[vc_row][vc_column width=”2/3″][vc_wp_text]

[xyz-ips snippet=”metadatatitle”]

[/vc_wp_text][vc_empty_space][/vc_column][vc_column width=”1/3″][vc_wp_text]

[xyz-ips snippet=”metadatatime”]

[/vc_wp_text][/vc_column][/vc_row][vc_row][vc_column width=”2/3″][vc_column_text]

For a SOC (Security Operations Center) it is vital to continuously be informed about the events of the monitored network on a centralized platform. The SIEM (Security Information and Event Management) system performs this task. It harvests the information from various log sources and – in accordance with the settings – generates security events. The SIEM alerts the security specialists about past events. The question arises, what shall we do, if we want to secure our system in addition to monitoring and reacting to events. The answer is to broaden the security system with additional tools, which considering cost-effectivity may be open source tools. These tools are:

 

  • Proactive security tools, such as IPS, vulnerability scanner, honeynet.

 

  • Forensic tools.

 

IPS

 

The IPS performs real-time packet inspection on every packet that travels across the network. If any malicious or suspicious packets are detected, the IPS will carry out several effective defensive actions. An IPS (intrusion Prevention System) can prevent different threats by scanning network traffic, such as:

 

  • Denial of Service (DoS)

 

  • Distributed Denial of Service (DDoS)

 

  • Known exploits

 

  • Viruses

Tools approved and recommended by Black Cell: Snort, Suricata, Zeek

 

Vulnerability scanner

 

For a proactive security specialist, it is vital to have a vulnerability scanner. With the help of the vulnerability scanner, the specialist can check whether the systems and applications have the latest patches, or have a critical vulnerability that could lead to an attack.

Tools approved and recommended by Black Cell: OpenVAS, CIS Benchmark tool

 

Deception technologies

 

Nowadays the attackers use more sophisticated tools than ever to gain unauthorized access tot he victims’ electronic information systems. With deception technologies, analysts can monitor and analyze the attack patterns without exposing the organization’s network to risk.

Tools approved and recommended by Black Cell: MHN (Modern Honey Network)

 

Forensic

 

The static and dynamic malware analysis tools, malicious code analyzers are forensic tools that give a better understanding of potential vulnerabilities in the networks.

Tools approved and recommended by Black Cell: Autopsy, Network Miner

 

Full packet capture

 

Full packet capture is a technology that records every bit that travels on the network for later inspection. This allows for validation of IDS/IPS alerts and validation of events that netflow or log data is showing.

Tools approved and recommended by Black Cell: Security Onion, SELKS, Moloch

[/vc_column_text][/vc_column][vc_column width=”1/3″][/vc_column][/vc_row]

Pin It on Pinterest