Covering the most important tools for security professionals is not an easy topic. There is always innovation in the community, and new capabilities are being added to tools we use regularly.
You might be thinking that these tools will be new and cutting edge, but in fact, most of these tools have been commonly used by security professionals both personally and professionally for quite some time. The most essential open-source tools cover everything from assessing systems, securing your personal data, debugging issues and understanding complex systems such as Kubernetes. The tools we cannot live without are:
• Nmap: A week doesn’t go by where Nmap isn’t in my history. This scanner is great for determining what another device is, what it runs and other information about how the device is being protected. This essential tool is often the first step that a hacker or security professional uses to gain a basic awareness of a specific system. One of my favorite tools.
• Wireshark: Wireshark is the Swiss Army knife of debugging networks, making it an essential tool for technologists of various types and not only for the security professional helping us debug distributed systems. Wireshark is the best way to collect low-level network packet data and analyze it. It can understand countless applications and protocols, and it’s been in development for many years. Improvements in visibility and analysis help us gain a better lens into our growing complexity.
• Falco: Falco is a great threat detection and monitoring tool for Kubernetes. It enables you to understand state changes, configuration changes, deployments and other pattern detections that will show a compromise could have occurred. The community is vibrant and produces many great rules to help everyone, and the future of the community and governance is assured since this project is part of the Cloud Native Computing Foundation (CNCF).
• OSSEC: OSSEC is an amazing collection of technologies to help secure a host. In today’s environments, defense in depth is a necessary approach to secure essential assets. OSSEC can make compliance much easier, with great best practices for frameworks like HIPAA, PCI, SOX and much more.
• osquery: This has become more useful over time for security professionals. First created by Facebook and released as open-source, this tool runs an agent on systems to execute commands. The project has been evolving over the years and is easy to incorporate into your scripts and tools for answering questions about your systems. The tool can be used to report on systems and what they’re running and what they’re connecting to, and best of all, you can run these queries across many systems at once with some simple scripting.
• ZAP: ZAP is a useful tool to help scan web applications for common security vulnerabilities. It allows for automated testing and an ecosystem of contributed add-ons. The tool is provided by OWASP, which is a great organization providing open-source security software and communities. If you are interested in getting into pen-testing, ZAP is a great tool for beginners or experts.
• Bitwarden: This is the one tool in my personal list versus my professional list. Bitwarden is a password tool that has great integrations and capabilities that you’ll find in proprietary tools, but this one is entirely free and open source. Bitwarden is cross-platform, cross-browser and secure. It incorporates and integrates with various two-factor authentication (2FA) systems and includes its own Time-based One-time Password (TOTP) capabilities. You can self-host it or pay $10 per year for Bitwarden to host it for you.
Honorable mentions Suricata and Zeek could belong on this list, but the reason they did not make the list is the use of packet data is becoming more and more difficult in today’s cloud world.
The community needs more advanced open-source tools to analyze log and flow data, which are more critical to those using cloud infrastructure and are high-value data sources for security use cases. There is bound to be more innovation in this area, resulting in more open-source projects launched to address the growing needs of security professionals as we struggle to secure an ever-growing set of complex systems in our cloud-centric world.
As your business grows, safeguarding the applications and systems it relies on involves a unique approach that balances accessibility with cybersecurity. At Raptor IT Consultants, our mission is to establish a foundation for your network resources that empowers users to work efficiently, while offering scalable, managed IT services that complement any business model; affordably. #raptoritnetwork