Rastrea2r is a free and open-source utility that focuses on detecting indicators of compromise. It can scan and create reports on your indicator of compromise repository. It can also analyze new information found within your IOC repository by scanning the data and placing results into any number of output formats. It supports YARA rules and has several useful features such as the ability to locally scan and bundle your IOC, send your IOC to Virus Total for free automated analysis, check for C2’s, TLS/SSL certificate validity, support for Base64 encoded strings, hash calculation and a command-line interface.
It searches and stashes files that may have been created during the execution of malicious code onto a compromised machine. It is designed to quickly identify files that hackers often remove from compromised hosts, including compiler artifacts, binaries, malware, and mail files. The utility also has a built-in reporting feature that can generate an HTML report, which lists IOCs identified on a machine.
#1 Suricata IDS
Suricata IDS is a high-performance Network IDS, IPS, and Network Security Monitoring engine. It runs on Windows XP and above, on Linux, FreeBSD, Mac OS X (10.6 and above), Solaris, AIX, and HP-UX, on virtual machines (VMware ESX / ESXi, Xen, KVM), and on bare metal and in containers (Docker). It is protocol-independent but has an efficient implementation for various protocols and offers various rule types to detect different attacks. It supports database engines such as MySQL, PostgreSQL, SQLite, and Oracle.
Suricata IDS is an open source-based intrusion detection system and intrusion prevention system. It is a replacement for proprietary IDS/IPS solutions. It differs from other open-source network security tools because it detects malicious activity and reports on it but does not mitigate those attacks. It is most often used as the engine for an Intrusion Detection System (IDS) or Security Information Event Management (SIEM). It focused on performance, portability, and simplicity. Overall, it’s the best network security monitoring engine.
#2 Cisco Secure IPS
Cisco Secure IPS is a platform that provides network visibility, security intelligence, automation, and advanced threat protection. It provides continuous, real-time protection against malicious Internet protocol (IP) traffic while eliminating the need to deploy expensive appliances or hire specialized IT personnel. Firesight Management Center is the endpoint visibility and control solution for Cisco’s Unified Access Control platform. It provides a single pane of glass for operational visibility, control, and continuous compliance over every endpoint on the network.
Customers have the ability to granularly enforce security policies on all endpoints as well as see and analyze endpoint activity. It provides identity context and user awareness to deployed on Cisco ISR routers. Its team provides unified management of CIPS devices. The management console provides visibility into all deployed devices with the ability to switch between different views, including site-level and device-level views, a map view, and more. Overall, it’s the best network security monitoring engine.
#3 Juniper SRX
Juniper SRX is a network security solution. It is designed to secure a business’ web presence and infrastructure. It provides multitenant security features that include a stateful firewall, application gateways, NAT, and VPNs. Also, it offers award-winning routing capabilities as well as scalability. It enables you to address the growing threat of malware on the Internet. It allows you to protect your data from unauthorized access. It offers you to lessen downtime from network failures.
It provides protection from attacks on your apps, devices, and infrastructures while preventing compliance risk and liability. It allows businesses to communicate with external customers and partners in ways that provide benefits and competitive advantages. It provides a platform for conducting business via mobile devices, social media, and cloud apps securely and reliably. It has an intuitive and user-friendly interface. In short, it is a network security solution that is designed to help businesses secure their IT infrastructure.
#4 SonicWall Capture Advanced Threat Protection
SonicWall Capture Advanced Threat Protection is a new cloud-based sandbox service that helps to provide continuous security against complex threats by leveraging intelligence and automation to proactively protect organizations from advanced attacks, including zero-day exploits. It developed its Capture ATP threat detection and response platform in response to the growing threat of cyber-attacks, such as ransomware and botnet attacks. It scans network traffic at the gateway, identifying malicious activity and alerting the security team of suspicious activity.
The platform uses advanced cloud-based sandboxing technology to inspect files for malware or abnormal behavior for up to 10 days without introducing latency or affecting the business’ network performance. It allows businesses to detect threats that can’t be identified using traditional tools, closing a significant part of the gap when it comes to stopping advanced attacks. It combines industry-leading next-generation firewall and Unified Threat Management functionality with advanced threat protection and real-time analysis. In short, it’s the perfect network monitoring service.
