We are building and environment where mostly open source and trial versions woul

Question

We are building and environment where mostly open source and trial versions would be used first before we purchase any product. I need your recommendation on the tools required to build a network that would detect threats and all kinds of attack on my network and also a tool or process to analyze and detect vulnerabilities in https traffic.

My environment would mostly comprise of web servers and FTP servers.

Please let me know what tools or software can I implement to detect and analyze attacks that can be run on Windows or Linux.

Explanation / Answer

Palantir if you have the money, or Maltego when you are on a budget. There are plugins from some third parties that integrate with either Palantir and/or Maltego such as RecordedFuture, SiloBreaker, KapowSoftware, and RiskIQ. You can also search GitHub for maltego. KapowSoftware integrates directly at the web layer, as an example about how to analyze data further with these link analyses tools. Maltego has plugins from malware to threat intelligence to many other aspects. The idea is to start with a platform capable of scaling cyber threat problems into the future instead of relying on the outdated prevent-and-patch paradigm.

Additionally, because of your particular situation, I'd add tools such as DataSoft/Nova and OWASP AppSensor. Nova can be used to honeypot web and ftp services in order to gain more interesting insight into your attackers (especially good when combined with the above paragraph's recommendations). AppSensor goes way beyond what log management and webapp-firewalling technology provides. Both of these tools are open-source software.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.