InfoSec Experts on the Top 3 Free Security Tools
15 security experts discuss the top three free security tools every infosec pro should use.
Gartner predicts that worldwide security spending will hit $96 billion in 2018, marking an eight percent increase over 2017 spending. This increased spending can be attributed to several factors, such as regulations, a growing awareness of the broad and ever-changing threat landscape, the evolution of a digital business strategy, and a shifting buyer mindset. While every enterprise must invest in sound security tools and solutions, not every valuable security tool comes with a high price tag. In fact, there are a variety of tools that today's infosec pros trust that don't cost a dime.
To find out what free security tools today's security professionals trust and rely on, we reached out to a panel of information security experts and asked them to respond to this question:
"What are the top 3 free security tools that every infosec professional should use?"
Meet Our Panel of Information Security Professionals:
Find out what free tools you should be adding to your toolkit by reading what our pros had to say below.
Dr. Asankhaya Sharma
Dr. Asankhaya Sharma is a cyber security expert and technology leader with over a decade of experience in creating security products for industry, academia and open-source community.
"There are several free tools that a security engineer may use as part of their arsenal but the following three are quite essential..."
- Burp Suite by Portswigger - The community edition of the Burp Suite is a free tool that provides a comprehensive solution for web application security checks. Their proxy feature is quite useful during penetration testing to manually inspect and fiddle with web traffic. It also includes a scanner that provides automated vulnerability scans for web applications.
- Security Monkey by Netflix Security - Monkey is a tool that monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Managing the configurations and policies on cloud providers like AWS is a complex task and requires constant monitoring. Security Monkey helps automate the process and has good integration with developer workflow tools like JIRA to create tickets and bug reports.
- ModSecurity by Trustwave - ModSecurity is a web application firewall (WAF) that enables real time logging, monitoring, and access control. It also comes with a powerful rules language and an API to enable you to define and implement custom protections.
Amin Lalji is a Certified Cloud Architect, Cyber Security Consultant, and Instructor at Learning Tree International. Amin was selected as a practicing consultant to provide education and training to hundreds of companies. Amin has authored various training courses in the Cyber Security & Cloud Computing Curriculum at Learning Tree.
"Here are my top three free security tools..."
- OSQUERY: An open source suite of products released by Facebook, designed to provide organizations with deep insight into the state of endpoints and servers. The tool is cross platform and essentially allows organizations to execute SQL-like queries to support use cases such as intrusion detection, infrastructure reliability, or compliance. To top it off, it is very lightweight and highly scalable.
- SYSMON: A tool from Sysinternals that is loaded as a Windows device driver. The tool has been redesigned to provide deep insight into malicious and anomalous system activity (e.g., it can monitor process creations, network connections, and changes to file creation time). The tool can capture data into the event log and can also send events to log management/SIEM systems.
- ElasticSearch: An open source tool that provides parsing, indexing, full-text search, querying, and visualization of event and log data in a hyper-scalable open-source platform. Customizations and dashboards can be provided to gain insight into low and slow attacks, anomalous activity, etc. Data can be enriched in-line using tools such as GeoIP to locate and map IP addresses etc. Works great with SYSMON!
Joseph is the Chief Security Scientist at Thycotic. A Cyber Security Professional with 20+ years' experience in Enterprise Security & Infrastructure, Joseph is a Certified Information Systems Security Professional (CISSP). Joseph is an active member of the cyber security community and a frequent speaker at cyber security events globally, and also an adviser to several cyber security conferences.
"The top three free security tools every infosec pro should be using include..."
- Secret Server Free is the fastest-to-deploy and the easiest-to-use privileged access password security solution. This free edition supports up to 25 users and protects up to 250 privileged account passwords.
- Weak Password Finder for Active Directory quickly and easily identifies the riskiest passwords among your Active Directory users.
- The Browser-stored Password Discovery Tool quickly and easily identifies risky storage of passwords in web browsers among your Active Directory users, including top 10 common machines with browser-stored passwords, and more.