#5 Cisco IPS Sensor
Cisco IPS Sensor is a platform for network security monitoring. It provides continuous network-based threat detection and helps in securing the network infrastructure. It is a highly scalable, high-performance network security sensor for protecting Cisco customers from both known and unknown threats. It automatically discovers, classifies, and prioritizes all types of attacks from across the network. It also proactively monitors the attack posture of your network and provides continuous analysis of traffic patterns.
It analyzes the suspicious data packets, determines the type of attack, and generates logs for each detected attack, which can be analyzed to detect any potential damage. It is one of the most scalable network security monitoring platforms in the industry. It provides real-time threat intelligence and advanced malware protection with continuous visibility and control of servers, apps, virtualized networks, and Internet of Things (IoT) devices. The platform uses multiple sensors to provide continuous protection across physical, virtual, cloud, mobile, and IoT environments while having industry-leading performance.
#6 McAfee Network Security Platform
McAfee Network Security Platform is a next-generation intrusion detection and prevention system. It is an end-to-end security solution that includes embedded network security hardware and software that enables you to detect and prevent advanced persistent threats, zero-day exploits, ransomware, and other malicious attacks faster than ever. It prevents risks from entering the network, a significant source of data loss and breaches. It allows organizations to unify their network security and greatly improve their visibility, detection, and response capabilities.
McAfee Network Security Platform utilizes an innovative prevention-based approach that uses predictive analytics to ensure that the most productive assets on the network are secure. Devices can be added or removed from a site, and a simple “click to drill down” feature enables rapid access to various device-level details about threat detection history, security compliance, and other systems and applications data. It is a flexible rule-based engine that can be used to detect a wide range of threats. Overall, it’s the best network security platform.
Zeek is the world’s leading platform for network security monitoring. It’s the hub where security data, tools, and experts help teams to detect threats and defend their organization by aggregating logs together into one place, automatically identifying suspicious activity, and connecting with human expertise. With this solution, you’ll be able to see everything that happens in your network, from the end devices to applications, services, and transactions.
You’ll know that your employees are actually working when they are connected and what they’re doing on the Internet. It allows you to quickly see if there’s an issue with your enterprise security or if it’s a false alarm through its easy-to-use actionable dashboards. It makes deploying easy, and it can be activated across multiple infrastructures – physical, virtual, or in the cloud – with a single click. In short, this solution provides people the power to better protect and understand their network with a visual overview of network activity.
#8 Trend Micro Threat Protection System (TPS)
Trend Micro Threat Protection System (TPS) is an advanced Threat Protection solution to detect and block targeted attacks and malware. It provides a multi-layered defense that reduces the risk of targeted attacks, data breaches, and compliance violations. It is a complete suite of threat protection technologies that provide the best protection against all types of threats, including viruses, spyware, and internet scams. It provides five complimentary threat protection layers – Antivirus, Antispyware, Anti-Phishing, Parental Control, and Firewall.
It finds malicious websites and apps, phishing attacks, and user-generated content. It identifies new threats in the wild before the traditional antivirus products can flag them. It monitors applications by inspecting a packet stream as it traverses the network. It can run on a wide range of operating systems, including Linux, and on top of multiple network interface controllers. In short, if you are looking for threat protection software with a simple and intuitive interface, then it’s the perfect choice for you.
#9 Sweet Security
Sweet Security is the first comprehensive, scalable, and easy-to-use cloud solution for network and application performance monitoring powered by behavioral analytics. It provides deep packet inspection, advanced analytics, and a unique set of insights that allow users to detect advanced attacks aimed at web & mobile applications. It is the first platform for monitoring network security that does not require installation on the client-side of the software. The product is available for free for all users and organizations, with an unlimited number of channels.
