Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

11/30/2017
09:45 AM
100%
0%

5 Free or Low-Cost Security Tools for Defenders

Not all security tools are pricey.

INSECURITY CONFERENCE 2017 - Washington, DC - Defending the enterprise is increasingly getting complex, with cloud, mobile, and IoT services expanding the potential attack surface and yet IT security budgets may remain constrained to address new threats, Arun DeSouza, CISO and privacy officer with Nexteer Automotive, said in a presentation here today.

But a number of free, or low-cost, tools exist to help security teams deliver a strong defense and remain within their budget, according to DeSouza, who offered tips on this topic. "We are in the fourth industrial revolution and there is great opportunity, but also more risk," DeSouza said.

Here are five free, or low-cost, security tools to extend a security budget:

  • Bloodhound, a new open source pen test tool for Microsoft's Active Directory environment. "This is a cool tool that identifies attack paths, so you can see how to shut them down," DeSouza said.
  • Nikto, an open source Web server scanner. "It's a powerful tool that can scan over 6,500 known vulnerabilities," DeSouza said.
  • Reputation Monitor, a free service from AlienVault that conducts threat analysis. "If your public IPs and domains are compromised, it will alert you," DeSouza said.
  • Ghostery, a free browser extension for private web browsing. "It's another way to sanitize data," DeSouza noted.
  • Google Authenticator, a two-step verification code generator. "Companies that don't have an identity management framework in place can get a higher level of protection with this," DeSouza said.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Flow59
50%
50%
Flow59,
User Rank: Apprentice
12/12/2017 | 3:41:26 AM
thanks for the article
Very usefull, good to know ! Ty 
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26244
PUBLISHED: 2020-12-02
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expecte...
CVE-2020-28206
PUBLISHED: 2020-12-02
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also ...
CVE-2017-14451
PUBLISHED: 2020-12-02
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send m...
CVE-2017-2910
PUBLISHED: 2020-12-02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
CVE-2020-13493
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an atta...