IT Security Tools
TheHive is a scalable 3-in-1 Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables.
TheHive was opensource until version 4: the project is still available on GitHub. Starting from version 5, TheHive is no longer open source.
NeuVector provides a powerful end-to-end container security platform. This includes end-to-end vulnerability scanning and complete run-time protection for containers, pods and hosts, including:
- CI/CD Vulnerability Management & Admission Control. Scan images with a Jenkins plug-in, scan registries, and enforce admission control rules for deployments into production.
- Violation Protection. Discovers behavior and creates a whitelist based policy to detect violations of normal behavior.
- Threat Detection. Detects common application attacks such as DDoS and DNS attacks on containers.
- DLP and WAF Sensors. Inspect network traffic for Data Loss Prevention of sensitive data, and detect common OWASP Top10 WAF attacks.
- Run-time Vulnerability Scanning. Scans registries, images and running containers orchestration platforms and hosts for common (CVE) as well as application specific vulnerabilities.
- Compliance & Auditing. Runs Docker Bench tests and Kubernetes CIS Benchmarks automatically.
- Endpoint/Host Security. Detects privilege escalations, monitors processes and file activity on hosts and within containers, and monitors container file systems for suspicious activity.
- Multi-cluster Management. Monitor and manage multiple Kubernetes clusters from a single console.
Other features of NeuVector include the ability to quarantine containers and to export logs through SYSLOG and webhooks, initiate packet capture for investigation, and integration with OpenShift RBACs, LDAP, Microsoft AD, and SSO with SAML. Note: Quarantine means that all network traffic is blocked. The container will remain and continue to run - just without any network connections. Kubernetes will not start up a container to replace a quarantined container, as the api-server is still able to reach the container.
ZONECENTRAL offers companies high levels of security by encrypting files so that their access is exclusively reserved to authorized and identified users. Free of any organizational constraints, ZONECENTRAL is simple to deploy. Equipped with extremely flexible administration mechanisms, it can adapt to suit every type of enterprise infrastructure.
CRYHOD is a modern encryption software offering full-disk encryption of all your company’s mobile workstations.
Falco is the first runtime security project to join CNCF as an incubation-level project. Falco acts as a security camera detecting unexpected behavior, intrusions, and data theft in real time.
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy also scans hardcoded secrets like passwords, API keys and tokens. Trivy is easy to use. Just install the binary and you're ready to scan.
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks.
Vault is a tool for securely accessing secrets such as API keys or anything else for which you want tightly controlled access.
VeraCrypt is a free and libre source (open source) disk encryption software brought to you by https://www.idrix.fr
• Creates a virtual encrypted disk within a file and mounts it as a real disk. • Encrypts an entire partition or storage device such as USB flash drive or hard drive. • Encrypts a partition or drive where Windows is installed (pre-boot authentication). • Encryption is automatic, real-time (on-the-fly) and transparent. • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted. • Encryption can be hardware-accelerated on modern processors. • Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (steganography) and hidden operating system. • Multilingual. More than 35 languages. List at https://sourceforge.net/p/veracrypt/code/ci/master/tree/Translations • More information about the features of VeraCrypt may be found in this documentation at https://veracrypt.fr/en/Documentation.html
VeraCrypt is based on TrueCrypt 7.1a at TrueCrypt . In comparison to TrueCrypt, VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption, making it immune to new developments in brute-force attacks.
For example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327670. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655340 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.
VeraCrypt is licensed with both Apache 2.0 and TrueCrypt 3.0 licenses. Per https://sourceforge.net/p/veracrypt/code/ci/master/tree/License.txt#l24
Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!
Zed! protects your personal and sensitive data in encrypted archives on e-mail, on USB sticks and in backups.
With its encryption technology derived from various certified professional solutions, Zed! guarantees optimal levels of data protection and confidentiality for exchange and storage. The data encrypted by Zed! can only be decrypted by users with a valid access key.
Using Zed! is highly intuitive. Create a .zed container in a single click to which you can add folders, files and grant users. The container is then ready to be sent, with the inside files encrypted. Zed! is able to transport an entire file tree structure with no volume constraints.