João Serrachinha is a SysAdmin at Mobidea.
"There are a bunch of essential tools any infosec professional should consider using..."
My top three free essential tools are:
- Rkhunter - Rkhunter (Rootkit Hunter) is a tool for systems which verifies the system by searching for rootkits, back doors, and possible local flaws. This is done by comparing SHA-1 hashes of archives with the original archives in online data banks. The app canvasses through archives which are normally used by rootkits, incorrect permissions, hidden archives, suspicious strings in modules of the kernel, and also manages to perform special tests for FreeBSD and GNU/Linux systems.
- Nmap - Nmap is both a free and open source tool for security auditing and network discovery. Nmap is used to evaluate the security of computers. It's also used to discover services or servers in a computer network. Nmap has also been used to scan remarkable networks of hundreds of thousands of machines. It's also included on many operating systems such as Linux, Redhat, or Gentoo.
- Metasploit - Metasploit Framework is an open source penetration tool. It can be utilized to test the vulnerability of computer systems to protect them. In addition, it can also be used to break into remote systems. This is quite the powerful tool and it's normally used for penetration testing. There's a lot of work and time that you must put into this tool if you want to really know how to use it well. You need a great deal of patience and many hours of practice to master Metasploit!
Kurt Muhl is the lead security consultant with offensive security firm RedTeam Security. He specializes in ethical hacking, social engineering, and red team activities and has an extensive background in technology and information security.
"The top three free security tools every infosec pro should be using include..."
- Nmap - It's a powerful tool for doing basic discovery against networked systems. It can do basic host discover, it can enumerate all of the listening services on devices, and the Nmap scripting engine (NSE) allows for vulnerability analysis and so much more.
- Metasploit - It includes many auxiliary modules for service enumeration and vulnerability analysis. It also has exploit code and modules for performing post exploitation against systems.
- Netcat - It's the Swiss army knife in the security pro's tool set. It makes connecting to a service and interacting with it easy, even if you don't know what the service is.
Andrey Leonov, Information Security Engineer at SEMrush, has been working in the realm of cybersecurity for many years now. He grew up in Saint-Petersburg, Russia, and has always been on the white side of cybersecurity. His biggest interest outside his job, of course, is finding vulnerabilities in programs and reporting them to developers. In fact, just last year he found a vulnerability in Facebook, which gained press coverage.
"The very best tool is..."
Burp Suite. Although I am using the pro version, its free version is really full of high-level functionalities for any infosec professional and has really insignificant limitations. This tool helps me resolve a big set of security issues, such as:
- Intercepted proxy
- Scope control
- Opportunity to modify queries
- Possibility of fuzzing of Intruder tab
Another tool that’s really helpful in my everyday operations is Kali Linux. The functionality of Kali Linux is immense, with a wide range of various tools that help any security analyst on every level of the quest for finding issues and vulnerabilities including:
The tool that’s particularly dear to me personally, and many other information security engineers, is sqlmap – a tool that helps you deal with a designated SQL vulnerability. Its ability to fine-tune itself in relation to almost any vulnerability is of utmost value. It has an immense amount of vector assault on different SQL databases, according to the type of vulnerability you are targeting – Blind, Union, Error-based, Time-based, and so on.
Lindsey Havens is the Senior Marketing Manager at PhishLabs, an organization that provides security awareness training and phishing protection.
"For a security professional, there are a few tools that can aid in making their job a little easier..."
Here are some of the most helpful tools for anyone working in infosec today:
- Burp Suite by Portswigger - Burp Suite community edition is free and is a comprehensive solution for web application security checks. The tool has a proxy feature, which is useful when manually inspecting and maneuvering web traffic. It also includes a scanner that performs vulnerability scans automatically on all web applications.
- ModSecurity by Trustwave- ModSecurity is a web application firewall that allows you to perform real time logging, as well as monitor and have access control. It also comes with API and a powerful rules language that enables you to implement your own custom protections.
