10 Free or Low-Cost Security Tools
At a time when many organizations struggle with security funding, open-source tools can help cut costs for certain businesses.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt425259ca5822df26/64f0d7e29e40711050fceff7/SecTools_Intro.jpg?width=700&auto=webp&quality=80&disable=upscale)
Security spending is on the rise, but allocating funds remains a challenge. Systems are expensive and skilled talent — if you can find it — comes at a high price.
A new wave of tools, from low-cost to free open source software (FOSS), aim to help with tasks like network scanning and penetration testing. Some of these tools are tailored for specific purposes while others cross several domains.
While free tools sound great, their usefulness varies from business to business. For some organizations, they are helpful means of solving small problems. For others, they are too "siloed" to be effective.
"It depends on the environment," says Travis Farral, director of security strategy at Anomali, which is behind the Staxx free threat intelligence tool. "Some are against major deployment of anything open-source that doesn’t have a company behind it, for support or liability issues."
Because many free and low-cost tools are designed for specific purposes, they often require advanced technical expertise. Several major businesses use a combination of major enterprise tools and FOSS utilities because they have the staff to support them.
For organizations with less staff, siloed tools require security practitioners to become systems integrators because they need to have the solutions work together, says Lee Weiner, chief product officer at Rapid7. They can't do that and succeed in protecting their organizations.
"For companies constrained in security resources — which the vast majority are — they are almost burdened more by the fact that solutions have been siloed to solve a specific problem," Weiner continues.
There are differing schools of thought on the debate over free tools, says Mocana CTO Dean Weber.
"Some in the community believe open source and free tools have evolved to a point where they can be used in commercial and development environments," he explains. "Others believe that lack of support, maturity, and security make these types of tools insufficient for enterprise -- and especially mission critical -- environments."
Indeed, as IOActive's VP of services, Owen Connolly, says, there is no such thing as a free lunch.
"If you're going to go down the road of FOSS for security, then you need to spend money to get the right people to manage your environment."
While they may not be a perfect fit for every organization, budget-friendly tools have evolved and can certainly provide value in the right environments. Here, a few experts share their recommendations free and low-cost security tools. We'd like to keep adding to this list, so please feel free to share your recommendations in the comments section.
Nmap, or "Network Mapper" is a free and open-source security scanner, port scanner, and network exploration tool. It's also used by systems and network admins for tasks like monitoring host or service uptime, managing service upgrade schedules, and network inventory. Nmap leverages raw IP packets to learn more about hosts available on the network, the application name and version they offer, and operating system they're running.
Nmap is useful for discovering networks, learning what's running on them, and as an inventory solution, says Weiner, but businesses will need more technical know-how to fully use it. The tool was designed for larger networks and runs on all major operating systems.
"It's not without some work," he notes. "You have to take output from that and put it somewhere so you can understand its result in a cohesive way."
Security Onion is a collection of network security tools bundled in a single distribution to cover network security monitoring, log management, hunting, intrusion detection, and network security monitoring. Some of its included tools are Bro, Snort, Suricata, OSSEC, Sgiul, Squert, Xplico, among others.
"This is just one of the best tools available for doing network monitoring/forensics and IDS-type activities," says Connolly. "Even if you never actually use it in anger, just playing with it will increase your network security knowledge."
Connolly says he has seen Security Onion deployed in "fairly sizeable enterprises" and it performs well at scale. As with many tools, however, he says it does require a good amount of technical ability to extract value from it.
Suricata is a free, open source network threat detection tool. It's used for real time intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM). Suricata is owned and supported by the Open Information Security Foundation (OISF).
A surprising number of businesses use Suricata, says Farral, who describes the tool as mature, heavily developed, and equipped with useful capabilities. He also notes speed has improved for Suricata in recent versions and there's "aggressive development" continuing to build it.
Bro is an open source, UNIX-based monitoring framework for monitoring network activity including software, file types, and networked devices. The tool, which began as part of a research project at the Lawrence Berkeley National Laboratory, aims to go beyond traditional signature-based detection. You can use it to monitor all traffic, analyze historical data following a zero-day attack, or build a black hole router to protect against attacks.
Like Suricata, Bro is a network-based tool but runs differently in the way it parses information. While Bro looks at traffic behaviors, Suricata looks inside the packets themselves, Farral explains. Bro is broad enough to be relevant and useful across most environments.
pfSense, another tool recommended by Connolly, is a free and open source distribution of FreeBSD designed to be used as a firewall and router. The software includes an easy-to-use Web interface, he says. pfSense only provides the software component of the firewall, so if you choose to use it, you'll have to tailor the hardware to meet your needs.