The company designs and conducts research anywhere in the world through its team of cyber security professionals. It helps companies to secure their software applications against cyber threats such as bug tracking, cyber-criminal activities, distributed denial of service attacks, etc. Its core features include Data security, Application security, Mobile security, Globalized service, Security auditing, Online security, and much more. In short, it’s the perfect solution to monitor network performance.
DejaVu is a platform that provides information security research and consulting services to technology companies. In addition to software security, it provides research and consulting services in social engineering, physical security, network forensics, and incident response. The website is a blend of marketing, editorials, and news reporting, which is well presented with easy-to-use navigation. The blogs are written with a serious tone but still keep it light, which makes the blogs interesting to read.
It has eight main categories, which are: Research, Attack Analysis, Risks, Articles, Tools & Tricks, Documentation, Press, and Featured Projects. Its main aim is to provide companies with the necessary information security guidance to protect them from threats. It provides information security research and consulting services for companies such as banks, healthcare, retail, and app developers. It offers a variety of services from vulnerability assessment, penetration testing, application security assessments, security audits, and recommendations. Overall, it’s the best Platform for network monitoring.
#11 CHIRON ELK
CHIRON ELK is an open-source project combining ELK stack and AKTAION Machine Learning threat detection framework and provides a sandbox for ELK users for testing their data and improving their skills. It is a home analytics platform that runs on an open-source ELK stack. It uses the Alexa ranking technique to predict the popularity of domains and domains from social networks to get more accurate data.
It can also predict the popularity of a landing page based on the popularity of its domain, so webmasters have the ability to quickly find topics that are popular on various media sites. It uses Artificial Intelligence and Machine Learning to solve the problem of making the home intelligent. The purpose of this tool is to get people to share information easily and create a threat-sharing network. It provides a system that is fast to update to detect new malicious domains, IP addresses, URLs, etc. Overall, it’s the best platform for threat detection.
Maltrail is a malicious traffic detection system that utilizes the publicly available spam list/ blacklists of malicious and suspicious trails. The system is composed of two parts. A simple script is run on the mail server, which gathers email addresses from the mail logs and then sends a request to the publicly available spam list/ blacklists to check if the email address exists in any of those lists. If yes, then a notification is sent to the admin.
It lists every known IP address that has been involved in any kind of suspicious activity. In order to get the malicious IP addresses, it uses a list of IP logs from different companies, including Web, Mailbox, Routing, etc. These lists are updated every five minutes to ensure that the user receives the most recent information about their enemies, traitors, or suspicious ones. Overall, it’s the perfect malicious traffic detection system.
MISP Threat Sharing is an open-source threat intelligence platform that allows individuals, small businesses, and large organizations to collaborate on cyber security threat data. It is user-friendly, simple to deploy, and powerful with flexible APIs that can be used by both the end-users and in integration with other tools. It allows users to collect, refine, process and share IT security threat data. It provides a set of building blocks for describing, enriching, and sharing any kind of threat-related information.
The basic idea behind this solution is to provide a tool that allows any company or organization to collect threat information in a common format, share it and then use the shared information to improve their level of cyber security. It can operate on a wide range of operating systems, including Linux, and on top of multiple network interface controllers. In short, if you are looking for threat protection software with a simple and intuitive interface, then it’s the perfect choice for you.
#14 Proofpoint Advanced Threat Protection
Proofpoint Advanced Threat Protection is a security solution that defends complex malware or hacking attacks. It protects your website, web application, network, and end-users while focusing on both established and emerging attack techniques. It blocks more threats using fewer resources, so you can keep your entire workforce productive and safe. Its Machine Learning Engine combines the power of the cloud with next-generation scanning and detection techniques to keep ahead of emerging threats and zero-day vulnerabilities.
Proofpoint Advanced Threat Protection is powered by human intelligence, which allows the Norton Security team to identify and block threats before they get through to you. It monitors files and applications and stops them from ever reaching your personal email inbox. It also provides file integrity checking and log file monitoring/analysis. It can be set to execute an alert action when any change occurs. It has a flexible mechanism for collecting logs of all sorts. Overall, it’s the best security solution against complex malware.
