshttps://www.cisoplatform.com/profiles/blogs/5-application-security-trends-you-don-t-want-to-miss2013-05-14T13:00:00.000Z2013-05-14T13:00:00.000Z23j0c848tmyvuhttps://www.cisoplatform.com/members/23j0c848tmyvu<div><p> <strong>1. </strong><b> </b><strong>Run Time Application Security Protection (RASP)</strong></p><p>Today applications mostly rely on external protection like IPS (Intrusion Prevention Systems), WAF (Web Application Firewall)etc and there is a great scope for a lot of these security features being built into the application so that it can protect itself during run time.</p><p>RASP is an integral part of an application run time environment and can be implemented as an extension of the Java debugger interface. RASP can detect an attempt to write high volume data in the application run time memory or detect unauthorized database access. It has real time capability to take actions like terminate sessions, raise alerts etc. WAF and RASP can work together in a complimentary way. WAF can detect potential attacks and RASP can actually verify it by studying the actual responses in the internal applications.</p><p>Once RASP is inbuilt in the applications itself, it would be more powerful than external devices which have only limited information of how the internal processes of the application work.</p><p>(Read more: <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/top-5-big-data-vulnerability-classes"><span style="color:#3366ff;">Top 5 Big Data Vulnerability Classes</span></a></span>)</b></p><p><strong>2. </strong><b> </b><strong>Collaborative Security Intelligence</strong></p><p>By collaborative security, I mean collaboration or integration between different Application Security technologies.</p><p><strong>DAST+SAST:</strong> DAST (<strong><u>Dynamic Application Security Testing</u></strong>) does not need access to the code and is easy to adopt. SAST (<strong><u>Static Application Security Testing</u></strong>) on the other hand needs access to the code but has the advantage of having more insights of your application’s internal logic. Both the technologies have their own pros and cons, however, there is great merit in the ability to connect and correlate the results of both SAST and DAST. This can not only reduce false positives but also increases the efficiency in terms of finding more vulnerability.</p><p><strong>SAST+DAST+WAF:</strong><b> </b>The vulnerabilities detected by the <strong>SAST</strong> or <strong>DAST</strong> technologies can be provided as input to WAF. The vulnerability information is used to create specific rule sets so that WAF can stop those attacks even before the fixes are implemented.</p><p><strong>SAST+DAST+SIM/SIEM:</strong> The SAST/DAST vulnerability information can be very valuable for SIM (Security Incident Management) or SIEM (Security Incident Event Management) Correlation engines. The vulnerability information can help in providing more accurate correlation and attack detection.</p><p><strong>WAF+RASP:</strong> WAF and RASP are complementary. WAF can provide information which can be validated by RASP and hence help in more accurate detection and prevention of attacks.</p><p><strong>Grand Unification:</strong> Finally one day we will have all the above combined together (and many more) in such a way so that organization can have true security intelligence.</p><p>(Read more: <span style="color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/how-to-build-your-personal-brand"><span style="color:#3366ff;"><b>5 easy ways to build your personal brand</b> !</span></a></span>)</p><p><strong>3. </strong><b> </b><strong>Hybrid Application Security Testing</strong></p><p>By “Hybrid” I mean combining automation and manual testing in a manner “beyond what consultants do” so that we can achieve higher scalability, predictability and cost effectiveness.</p><p>DAST and SAST both have their own limitations. Two of the major problems areas are False Positives and Business Logic Testing. Unlike Network Testing where you need to find known vulnerabilities in a known piece of code, <strong><u>Application Testing</u></strong> deals with unknown code. This makes the model of vulnerability detection quite different and more difficult to automate. So you get the best quality results from consultants or your in-house security experts. However, this model is non-scalable. There are more than a Billion applications which need testing and we do not have enough humans on earth to test them.</p><p>It is not a question of “man vs. machine” but it is a matter of “man and machine”. The future is in the combination of automation and manual validation in “smart ways”. <a href="http://www.ivizsecurity.com/">iViZ</a> is an interesting example that uses the automated technology along with “work flow automation” (for manual checks) so that they can assure Zero False Positives and Business Logic Testing with 100% WASC Class coverage. In fact they offer unlimited applications security testing at a fixed flat fee while operating at a gross margin better than average SaaS players.</p><p><span class="font-size-2"><strong>(Read more: <span style="text-decoration:underline;"><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/phishers-target-social-media-are-you-the-victim" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Phishers Target Social Media, Are you the Victim?</span></a></span>)</span></strong></span></p><p> </p><p><strong>4. </strong><b> </b><strong>Application Security as a Service</strong></p><p>I believe in “as a Service” model for a very simple reason: We do not need technology for the sake of technology but to solve a problem i.e. it’s the solution/service that we need. With the growing focus on “Core Competency”, it makes more sense to procure services than acquire products. “Get it done” makes more sense than “Do It Yourself” (off course there are exceptions).</p><p>Today we have SAST as a Service, DAST as a Service, and WAF as a Service. Virtually everything is available as a service. Gartner, in fact has created a separate hype cycle for “Application Security as a Service”.</p><p><strong>Application Security</strong> as a Service has several benefits like: reduction of fixed operational costs, help in focusing on core competency, resolving the problems of talent acquisition and retention, reduction of operational management overheads and many more.</p><p>(Watch more : <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/video/3-causes-of-stress-which-we-are-unaware-of"><span style="color:#3366ff;">3 causes of stress which we are unaware of !</span></a></span>)</b></p><p><strong>5. </strong><b> </b><strong>Beyond Secure SDLC: Integrating Development and Operations in a secure thread</strong></p><p>Today is the time to look beyond Secure SDLC (Software Development Life Cycle). There was a time we saw a huge drive to integrate security with the SDLC and I believe the industry has made some decent progress. The future is to do the same in terms of “Security+Development+Operations”. The entire thread of Design, Development, Testing through to the Production, Management, Maintenance and Operations should be tied seamlessly with security as the major focus. Today there is a “security divide” between Development and Operations. This divide will blur some day with a more integrated view of security life cycle.</p><p> </p><p>Original Blog: <a href="http://www.ivizsecurity.com/blog/penetration-testing/5-application-security-trends-you-dont-want-to-miss/">http://www.ivizsecurity.com/blog/penetration-testing/5-application-security-trends-you-dont-want-to-miss/</a></p><p><span style="text-decoration:underline;" class="font-size-3"><strong><a href="http://www.cisoplatform.com/profiles/blog/new" target="_blank"> </a></strong></span></p><p></p><p>More: <span style="color:#3366ff;"><b><a href="http://www.cisoplatform.com/main/authorization/signUp"><span style="color:#3366ff;"> Join the community of 1400+ Chief Information Security Officers.</span></a> <a href="http://www.cisoplatform.com/main/authorization/signUp"><span style="color:#3366ff;">Click here</span></a></b></span></p><p></p><p> </p></div>Privacy & Data Protection the growing accountabilityhttps://www.cisoplatform.com/profiles/blogs/privacy-data-protection-the-growing-accountability2014-01-22T14:00:00.000Z2014-01-22T14:00:00.000ZAnubhav Bathlahttps://www.cisoplatform.com/members/AnubhavBathla6<div><p><b>Accountability in Privacy Management</b></p><p>Today the privacy trends analyzed and issues that most of the organizations or service providers face across industries and geographies is one thing noticed as a common theme among the trends that have emerged is <b>A</b><b>ccountability</b>.</p><p>As privacy management evolves — both in terms of improvements in effectiveness and the</p><p>growing complexity of the challenges — accountability is emerging as a fundamental component of handling personal information. In particular, regulators are looking to organizations to be more accountable for their actions.</p><p>(Read more: <a href="http://www.cisoplatform.com/profiles/blogs/how-should-a-ciso-choose-the-right-anti-malware-technology"><b>How Should a CISO choose the right Anti-Malware Technology?</b></a>)</p><p>We are seeing this phenomenon across all ranges of the spectrum. On an individual organizational level, accountability is taking form in:</p><ul><li>Establishment of Privacy office in the organization</li><li>Redefining the role of the privacy professional</li><li>Adopting Privacy by Design</li><li>Embracing the concept of BCR</li><li>Improving internal monitoring, including the use of data loss prevention (DLP) tools</li></ul><p> </p><p>At higher levels, governments are taking steps to regulate the use of personal information,</p><p>and industry groups are exploring self-regulation to stem the tide of increased government action. On the government side, in 2011 in the European Union (EU), the European Commission (EC) amended its Electronic Communication Directive to give consumers more control over their personal information. As part of its overall strategy to update EU data protection rules, the new EC directive requires EU member states to compel electronic publishers to get permission from users before tracking their online behavior through cookies.</p><p>To achieve greater accountability, many organizations will have to rethink their approach towards privacy within the context of their IT strategy. As organizations undertake IT transformations to upgrade and introduce new networks, systems and applications, privacy needs to be embedded as a fundamental pillar of the transformation process rather than an afterthought that is bolted on.