- Security Monkey by Netflix Security - Monkey checks your AWS and GCP accounts for any policy changes or alerts on insecure configurations. Security Monkey helps automate the process of managing the configurations and policies on the cloud and integrates well with developer workflow tools like JIRA to bug reports and create tickets.
Spencer McIntyre works on the Research and Innovation team at SecureState where he focuses on developing vulnerabilities and internal tools in addition to working on special projects. He is an avid contributor to the open source community.
"The top three free security tools every infosec pro should use are..."
- The Metasploit Framework: This is the largest open source penetration testing framework. Infosec professionals should be familiar with how to use it to test for and demonstrate vulnerabilities within their environments.
- Nmap: Nmap is the best open source port scanner. It can be used for a variety of tasks, including mapping out networks and host fingerprinting. With the addition of its scripting engine it is also a capable of identifying many common vulnerabilities.
- Wireshark: Possibly the best analysis tool for network traffic, Wireshark has applicable uses for a variety of tasks including incident response, reverse engineering, malware analysis, and penetration testing. This tool makes it very easy to identify and filter traffic either captured live or though the standard pcap file format.
Michael Fimin, the accomplished expert in information security, is CEO and co-founder of Netwrix, the company that introduced the first visibility platform for user behavior analysis and risk mitigation in hybrid IT environments. Netwrix is based in Irvine, CA.
"I would suggest three tools for IT professionals that can help them troubleshoot security issues faster and make their jobs easier..."
- KeePass Password Safe is a free, open source and lightweight password manager, which helps IT pros securely manage their passwords. They can put passwords in one database, which is locked with one master key or a key file. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
- Nmap ("Network Mapper") is a free utility for network discovery and security auditing. Systems and network administrators can find it helpful during several steps of penetration testing and use it as a vulnerability detector or a security scanner.
- Malwarebytes Anti-Malware is a free tool that finds and removes malicious software, such as rogue security software, adware, and spyware. It scans in batch mode, rather than scanning all files opened, to reduce interference if another on-demand anti-malware software is also running on the computer.
Rob LaMear IV
Rob LaMear, CEO of US Cloud, is a technology leader with expertise in Cloud Computing and Cyber Security. He's a startup founder with 41% annual growth over 10 years and a patriot and dynamic speaker helping businesses securely transform digitally. Rob has built secure cloud collaboration infrastructure for the White House, NASA, Microsoft, Fidelity, and Pfizer.
"The top 3 free security tools that every infosec professionals should use are..."
Snort, ELK, and Wireshark.
Snort is an open-source network intrusion detection system (IDS) software that can be installed on either Linux or Windows. Its job is to detect cyber threats via real-time traffic analysis and packet logging.
ELK (Elasticsearch-Logstash-Kibana) is an open source log management solution. It is often compared to the more expensive Splunk. ELK serves as a holding place for all your log files. ELK aggregates your log files so that they may be analyzed by the SIEM (Security Information and Event Management) tool and prioritizes threats for infosec pros to respond to.
Once a high-priority threat is identified, you can use Wireshark to capture all network traffic going to a particular server or device. Wireshark packet capture allows an infosec pro to remediate attacks by isolating compromised devices from the rest of the network.
Being the Head of IT at Cleardata, a secure document management company, means that Andy Morley has had to make sure their network is absolutely watertight to avoid the theft or leaking of sensitive documents. He works hard to keep up-to-date in all areas of network security.
"The three free tools that have been essential to me are..."
- KeePass is an essential tool if you want to make sure your colleagues can use strong passwords without forgetting them all the time, or sticking them on a post-it note, which has never been the most secure of methods.
- You won’t be sure of just how strong your network security is until an attack happens. Metasploit Framework is the absolute best free tool when it comes to simulating hacking attempts. Use this to identify vulnerabilities.