Samhain is a host-based intrusion detection system. It provides file integrity checking and log file monitoring/analysis. It’s a security tool to make sure that malware hasn’t changed the files on your system. It will be useful for both regular users and system administrators. It has been built from the ground up to provide file integrity checking and log file monitoring/analysis. Samhain is a small, stand-alone, self-contained system that implements an active, host-based intrusion detection system.
It provides real-time system monitoring, log file monitoring/analysis, and compliance checking for various system logs. It provides a way to monitor the integrity of most files on a computer, regardless of their location or protection. It is currently used on hundreds of machines at universities, banks, and other institutions to improve their security and detect malicious activity. It watches for changes to the file’s contents, file flags, owner and permissions, checksum, and size. In short, it’s the best host-based intrusion detection system.
Helk is an open-source threat hunting platform. It provides advanced analytics capabilities for security teams to rapidly detect and respond to sophisticated cyber-attacks across the enterprise. It is built by Security Researchers for Security Researchers. It combines the best of open source with purpose-built features designed to boost efficiency and detection rates.
Helk works with any SIEM, Log Management, or Security Information and Event Management (SIEM) tools, incorporating advanced features such as intelligent scoring, behavioral analytics, and flexible event correlation. It is available under the Apache v2 License. Its open architecture allows integration with any third-party tools via a modular plugin system. It is a python-based platform designed to aid in the collection, storage, and analysis of cyber threat data. It can be used to detect potential intrusions or insider threats. It features memory forensics, sandboxing, embedded intelligence, and much more. Overall it’s the best open-source threat hunting platform.
Imunify360 is a complete security solution that helps users scan, identify, and clean malware from their Linux Web Servers. The package contains several tools, including Patch Management, Antivirus, Firewall, PHP Security Layer, and more. It uses advanced technology to recognize and fix major problems such as Blacklisted Domains, Web-Spam and Bad Bots, Outdated CMS, and Malware on Websites.
Imunify360 is a fully automated security software that guards servers against Cyber Attacks. It follows a distributed Threat Intelligence technique, which acts upon collects data from other instances and acts upon it. The moment it detects a threat, it activates server-wide protection. The solution has been enriched with Machine Learning Technology to make it more powerful. All the servers receive complete immunity because they share knowledge about threats with each other.
The software uses cutting-edge Proprietary technology to shield the infrastructure from familiar and unfamiliar malware. It takes a script and performs deep scans to find harmful execution flows. This removes additional workload from the user, such as the constant checking of CVE lists to locate vulnerabilities. Imunify360 blocks harmful PHP scripts from launching on web servers and shares information with antivirus and WAF to increase system-wide security. Other features include Lower False positives and Integration support.
#18 Ubuntu Linux Security
Ubuntu periodically rolls out new Security updates to address bugs and vulnerabilities, which is why it is the ideal Linux Distribution among developers and students. It comes pre-loaded with enterprise-grade security to ensure that the user will not face any problem after installation. The security experts work day and night to fix vulnerabilities and develop more enhanced security features to guard the system against malware and cyber threats.
Ubuntu Linux Security receives new updates all the time. These updates resolve problems and improve the speed and performance of the system so that the user can run high-demanding apps without any delays. Security updates are released for up to 5 years for the LTS version and are implemented automatically. It uses a Livepatch service to apply new fixes to the kernel without restarting the system. Protection is also extended to LXD containers, OpenStack VMs, and libvirt VMS through AppArmor.
Ubuntu Linux Security offers a set of profiles so that users can construct protection barriers for other applications. It meets the security standards of the US government and has received Federal Information Processing Standard for its strict compliance and adoption of enterprise-grade security practices.
#19 ConfigServer Security & Firewall
ConfigServer Security & Firewall is a comprehensive suite of scripts that provide Exploit checks, Stateful Packet Inspection firewall, and detection of Intrusions for Linux servers. It includes a top-notch notification system that notifies the user in case of SSH & SU Login and WHM root access. The service stays active 24/7 and provides reports whenever it detects Excessive user processes, Suspicious file & process, and mod_security log (depending on presence).