</p><p>As regulators become increasingly interested in organizational accountability, now is not the time to wait for laws to dictate action on privacy. Laws may take years to implement but the consequences of a breach — or lack of accountability — can be immediate, visible and costly.</p><p>(Read more: <a href="http://www.cisoplatform.com/profiles/blogs/top-technologies-solutions-available-for-byod-security"><b>Under the hood of Top 4 BYOD Security Technologies: Pros & Cons</b></a>)</p><p></p><p><b>Countries adopt stronger privacy regulations</b></p><p>As the need for better privacy management evolves, countries continue to adopt stronger regulations to address the growing risks and increased focus on the collection and use of personal information. Countries that have no privacy regulations are realizing the urgent need to address the issue. Countries with existing privacy regulations are updating laws in an attempt to keep pace with technological advances to address a rapidly changing landscape and emphasize accountability. Many of the countries that are adopting privacy regulations — in Asia and Latin America in particular — are competing for outsourcing jobs. In 2011, India, a sizable outsourcing destination, adopted new privacy rules. India’s Information Technology Rules 2011 impose significant limitations on how businesses can handle personal information. Under the new rules, organizations that collect personal information will be required to provide notice to the individuals from whom they are collecting it. The new rules also mandate organizations to take all reasonable steps available to secure personal information, offer a dispute resolution process when issues arise and publish or otherwise make privacy policies available. India’s privacy rules cover any personal information collected in India or transferred to the country. In 2012, we expect to see Singapore implement a new legal framework for consumer privacy protection that includes requiring informed consent from individuals for the disclosure and collection of personal information. In Latin America, countries that currently have data protection laws or are drafting them are mainly following the European data protection model. However, without an integrated regional legal system, such as that in the EU, the laws those countries are drafting</p><div><p>More: <a href="http://www.cisoplatform.com/page/top-100-ciso-awards-2014"><b>Have you nominated yourself for Top 100 CISO Awards?</b> <b> </b><b>Click here to nominate</b></a></p></div></div>Bad USB Defense Strategieshttps://www.cisoplatform.com/profiles/blogs/bad-usb-defense-strategies2015-08-18T11:00:00.000Z2015-08-18T11:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span class="font-size-5">What Is Bad USB?</span></p>
<p>The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.</p>
<p>Some interesting demonstrations have been done at Black Hat conference by 2 highly regarded security researchers.</p>
<p><span class="font-size-3">( <a href="http://www.cisoplatform.com/profiles/blogs/badusb-on-accessories-that-turn-evil-by-karsten-nohl" target="_blank">Listen To Karsten's Talk: Bad USB On Accessories That Turn Evil</a> )</span></p>
<p></p>
<p><span class="font-size-5">Possible Ways To Mitigate Bad USB Threats</span></p>
<ul>
<li>Whitelisting USB devices</li>
<li>Block Critical Device Classes, Block USB Completely</li>
<li>Scan Peripheral Firmware For Malware</li>
<li>Use Code Signing For Firmware Updates</li>
<li>Disable Firmware Updates In Hardware</li>
</ul>
<p></p>
<p><span class="font-size-5">Limitations In Bad USB Mitigation Strategies</span></p>
<ul>
<li>Whitelisting USB devices<ul>
<li>Unique Serial No. may not be available in some USBs</li>
<li>Operating Systems don't support any USB Whitelisting</li>
</ul>
</li>
<li>Block Critical Device Classes, Block USB Completely<ul>
<li>Ease Of Use will override</li>
<li>USB usability is highly reduced if basic classes are blocked <br /> (Basic classes can be used for compromise)</li>
</ul>
</li>
<li>Scan Peripheral Firmware For Malware<ul>
<li>Very challenging, Malicious firmwares can spoof a legitimate one</li>
</ul>
</li>
<li>Use Code Signing For Firmware Updates<ul>
<li>Unauthorized updates still have a high chance eg. implementation error</li>
<li>Challenges in implementing secure cryptography on microcontrollers</li>
<li>Challenges in implementing for all devices</li>
</ul>
</li>
<li>Disable Firmware Updates In Hardware<ul>
<li>Most effective, however this may be available only for new devices</li>
</ul>
</li>
</ul>
<p></p>
<p><span class="font-size-5">Threat</span></p>
<ul>
<li>Present Security Solutions cannot detect malicious intent of USB</li>
<li>It can be used for spying,data theft,data tampering,almost anything-it can take control etc.</li>
<li>Security has to be built in before commercializing the product-no response yet on that!</li>
<li>Post Derbycon Hacker Conference 2 researchers have made some attack codes public-this puts millions of us at risk</li>
</ul>
<p><span class="font-size-3">( <a href="http://www.cisoplatform.com/profiles/blogs/top-it-security-conferences-in-the-world" target="_blank">Read More: Top IT Security Conferences In The World</a> )</span></p>