- Nmap is a brilliant tool for mapping out your entire network, detecting vulnerabilities, and providing a huge amount of useful information that will be invaluable in your security efforts.
Raichel Simon is a Writer & Technical Consultant at Digitalbulls. With enormous interest in computers, Raichel has been successfully providing the best technical support and online tech classes to clients across the globe. Writing technical blogs & researching new technology are Raichel's passion for life.
"The top three free security tools based on the basic functions of computing are..."
- Wireshark: Network Security - The network is never a safe place, and you need an all-time active security tool to dictate the outgoing and incoming data. Open-source software like Wireshark provides details of network protocols which enable infosec pros to capture live data, analyze protocols, and inspect the packets from the wire. Why do you need it? Its range of features keeps you away from malware and spybots.
- ZoneAlarm Free Firewall: Window OS - We have internal threats like USB drives/devices, wireless access points, and optical media (CDs, DVDs, etc.), as well as external threats like spyware, ransomware, Trojans, phishing, and more. Your Windows OS is the playground for all this hideous theft to take place. Freeware like ZoneAlarm Firewall blocks unwanted traffic, hides from hackers, and shields your data.
- Authorize.net: Payment Gateway - The proliferation of payment security violations has led to concern over the use of cryptocurrency. Web-based payments are at risk of leaking the information from your checks, cards, passwords, and more. Authorize.net will improve the customer experience by providing methods of online payment, 24x7 surveillance, transaction monitoring, and blacklisting finance frauds.
Key takeaway: The only way to be ahead of the intruders is to think like them and protect your database. The Internet is a great source of free available knowledge and tools which can help keep you safe from attacks on your privacy and security.
Mihai Corbuleac is a Senior IT consultant at Bigstep.com, an IT company that provides a full-stack big data platform running in a secure, high-performance bare metal cloud.
"Even though there are numerous free security tools worth mentioning, I would begin with..."
EMET, a free Microsoft tool – one of the best security tools for Windows 10. This is a very efficient anti-malware tool. Secondly, I would mention Nmap – Network Mapper, which is open source software, and a viable vulnerability scanner for Windows, Unix, and Linux. Nmap can be easily used during network penetration testing. Finally, I would include Nessus, another remarkable vulnerability detector for Windows, macOS, and Linux.
Todd Millecam is the CEO of SWYM Systems, Inc., offering full solution engineering services specializing in IT infrastructure, DevOps, and development. Todd has over 11 years experience working professionally in IT with nearly 20 years experience in IT work total. He has worked on every phase of software engineering projects, from architect to end user long term support.
"The top three free security tools for infosec pros are..."
- The CVE database is by far the top for security professionals. You should be frequently visiting it and keeping up with it.
- Nessus. This will scan your builds and tie all your dependencies to a CVE entry and give you a risk assessment. There's a free trial version, but it's only for 7 days. After that, it's pricey, but it can be worth it if your company has the budget for it.
- Linux. Knowing how Linux works, from the kernel, to the module, to the application, is one of the most valuable tools any infosec professional can have. The tools available on Linux let you gain intuition as well as hands-on knowledge for what is being targeted and how to mitigate problems before they happen. Know how to compile, how to do an object dump, how to sniff a network interface, how to script, and how to tweak kernel settings. Linux can be the most potent tool in a security pro's arsenal.
Robert Siciliano, CSP, the #1 Best Selling Amazon.com author and a security expert with Hotspot Shield, is serious about security awareness training. Robert is a security expert and private investigator fiercely committed to informing, educating, and empowering people so they can protect themselves, both in their physical and virtual interactions.
"Every infosec professional should..."
Always use a VPN tool, especially when on free public WiFi. There are several free VPN services for which you can compare and contrast different reviews. When carrying flash drives, encrypting data is essential. There are numerous free encryption tools available. To reduce the chances of being socially engineered, download a carrier- deployed mobile phone app that blocks spam calls to your cellphone.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business