ConfigServer Security & Firewall provides upgrades that help users transition from one version to another within the control panel and between various shell versions. It includes a Dameon process that has the power to look for login authentication failures for multiple modules, including Suhosin, openSSH, Custom login, Mod_security, and more.
ConfigServer Security & Firewall offers out-of-the-box functionality with CPanel server and Direct Admin server. Other features include Protection against SYN Flood & Ping of death, the ability to function with several ethernet devices, System statistics, an Intuitive UI that allows for CSF configuration, and more.
#20 Dr.Web Desktop Security Suite
Dr.Web Desktop Security Suite offers protection for terminal server clients, workstations, and embedded system clients against viruses and malware. It includes several protection components that enhance the defenses of the system. It instantly blocks viruses and malware from moving across the system and repairs any program that may have gotten infected.
The solution features a SplDer Gate, an HTTP monitor that analyzes pages running on the web browser, and stops phishing URLs and other harmful content, and guards against miners. It monitors your system round the clock and prevents potential threats like Trojans and exploits from damaging your machine. It helps you keep your email inbox clean by specifying anti-spam in several languages along with lower false positives.
Dr.Web Desktop Security Suite offers a Backup program that enables you to revert an infected file to its previous state without additional support. It features a firewall that acts as an unbreakable wall to hackers trying to access your computer. The software can power a local network of computers and gives the administrator the ability to control the instances remotely.
Snort is a trusted Intrusion Prevention System and enables users to activate ultimate protection for their computer network. It uses a set of policies that help define harmful activities happening across the network and uses those policies to locate packets that fit the given criteria and sends warnings to users. Users can prevent unwanted damage by deploying snort to block these packets.
Snort provides multiple functionalities. It can work like a packet sniffer similar to the famous tcpdump and packet logger, which helps debug network traffic. Additionally, it can be deployed as a full-fledged network intrusion prevention system for scanning vulnerabilities in incoming and outgoing network traffic. Snort is ready for usage in both personal and business environments. Lastly, it can run on multiple operating systems, including Fedora, CentOS, FreeBSD, and Windows.
#22 F-Secure Linux Security
Linux Security by F-Secure protects Linux servers and desktops from viruses and malware. It prevents unauthorized users from accessing the network and can shield mixed environments against multi-platform malware. It detects and specifies malware on file servers, mail servers, and web servers. The software keeps administrators in the know by sending them frequent notifications about infected material. It blocks outside attempts to modify files of your system.
F-Secure Linux Security is simple to configure and provides enterprise-grade security for small, medium, and large businesses. It regularly connects to the server to install the latest updates and enhance system-wide security. It offers a comprehensive management module that allows you to change settings and profiles anytime. The solution blocks unauthorized users from modifying files and notifies administrators so they can make quick decisions. Lastly, it monitors the system and stops viruses and harmful applications from penetrating your machine.
#23 eScan for Linux File servers
eScan for Linux File servers shields workstations and servers from malware. It is a complete software suite that finds and eliminates Trojans, viruses, ransomware, and other threats. It performs a deep analysis of all files to locate and remove viruses. The software is easy to install & use and features an intuitive UI that increases productivity.
The User interface includes a menu that lets you check critical information like the current version of the tool and the number of viruses available for deletion. It features an automatic scan module that allows you to plan and set a date for the system-wide scan along with instructions on dealing with the virus.
eScan for Linux File servers empowers you to select any object that you find suspicious and have it undergo a deep scan to locate the potential virus. Lastly, it supports several languages, including Spanish, English, Italian, German, Polish, Greek, Russian, French, Dutch, and more.
#24 K7 Ultimate Security
K7 Ultimate Security blocks ransomware, viruses, and other malware from spreading across your devices. It is a top-level solution that protects all devices in your household, including Windows, macOS, Android, and iOS. It features modern Antivirus and Anti Spyware technology that stops threats from accessing your devices.