<p><span> </span></p>
<p></p>
<p><strong>References</strong></p>
<p>1. Extracts have been taken from 'Bad USB On Accessories That Turn Evil' Talk by Karsten Nohl during Annual Summit, 2014. <a href="http://www.cisoplatform.com/profiles/blogs/badusb-on-accessories-that-turn-evil-by-karsten-nohl" target="_blank">Click Here</a> For Full Talk</p>
<p>2.<a href="http://securityaffairs.co/wordpress/27211/hacking/hackers-can-exploit-usb-devices-trigger-undetectable-attacks.html">http://securityaffairs.co/wordpress/27211/hacking/hackers-can-exploit-usb-devices-trigger-undetectable-attacks.html</a></p>
<p>3.<a href="http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/">http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/</a></p>
<p>4.<a href="http://www.zdnet.com/article/badusb-big-bad-usb-security-problems-ahead/">http://www.zdnet.com/article/badusb-big-bad-usb-security-problems-ahead/</a></p>
<p></p>
<p></p></div>"ATP( Advanced Threat Protection) Technology Stack"https://www.cisoplatform.com/profiles/blogs/atp-advanced-threat-protection-technology-stack2016-07-14T12:00:00.000Z2016-07-14T12:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p></p>
<p><strong><a href="{{#staticFileLink}}8669808656,original{{/staticFileLink}}"><img src="{{#staticFileLink}}8669808656,original{{/staticFileLink}}" width="636" class="align-center" height="350" alt="8669808656?profile=original" /></a></strong></p>
<p></p>
<p>We believe, isn't a single technology/solution but is a complex program which consists of people, process and technology. Sandboxing or any single technology can only provide partial protection against “real” advanced attacks. We suggest organizations to look at the complete stack of technologies mentioned below and build a holistic program to secure against advanced attacks.</p>
<p></p>
<p></p>
<p><strong>Advanced Threat Detection:</strong> ATP Products generally leverage one or more of the below mentioned techniques-</p>
<p></p>
<ul>
<li><strong>Sandboxing:</strong> This improves the detection rates of ransomware and will enable an organization to identify customized or tailored malware which is beyond the recognition capability of traditional Antivirus. <br /> <br /> It creates a safe environment to analyse suspicious files, either cloud-based or On-Premise: <br /> <br /><div style="margin-left:2em;"><ul>
<li><strong>Virtual Sandbox & Physical Sandbox :</strong> For Virtual Machine aware malware. </li>
</ul>
</div>
</li>
</ul>
<p></p>
<ul>
<li><strong>Security Analytics:</strong> Correlation & analysis of data from across the IT infra for identifying threats<br /> <br /><div style="margin-left:2em;"><ul>
<li>Behavioural Analytics (Network & User) ; Heuristics; Machine Learning </li>
</ul>
</div>
</li>
</ul>
<p></p>
<ul>
<li><strong>Application Containerization:</strong> Isolates applications in a micro-virtual machine. It can help to reduce the load on the overall resources available.</li>
</ul>
<p></p>
<ul>
<li><strong>Embedded URL Analysis:</strong> For analysing suspicious URLs sent via emails etc.<br /> <br /><div style="margin-left:2em;"><ul>
<li>URL Rewriting – For real-time click protection; URL Tracking / Tracing</li>
</ul>
</div>
</li>
</ul>
<p></p>
<p dir="ltr"><span>( Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/workshop-threat-intelligence">Threat Intelligence (Workshop Presentation)</a> )</span></p>
<p></p>
<ul>
<li><strong>Network Traffic Analysis:</strong> This will enable ATP to detect inbound and outbound threats as well as suspicious IPs, URLs, Known C&C and other attacker behavior across the entire attack lifecycle.</li>
</ul>
<p></p>
<ul>
<li><strong>IOC Detection:</strong> Once detected, IOC can be used to quickly locate other infected devices</li>
</ul>
<p></p>
<ul>
<li><strong>File Reputation Analysis, Whitelisting, Blacklisting</strong></li>
</ul>
<p></p>
<ul>
<li><strong>Static Code Analysis:</strong> Examine the code without executing the file for threat protection</li>
</ul>
<p></p>
<ul>
<li><strong>Threat Intelligence:</strong> Provides Intelligence about emerging threats from across the globe </li>
</ul>
<p></p>
<p>It's time to go beyond using sandboxing as a standalone capability rather an organization needs to have a holistic approach for their ATP Program. You need to have efficient and robust analysis tools that can integrate with your existing security ecosystem and can continuously detect the most advanced threats.</p>
<p><br /> But as Kevin Mitnick, World's Famous Hacker says "A company can spend hundreds or thousands of dollars on Firewall, IDS/IPS, ATP and other security technologies, but if attacker can call one trusted person within the company, and that person complies, and if attacker gets in, then all that money spent on technology is essentially wasted." Therefore, processes and people also play a crucial role in establishing the strong ATP Program.</p>
<p></p>
<p dir="ltr"><span>( Read More:</span> <span><a href="http://www.cisoplatform.com/profiles/blogs/9-top-features-to-look-for-in-next-generation-firewall">9 Top Features To Look For In Next Generation Firewall (NGFW)</a> )</span></p>
