5 Free Security Analytics Tools
It's getting tougher to stay on top of the growing volume of security data generated. Take a look at some analytics tools for budget-conscious organizations.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltaefd7e4de2e41353/64f0dba596efc978722f8c89/Analytics1.jpg?width=700&auto=webp&quality=80&disable=upscale)
The adoption of mobile and cloud computing is expanding the security perimeter of the modern enterprise, and organizations are looking deeper into their IT infrastructure to monitor for malicious activity or software. These trends are producing a growing volume of threat data to be evaluated. To turn this data into meaningful intelligence, tools are needed that go beyond traditional security information and event management (SIEM) to integrate and analyze disparate types of data, structured and unstructured.
Analyzing threat data can be a non-trivial expense, especially for small and midsized organizations. Beyond software licensing, there is the cost of hardware, personnel, and training. But there are some free tools out there that can help.
Source: Cisco Systems
OpenSOC from Cisco
"We can no longer rely on traditional means of threat detection," says Pablo Salazar, manager of advanced services at Cisco Systems. Security today requires the application of big data analytics, and in November of last year, Cisco announced the OpenSOC open source security analytics framework. OpenSOC, an anomaly detection and incident forensics platform, integrates elements of the Hadoop ecosystem, including Storm, Kafka, and Elasticsearch, for full-packet capture, indexing, storage, data enrichment, and stream and batch processing, along with real-time search and telemetry aggregation. The free tool is available here.
Source: IKANOW
Community Edition Infinit.e
IKANOW's Infinit.e open source security analytics tool integrates with third-party applications and provides ingest, search, data widgets, and export features. The free Community Edition is a stripped-down version of the Infinit.e Enterprise Edition. It collects, stores, processes, retrieves, analyzes, and visualizes unstructured documents and structured records. Data from all sources is transformed into a single data model that allows common queries, scoring algorithms, and analytics to be applied across the entire dataset. It's available here.
Source: Splunk
Splunk
Splunk supports data discovery with the analysis of very large datasets through data indexing and MapReduce functionality pioneered by Google. Splunk can collect data from most sources without normalization and apply analytics and statistical analysis to security incidents. It lets threat analysts make sense of threat intelligence data and identify and document threats. It's available here for download.
Source: AlienVault
AlienVault Open Threat Exchange (OTX)
AlienVault OTX is a forum, not a software tool per se: it provides open access to a global community of threat researchers and security professionals. The platform delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from multiple sources. Members can actively discuss, research, validate, and share the latest threat data, trends, and techniques. You can join here.
Source: Symbiosis International University
Building An Open Source Threat Intelligence System
Researchers from the Symbiosis Centre for Information Technology at Symbiosis International University have proposed a model for a threat intelligence system to meet the need for a cost-effective and dynamic solution to counter sophisticated cyberthreats.
"Our solution needs to be one which is simple and easy to build and implement," Sabari Girish Nair and Dr. Priti Puri wrote. Components of such a model would include public data feeds and open source database management systems for storage of security logs and profiles of advanced persistent threats, with a SpagoBI open source business intelligence suite as the analytic engine.
The solution probably would not be as effective or as fully automated as a proprietary commercial system, but it would be almost free and could be easily modified, they say. Nair and Puri's paper detailing the elements of an open-source solution is available here
.
Source: Symbiosis International University
Building An Open Source Threat Intelligence System
Researchers from the Symbiosis Centre for Information Technology at Symbiosis International University have proposed a model for a threat intelligence system to meet the need for a cost-effective and dynamic solution to counter sophisticated cyberthreats.
"Our solution needs to be one which is simple and easy to build and implement," Sabari Girish Nair and Dr. Priti Puri wrote. Components of such a model would include public data feeds and open source database management systems for storage of security logs and profiles of advanced persistent threats, with a SpagoBI open source business intelligence suite as the analytic engine.
The solution probably would not be as effective or as fully automated as a proprietary commercial system, but it would be almost free and could be easily modified, they say. Nair and Puri's paper detailing the elements of an open-source solution is available here
.
The adoption of mobile and cloud computing is expanding the security perimeter of the modern enterprise, and organizations are looking deeper into their IT infrastructure to monitor for malicious activity or software. These trends are producing a growing volume of threat data to be evaluated. To turn this data into meaningful intelligence, tools are needed that go beyond traditional security information and event management (SIEM) to integrate and analyze disparate types of data, structured and unstructured.
Analyzing threat data can be a non-trivial expense, especially for small and midsized organizations. Beyond software licensing, there is the cost of hardware, personnel, and training. But there are some free tools out there that can help.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024