The software regularly creates Backup copies of your files so that you can quickly restore the infected file to its previous state. It provides a Wi-Fi Advisor that alerts you about a dangerous network in your connection range. This functionality is available on Windows and Android and helps avoid stressful scenarios.
K7 Ultimate Security uses an impenetrable firewall that restricts network-based attacks and ensures the protection of your communication channel. Another key feature is that it also helps with the finding of missing or stolen Android and iOS devices. Lastly, Parents can protect their children from objectionable content by allowing/restricting applications and Websites.
ClamTk is a virus scanner built to help you protect your Linux System from Potentially Unwanted Applications. It is written in Perl programming language and offers scheduled & on-demand scanning. Users can scan individual files or multiple directories. They can customize the tool for recursive scans, analyze each sub-directory, and decide whether to include/exclude hidden files from the scan.
ClamTk enables users to recheck the results of past scans by visiting the history screen. It empowers users to set manual or automatic updates for installation. Lastly, it can be launched via the command line.
#26 TrendMicro ServerProtect for Linux
TrendMicro offers ServerProtect for Linux that blocks viruses, spyware, and other threats from gaining a foothold in Web servers and file servers. It provides an intelligent Web-based console that lets you manage settings and check notifications. The software also offers additional features like virus scanning, configuration, pattern updates, and reporting.
TrendMicro ServerProtect for Linux detects and blocks Viruses and Spyware from entering Linux file Servers, Linux Web & application servers, and Virtualized endpoints. It locates and eliminates viruses in real-time. It features an improved version of spyware detection and removal capability and has a Scan engine that can quickly conduct a deep & reliable analysis of your system.
The solution provides high performance and flexibility. It uses the full power of the built-in multi-threaded scanning engine to deliver the best experience in dealing with threats. During a scan, you can control the number of cores contributing to the scan process, enabling you to use the saved power somewhere else. It ensures that administrators have all the knowledge about the protection level of their system by sending them email notifications to inform them regarding the latest events on viruses. Lastly, it is simple to set up on several Linux platforms and is fully compliant with industry-level antivirus policies.
#27 Liquid Web Server Protection
Liquid Web offers Server Protection to prevent malware from penetrating your server. It provides on-demand security services to help detect and remove vulnerabilities and maintain system-wide protection. You can subscribe to the top-notch Anti-virus service that not only finds an infected file but also cures, eliminates, or quarantines them to preserve the integrity of your information.
Another useful service is Server Secure that optimizes the security of your Operating System and Control Panel, transforming it into a fully protected machine. It takes care of all the tiny details and is available for both Linux and Windows Servers. Besides Server Secure, you can buy a Vulnerability Assessment and Scanning package to locate the material that can prove detrimental to your hosting environment. This package has additional benefits like in-depth reports that show potential threats and recommends action plans to help you make the right decisions.
Nikto2 is an advanced, high-performance web server scanner written in Perl. It runs extensive tests to find multiple types of anomalies in web servers like harmful files or programs and problems that are limited to a specific version. Additionally, It analyzes a server to locate configuration objects, including index files, HTTP server settings, and tries to point out web servers and software present on the system.
The best feature about the tool is that it completes scans & displays results in a short time. Nikto2 is bundled with some of the features to help administrators, webmasters, and security engineers in their tasks. It provides complete HTTP proxy support and stores reports in simple formats like XML, CSV, HTML, and NBE. It is easily updateable via the command line. Users have the option to specify which type of vulnerability is to be included/excluded during the scan.
Users can also read about its features and functionalities by visiting the documentation section. Other core features include Subdomain guessing, auto-pause, a powerful template engine that allows for the customization of reports, username enumeration for apache and cgiwrap, and more.
KernelCare provides security updates for Linux Kernels, and users can install those updates without restarting the system. It performs updates through an agent that resides on the host machine. The agent frequently connects to the servers to check for new patches. If a security patch is available and matches the running kernel, the KernelCare agent will download and implement it on the user’s machine.
The primary purpose of releasing security patches is to replace code causing issues in the kernel. The patch contains the necessary fix, which can be a simple change to a line of code or newly designed data structures.