<p></p></div>Top 5 Technologies To Protect Against Zero Day Malwarehttps://www.cisoplatform.com/profiles/blogs/top-5-technologies-to-protect-against-zero-day-malware2016-08-22T04:30:00.000Z2016-08-22T04:30:00.000ZAtul kumar Singh (CISO Platform)https://www.cisoplatform.com/members/AtulkumarSinghCISOPlatform<div><p>Cyber-targeted attacks such as APTs are the primary cause of concern for any organization that holds data which can be of interest to attackers. The motivations are diverse and the attackers are highly sophisticated and relentless in their approach. Traditional security tools are proving to be ineffective against such attacks as evidenced by the ubiquitous stories of successful breaches. In this time, it is considered that the more security tools you have the better secure you are which is not necessarily true.</p><p>Advance persistent threats are intelligent attacks and no matter how many controls you have in place the attacker can always learn from their failures and will eventually come up with something to evade your defenses. The key to prevent any significant damage is to strengthen your preventive controls and to have the ability to detect the attack at the earliest and respond to it swiftly.</p><p>Here in this blog we have shortlisted 5 key technologies to help you fight against Zero Day Malware.</p><p></p><p></p><p><b>Sandboxes</b></p><p>A sandbox is a security mechanism to analyze the behaviour of any suspicious file types and web objects by allowing it to execute in an isolated environment with constrained resources. It allows one to execute any untested, un-trusted/outsourced code without causing any damage to the host machine and production environment</p><p></p><p>Deployment options</p><ul><li>On-premise: Sandbox appliance is present on-premise. All the network security solutions such as firewalls, IDSes, IPSes, SWGs and SEGs feeds suspicious files into the sandbox and based on the analysis it assigns threat score for the same.</li><li>Cloud based: Sandbox appliance resides in Cloud. This deployment is very cost-effective as it reduces the cost of owning and managing appliance. Also the licensing options are flexible in this regard which further reduces the TCO.</li></ul><p></p><p></p><p><b>Big-data based Behavioral Analysis for Network traffic</b> </p><p>Network behavior analysis is particularly good for detecting new malware and zero day exploits. It is the Big-data analysis approach to solve the current security challenges related to targeted cyber attacks. The solution collects data from inside the network through sensors and other security tools and build a baseline behavior model for normal day to day chores. NBA then passively monitors the network for any anomaly in the base line behavior and if detected locates the problem point and inform the administration for further action.</p><p>NBA systems are able to detect threats against which other security tools are ineffective – for example purpose-written malware, viruses and botnets not detected by antiviruses, social engineering and other threats associated with internal network users</p><p></p><p></p><p><b>Deception technologies</b> </p><p>Deception technology is the latest armament in the fight against Advance malware and Zero-day attacks. Deception technologies deploys a network of camouflaged malware traps that are intermingled with the organizations real IT assets. the attackers will never know as the traps are identical in every way to the real IT systems. Once the attackers when compromising your network steps on one of the deception traps, a red flags is raised immediately. The Traps also analyzes the attackers tactics, techniques by keeping them occupied, giving them false information and making them feel that they are hacking into real IT assets.</p><p></p><p></p><p><b>Network forensics tools</b> </p><p>They are basically Network packet capture tools, which records and analyzes the network events in order to discover the root-cause of security incidents and other problems.According to Simson Garfinkel, there are two approaches to build a monitoring Workstation</p><ul><li>"Catch-it-as-you-can" approach: Immediately writes the packet to a disk file, Buffering in memory as necessary, and perform analysis in batches.</li><li>"Stop, look and listen" approach: Analyze the packets in memory, perform rudimentary data analysis and reduction, and write selected results to disk.</li></ul><p></p><p></p><p><b>Application virtualization</b> </p><p>Application virtualization is a technology by which any application can be made available to the end user locally without installing the application on the local computer via remote display protocol. This has many benefit other than security such as it provides central management (Patching, upgrading, migration etc), Application components are made available on demand, Reduce attack surface, mobility etc.</p><p></p><p></p></div>Open source network security:Top 10 Open Source Software Security Toolshttps://www.cisoplatform.com/profiles/blogs/top-10-open-source-or-free-it-security-tools2016-09-27T05:30:00.000Z2016-09-27T05:30:00.000ZVaibhav Singhal (CISO Platform)https://www.cisoplatform.com/members/VaibhavSinghalCISOPlatform<div><p>Short of resources, but still want to have a strong IT-security ecosystem? There are multiple tools in the market specially for small to medium enterprises who can use these open source tools. Although, they can't match the capabilities as provided by the premium tools provided by big vendors which comes with hefty price tags. But still they provide quite a decent features without burning your pocket. We bring you the list of <strong>Top 10 Open Source or Free IT-Security Tools:-</strong></p><p></p><p><span class="font-size-4"><span><span style="font-size:13px;">1.