SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, January 10, 2011

Seven Cool Open Source Projects for Defenders

Posted on 5:43 PM by Unknown
Long-time blog readers should know that I don't rely on tools to defend my enterprise. I rely on people first, followed by tools, then processes. However, today I took a moment to consider the myriad of really cool work happening (mainly) in the open source tool community. When I started counting, I found about seven projects that are likely to help you defend your enterprise.

Most of these require some commitment of brainpower and willingness to learn, but I am nevertheless very pleased to see this much innovation on the defensive side. Collectively these projects do not "solve" any problems (nor should they), but I am certain they can help address one or more problems you may encounter -- especially regarding visibility. In other words, these are the sorts of tools (with one or two exceptions) that will help you detect and respond to intruders.

These are numbered for reference and not for priority.

  1. Charles Smutz recently announced his Ruminate IDS, whose goal is to "demonstrate the feasibility and value of flexible and scalable analysis of objects transferred through the network." Charles is also author of the Vortex prohect, a "a near real time IDS and network surveillance engine for TCP stream data."

  2. Doug Burks just released a new version of SecurityOnion, an Ubuntu-based live CD to facilitate network security monitoring. You'll find many of the tools on this list in SO and I expect those missing will be included at some point!

  3. Over at Berkeley, development of the Bro IDS project is kicking into high gear with Seth Hall's new role as a full-time developer. We miss you Seth!

  4. OISF just released a new version of their Suricata IDS. If you're going to RSA next month, see the OISF team at their next Brainstorming Session. I plan to stop by.

  5. Dustin Webber and new team member Jason Meller just released a new version of Snorby, a Web 2.0 interface for Snort alerts. I hope to see Snorby packaged in SO soon.

  6. Edward Bjarte Fjellskål continues to release cool new code, from the packet capture system OpenFPC with Leon Ward to Polman for managing IDS rules.

  7. Sourcefire's Razorback framework seems to be making some progress again, and the relaunch of new Snort, VRT, and ClamAV blogs under new community manager Joel Esler is a welcome move.


Check these out if you have some time!
Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • SANS WhatWorks Summit in Forensics and Incident Response
    I wanted to remind everyone about the SANS WhatWorks Summit in Forensics and Incident Response in DC, 8-9 July 2010. The Agenda looks gre...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Sguil 0.7.0 on Ubuntu 9.10
    Today I installed a Sguil client on a fresh installation of Ubuntu 9.10. It was really easy with the exception of one issue I had to troubl...
  • Microsoft Updates MS09-048 to Show XP Vulnerable to 2 of 3 CVEs
    Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected So...
  • Understanding Responsible Disclosure of Threat Intelligence
    Imagine you're hiking in the woods one day. While stopping for a break you happen to find a mysterious package off to the side of the t...
  • Embedded Hardware and Software Pen Tester Positions in GE Smart Grid
    I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetr...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ▼  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ▼  January (9)
      • Wanted: Incident Handler in Michigan
      • Seven Cool Open Source Projects for Defenders
      • More on Chinese Stealth Fighter and APT
      • Happy 8th Birthday TaoSecurity Blog
      • The "IT as a Business" Train Wreck
      • To Those Who Want Tim Thomas Books
      • TaoSecurity Lab
      • VizSec 2011 Call for Papers Open
      • Starting the New Year Right
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile