Can Open Source Tools Really Stop Advanced Attacks?

Open SourceOf course the answer is yes but keep reading on to hear my theory why. If you’ve spent any amount of time with me, at some point you’ve probably heard me rant about recommending the use of open source tools and talented people over expensive COTS products. While not totally lining up with this theory exactly, here’s a great article pushing the use of open source tools (like Security Onion) for monitoring SCADA systems. Below are a few nuggets from the article to take away.

via DarkReading.com

“We’re really just trying to evangelize, getting folks to start looking at what’s going in their [industrial] control systems. You can do all of this stuff with open source [tools] out there. And if you want to take advantage of automation and some GUIs, you can look at commercial software” as well, Caldwell says.

There are several open source network security monitoring tools; Caldwell and Sistrunk at S4 will demonstrate a set of tools from the open-source Security Onion Linux suite, including Wireshark, NetworkMiner, Bro, and Snorby, for network monitoring and intrusion detection.

Open-source NSM isn’t a set-it-and-forget-it process, though. “The fundamental thing is you’ve got to have people involved, using their intel to be able to say ‘this is not normal'” traffic, Caldwell says.

Read the full article here.

#####

Today’s post pic is from Wikimedia.org. See ya!

3 comments for “Can Open Source Tools Really Stop Advanced Attacks?

  1. February 12, 2015 at 12:30 pm

    Can Open Source Tools Really Stop Advanced Attacks?… http://t.co/t1E3CtioIX

  2. February 12, 2015 at 2:48 pm

    BLOGGED: Can Open Source Tools Really Stop Advanced Attacks? http://t.co/RSsd2vX4hY

  3. February 13, 2015 at 10:40 am

    Can Open Source Tools Really Stop Advanced Attacks? https://t.co/satHJeQ34d | FOSS FTW!!

Comments are closed.