CSO: Free, cheap and easy security tools

/Home/Internet Security: Articles/Internet Security: CSO/CSO: 2015

By Stacy Collett
May 11, 2015

When it comes to detecting, preventing and analyzing information security threats, security teams need all the help they can get.

Cyber attackers were able to compromise organizations within minutes in 60% of the data breach cases studied in Verizon Enterprise Solutions’ Data Breach Investigations Report 2015. Unfortunately, companies aren’t getting any faster at detecting those threats. Verizon calls this a “detection deficit” between attackers and defenders.

Free, cheap and easy security tools are one way to help close the gap. We asked infosec and network security pros to offer up their favorite free security tools and, no surprise, their responses ran the gamut from upfront vulnerability scanners to post-discovery malware detonators and analysis tools.

“There’s no perfect [security] tool that everybody loves,” says Rob Westervelt, information security analyst at IDC. “It’s what they feel comfortable using.”

Todd Borandi focuses his security team on using a small set of tools that they understand very well. “These tools should change as frequently as tools used by those who would seek to expose information we are working hard to protect,” says Borandi, lead information security architect. His team may use anything from publicly accessible websites, like Rapid7 Metasploit, that constantly change payloads and update vulnerabilities, to other open source web pen testing tools “favored by the bad guys,” he says.

Though threats are constantly changing, Westervelt believes security tools don’t have to be new to be effective. “Incident response people are still in love with some tools and are so skilled at using them that they still have the upper hand, at least for a while,” he adds.

Security professionals offer up their favorite free security tools.

Click the URL above to read the full article