</span><span style="color:#ff6600;"><em style="color:#3366ff;font-family:arial, helvetica, sans-serif;font-weight:bold;"> </em><span style="color:#3366ff;"><strong><span style="text-decoration:underline;"><a href="http://blog.securityonion.net/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Security Onion</span></a></span></strong></span></span></span></span><span style="text-decoration:underline;"> </span><strong>(Category: Package with multiple capabilities)</strong> is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, Network Miner, and many other security tools. It is a great asset in the defender’s toolkit. It is a Linux distro for intrusion detection, network security monitoring, and log management.</p><p></p><p>2. <span style="color:#ff6600;"><span class="font-size-4" style="color:#3366ff;"><span style="text-decoration:underline;"><strong><a href="http://ossec.github.io/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">OSSEC</span></a></strong></span></span> </span><strong>(Category: IDS/IPS)</strong> is fully open source and free for your use. You can tailor OSSEC for your security needs through its extensive configuration options, adding your custom alert rules and writing scripts that take actions in response to security alerts. You are free to modify the source code to add new capabilities. OSSEC watches it all, actively monitoring all aspects of Unix system activity with file integrity monitoring, log monitoring, root check, and process monitoring. </p><p><span style="font-size:12pt;"><br /> ( Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/top-it-security-conferences-in-the-world" style="font-size:12pt;">Top IT Security Conferences In The World</a><span style="font-size:12pt;"> )</span></p><p></p><p>3. <strong><span style="text-decoration:underline;font-family:arial, helvetica, sans-serif;color:#3366ff;" class="font-size-4"><a href="https://www.cuckoosandbox.org/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Cuckoo Sandbox</span></a></span> (Category: Endpoint Detection and Response)</strong> is an advanced, extremely modular, and 100% open malware analysis system with infinite application opportunities. By default, it is able to:</p><ul><li>Analyze many different malicious files (executables, document exploits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.</li><li>Trace API calls and general behavior of the file.</li><li>Dump and analyze network traffic, even when encrypted.</li><li>Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.</li></ul><p></p><p>4. <strong><span style="text-decoration:underline;color:#3366ff;"><span class="font-size-4"><a href="https://cirt.net/nikto2" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Nikto</span></a></span></span> (Category: Application Security)</strong> is an extremely popular web application vulnerability scanner. Web application vulnerability scanners are designed to examine a web server to find security issues. Identifying security problems proactively, and fixing them, is an important step towards ensuring the security of your web servers. It checks for a number of dangerous conditions and vulnerable software. Running it on a regular basis will ensure that you identify common problems in your web server or web applications.</p><p><span style="text-decoration:underline;"><strong>Features Includes:</strong></span></p><ul><li> SSL Support (Unix with OpenSSL or maybe Windows with Active State's Perl/NetSSL) </li><li> Full HTTP proxy support</li><li> Checks for outdated server components</li><li> Save reports in plain text, XML, HTML, NBE or CSV </li><li> Template engine to easily customize reports </li><li> Scan multiple ports on a server, or multiple servers via input file (including nmap output)</li></ul><p></p><p>5. <strong><span style="text-decoration:underline;color:#3366ff;"><span style="font-family:arial, helvetica, sans-serif;text-decoration:underline;" class="font-size-4"><a href="https://www.metasploit.com/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Metasploit</span></a></span></span><span style="text-decoration:underline;color:#ff6600;" class="font-size-4"><em> </em></span>(Category: Vulnerability Assessment)</strong> A collaboration of the open source community and Rapid7. Their penetration testing software, Metasploit, helps verify vulnerabilities and manage security assessments.</p><p><span style="text-decoration:underline;"><strong>Features Includes:</strong></span></p><ul><li><strong>Utilize world's largest exploit database:</strong> Leading the Metasploit project gives Rapid7 unique insights into the latest attacker methods and mindset. Rapid7 works with the community to add an average of 1 new exploit per day, currently counting more than 1,300 exploits and more than 2,000 modules.