Mobile

11/30/2017
09:45 AM
100%
0%

5 Free or Low-Cost Security Tools for Defenders

Not all security tools are pricey.

INSECURITY CONFERENCE 2017 - Washington, DC - Defending the enterprise is increasingly getting complex, with cloud, mobile, and IoT services expanding the potential attack surface and yet IT security budgets may remain constrained to address new threats, Arun DeSouza, CISO and privacy officer with Nexteer Automotive, said in a presentation here today.

But a number of free, or low-cost, tools exist to help security teams deliver a strong defense and remain within their budget, according to DeSouza, who offered tips on this topic. "We are in the fourth industrial revolution and there is great opportunity, but also more risk," DeSouza said.

Here are five free, or low-cost, security tools to extend a security budget:

  • Bloodhound, a new open source pen test tool for Microsoft's Active Directory environment. "This is a cool tool that identifies attack paths, so you can see how to shut them down," DeSouza said.
  • Nikto, an open source Web server scanner. "It's a powerful tool that can scan over 6,500 known vulnerabilities," DeSouza said.
  • Reputation Monitor, a free service from AlienVault that conducts threat analysis. "If your public IPs and domains are compromised, it will alert you," DeSouza said.
  • Ghostery, a free browser extension for private web browsing. "It's another way to sanitize data," DeSouza noted.
  • Google Authenticator, a two-step verification code generator. "Companies that don't have an identity management framework in place can get a higher level of protection with this," DeSouza said.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Flow59
50%
50%
Flow59,
User Rank: Apprentice
12/12/2017 | 3:41:26 AM
thanks for the article
Very usefull, good to know ! Ty 
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-6461
PUBLISHED: 2019-03-21
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result i...
CVE-2015-6462
PUBLISHED: 2019-03-21
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, ...
CVE-2018-13798
PUBLISHED: 2019-03-21
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a D...
CVE-2019-5490
PUBLISHED: 2019-03-21
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed...
CVE-2019-8997
PUBLISHED: 2019-03-21
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted X...