Moloch is a "very handy tool to have in your arsenal," says Farral. The open-source full-packet capturing, indexing, and database tool aims to extend existing security infrastructure by storing and indexing network traffic. It's not meant to replace intrusion detection systems, but support current infrastructure in standard PCAP format.
If you need to research a security event, it's helpful to have all the packets associated with that communication in order to conduct incident response. However, it may require some extra work depending on how much traffic you plan to throw at it, says Farral.
OSSIM, a recommendation from Connolly, is the Open Source Security Information and Event Management (SIEM) from AlienVault. It was built by security engineers who saw the need for more open-source products, noticing a SIEM isn't fully useful without basic controls for visibility.
OSSIM bundles capabilities including asset discovery, intrusion detection, vulnerability assessment, SIEM, and behavioral monitoring. AlienVault's Open Threat Exchanges lets users send and receive information about malicious hosts, and ongoing development aims to provide broader access to security controls.
If you're curious about machine learning in security, get your feet wet with Apache Spot, a fairly new tool that came from a need to be able to scour a business environment for specific malicious content and intelligence. The open-source cybersecurity project aims to bring advanced analytics to all telemetry data, and it aims to improve threat detection, investigation, and remediation with machine learning.
"The fact that this is free and open source is cool," notes Farral, noting how offshoot projects on Apache Spark have turned into useful utilities.
Metasploit is penetration testing software created by famed security researcher HD Moore and managed by the open source community and Rapid7. It helps offensive security teams discover vulnerabilities through automated penetration tests, which are fueled by a continuously growing database of exploits. It's useful for testing people, processes, and technology within an organization to understand the potential impact of complex cyberattacks. By hitting your security program with real attacks, you can understand the damage and efficiently fix flaws.
"The Metasploit Framework gets a lot of attention, and people are contributing to it," says Weiner, noting how the open source community drives visibility for the Metasploit tool. This tool is not to be confused with Rapid7's commercial version, Metasploit Pro.
Metasploit is penetration testing software created by famed security researcher HD Moore and managed by the open source community and Rapid7. It helps offensive security teams discover vulnerabilities through automated penetration tests, which are fueled by a continuously growing database of exploits. It's useful for testing people, processes, and technology within an organization to understand the potential impact of complex cyberattacks. By hitting your security program with real attacks, you can understand the damage and efficiently fix flaws.
"The Metasploit Framework gets a lot of attention, and people are contributing to it," says Weiner, noting how the open source community drives visibility for the Metasploit tool. This tool is not to be confused with Rapid7's commercial version, Metasploit Pro.
Security spending is on the rise, but allocating funds remains a challenge. Systems are expensive and skilled talent — if you can find it — comes at a high price.
A new wave of tools, from low-cost to free open source software (FOSS), aim to help with tasks like network scanning and penetration testing. Some of these tools are tailored for specific purposes while others cross several domains.
While free tools sound great, their usefulness varies from business to business. For some organizations, they are helpful means of solving small problems. For others, they are too "siloed" to be effective.
"It depends on the environment," says Travis Farral, director of security strategy at Anomali, which is behind the Staxx free threat intelligence tool. "Some are against major deployment of anything open-source that doesn’t have a company behind it, for support or liability issues."
Because many free and low-cost tools are designed for specific purposes, they often require advanced technical expertise. Several major businesses use a combination of major enterprise tools and FOSS utilities because they have the staff to support them.
For organizations with less staff, siloed tools require security practitioners to become systems integrators because they need to have the solutions work together, says Lee Weiner, chief product officer at Rapid7. They can't do that and succeed in protecting their organizations.
"For companies constrained in security resources — which the vast majority are — they are almost burdened more by the fact that solutions have been siloed to solve a specific problem," Weiner continues.
There are differing schools of thought on the debate over free tools, says Mocana CTO Dean Weber.
"Some in the community believe open source and free tools have evolved to a point where they can be used in commercial and development environments," he explains. "Others believe that lack of support, maturity, and security make these types of tools insufficient for enterprise -- and especially mission critical -- environments."
Indeed, as IOActive's VP of services, Owen Connolly, says, there is no such thing as a free lunch.
"If you're going to go down the road of FOSS for security, then you need to spend money to get the right people to manage your environment."
While they may not be a perfect fit for every organization, budget-friendly tools have evolved and can certainly provide value in the right environments. Here, a few experts share their recommendations free and low-cost security tools. We'd like to keep adding to this list, so please feel free to share your recommendations in the comments section.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024