</li></ul><ul><li><strong>Simulate real-world attacks against your defenses:</strong> Metasploit evades leading anti-virus solutions 90% of the time and enables you to completely take over a machine you have compromised from over 200 modules.</li></ul><ul><li><strong>Uncover weak and reused credentials:</strong> Test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit Pro can run brute–force attacks against over 20 account types, including databases, web servers, and remote administration solutions</li></ul><p></p><p><strong>6. <span style="text-decoration:underline;color:#3366ff;"><span style="font-family:arial, helvetica, sans-serif;" class="font-size-4"><a href="https://www.bro.org/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Bro</span></a></span></span> (Category: IDS/IPS) </strong>is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well-grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber infrastructure. Bro's user community includes major universities, research labs, super-computing centers, and open-science communities.</p><p><span style="font-size:12pt;"><br /> ( Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/top-6-reasons-why-datalossprevention-implementation-fails" style="font-size:12pt;">Top 6 Reasons Why Data Loss Prevention (DLP) Implementation Fails</a><span style="font-size:12pt;"> )</span></p><p></p><p>7. <span style="text-decoration:underline;color:#3366ff;"><strong><span style="font-family:arial, helvetica, sans-serif;" class="font-size-4"><a href="https://www.wireshark.org/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Wireshark</span></a></span></strong></span> <strong>(Category: Package with multiple capabilities)</strong> It is the one of the foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.</p><p><span style="text-decoration:underline;"><strong>Features Includes:</strong></span></p><ul><li>Deep inspection of hundreds of protocols, with more being added all the time</li><li>Live capture and offline analysis</li><li>Standard three-pane packet browser</li><li>Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others</li><li>Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility</li></ul><p></p><p>8. <strong><span style="text-decoration:underline;color:#3366ff;"><span style="font-family:arial, helvetica, sans-serif;" class="font-size-4"><a href="http://openvas.org/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">OpenVAS</span></a></span></span> (Category: Vulnerability Assessment)</strong> It is the advanced Open Source vulnerability scanner and manager. It is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The powerful and comprehensive solution is available as Free Software and maintained on a permanent basis.</p><p></p><p>9. <span style="text-decoration:underline;color:#3366ff;"><strong><span style="font-family:arial, helvetica, sans-serif;" class="font-size-4"><a href="https://www.kali.org/" target="_blank"><span style="color:#3366ff;text-decoration:underline;">Kali Linux</span></a></span></strong></span> <strong>(Category: Package with multiple capabilities)</strong> is an open source debian distribution that has pre-installed pen testing tools.</p><p><span style="text-decoration:underline;"><strong>Features Includes:</strong></span></p><ul><li><strong>Full Customization of Kali ISOs:</strong> Full customization of Kali ISOs with live-build allowing you to create your own Kali Linux images – Kali Linux is heavily integrated with live-build, allowing endless flexibility in customizing and tailoring every aspect of your Kali Linux ISO images.</li></ul><ul><li><strong>Kali Linux ISO of Doom and Other Kali Recipes:</strong> The Kali Linux ISO of doom – a great example of the flexibility of live-build, and the types and complexity of customization possible.</li></ul><ul><li><strong>Kali Linux Live USB with Multiple Persistence Stores:</strong> Kali Linux Live USB with multiple persistence stores – What’s more, Kali Linux supports multiple persistence USB stores on a single USB drive.</li></ul><p></p><p>10. <span style="text-decoration:underline;color:#3366ff;"><strong><span style="font-family:arial, helvetica, sans-serif;" class="font-size-4"><a href="https://www.alienvault.com/products/ossim" target="_blank"><span style="color:#3366ff;text-decoration:underline;">OSSIM, Alien Vault's</span></a></span></strong></span> <strong>(Category: Security Information and Event Management)</strong> Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.</p><p></p><p><span id="docs-internal-guid-1ff6476f-6a3c-78d9-3067-1480fc4ebbe5" class="font-size-3">( Read More: <a href="http://www.cisoplatform.com/profiles/blogs/top-10-incident-response-siem-talks-from-rsa-conference-2016">Top 10 'Incident Response & SIEM' talks from RSA Conference 2016 (USA)</a> )</span></p><p></p><p><span class="font-size-4"><em>What are the IT Security Tools you use the most & find very helpful ? Share with us in comments below.</em></span></p><p></p></div>3 Free "Security Architecture" Related Resources !!https://www.cisoplatform.com/profiles/blogs/3-free-security-architecture-related-resources2017-04-30T06:30:00.000Z2017-04-30T06:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><table border="0" cellspacing="0" width="100%" class="mcnTextBlock">
<tbody class="mcnTextBlockOuter"><tr><td valign="top" class="mcnTextBlockInner"><table align="left" border="0" cellspacing="0" width="100%" class="mcnTextContentContainer">
<tbody><tr><td valign="top" class="mcnTextContent">Here's some exciting content on security architecture. It includes tools for Data Protection, Incident Response Tool Qualification & more. There's a great conference for security builders too - SACON (Security Architecture Conference), Pune.<br /> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnImageBlock">
<tbody class="mcnImageBlockOuter"><tr><td valign="top" class="mcnImageBlockInner"><p></p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/3-free-security-architecture-related-resources" target="_blank"><img width="750" src="{{#staticFileLink}}8669807483,original{{/staticFileLink}}" class="align-full" alt="8669807483?profile=original" /></a></p>
<p></p>
<p></p>
<p></p>
</td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnTextBlock">
<tbody class="mcnTextBlockOuter"><tr><td valign="top" class="mcnTextBlockInner"><table align="left" border="0" cellspacing="0" width="100%" class="mcnTextContentContainer">
<tbody><tr><td valign="top" class="mcnTextContent"><p><span class="font-size-4"><strong>Guide To Building Enterprise Security Architecture Governance Program</strong></span><br /> <br /> Here's an in-depth guide to building an enterprise security architecture governance program. This is a community contribution from 2 members who have researched the topic in detail......<a href="https://www.dropbox.com/s/9ucutcggd4xr975/1.Building%20Enterprise%20Security%20Architecture%20Governance%20Plan.pdf?dl=0" target="_blank">Download Guide</a></p>
<p></p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/3-free-security-architecture-related-resources" target="_blank"><img width="750" src="{{#staticFileLink}}8669802465,original{{/staticFileLink}}" class="align-full" alt="8669802465?profile=original" /></a></p>
<p><br /> <br /> </p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnImageBlock">
<tbody class="mcnImageBlockOuter"><tr><td valign="top" class="mcnImageBlockInner"></td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnTextBlock">
<tbody class="mcnTextBlockOuter"><tr><td valign="top" class="mcnTextBlockInner"><table align="left" border="0" cellspacing="0" width="100%" class="mcnTextContentContainer">
<tbody><tr><td valign="top" class="mcnTextContent"><p><span class="font-size-4"><strong>10 Things You Should Ask of Your Cyber Incident Response Tool</strong></span><br /> <br /> Here's a guest post with 10 things to qualify your Incident Response Tool. Incident responders must move faster, be more agile, have longer stamina than the attacker......<a href="http://www.cisoplatform.com/profiles/blogs/10-things-you-should-ask-of-your-cyber-incident-response-tool" target="_blank">Read More</a></p>
<p></p>
<p><br /> <a href="http://www.cisoplatform.com/profiles/blogs/3-free-security-architecture-related-resources" target="_blank"><img width="750" src="{{#staticFileLink}}8669810084,original{{/staticFileLink}}" class="align-full" alt="8669810084?profile=original" /></a><br /> </p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnImageBlock">
<tbody class="mcnImageBlockOuter"><tr><td valign="top" class="mcnImageBlockInner"></td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnTextBlock">
<tbody class="mcnTextBlockOuter"><tr><td valign="top" class="mcnTextBlockInner"><table align="left" border="0" cellspacing="0" width="100%" class="mcnTextContentContainer">
<tbody><tr><td valign="top" class="mcnTextContent"><span class="font-size-4"><strong>Confusion and Deception: New Tools for Data Protection</strong></span><br /> <br /> This talk was presented in RSAC USA 2017. Cyberthreats are assymetric risks: corporate defenders must secure and detect everything, but the attacker needs to exploit only once.....<a href="http://www.cisoplatform.com/profiles/blogs/confusion-and-deception-new-tools-for-data-protection" target="_blank">View Slide</a><br /> <br /> <br /> <br /> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnImageBlock">
<tbody class="mcnImageBlockOuter"><tr><td valign="top" class="mcnImageBlockInner"><table align="left" width="100%" border="0" cellspacing="0" class="mcnImageContentContainer">
<tbody><tr><td class="mcnImageContent" valign="top"><a href="https://www.sacon.io/" target="_blank"><img src="{{#staticFileLink}}8669815876,original{{/staticFileLink}}" class="align-full" alt="8669815876?profile=original" /></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table border="0" cellspacing="0" width="100%" class="mcnTextBlock">
<tbody class="mcnTextBlockOuter"><tr><td valign="top" class="mcnTextBlockInner"><table align="left" border="0" cellspacing="0" width="100%" class="mcnTextContentContainer">
<tbody><tr><td valign="top" class="mcnTextContent"><strong>Learn Secure DevOps, Threat Hunting, Threat Modeling and more @SACON Pune</strong><br /> <br /> India has a lot of hackers but very few security architects. The industry as well as the country needs competence in "Security Architecture". That's the reason why we started SACON - India's only Security Architecture Conference. <strong>No Sponsored Talks</strong>.....<a href="https://www.sacon.io/" target="_blank">Know More</a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table></div>