Best SecOps Tools: 50 Must-Have Tools for Your SecOps Arsenal, Part 4
Best SecOps Tools: 50 Must-Have Tools for Your SecOps Arsenal, Part 4
Knowing where your threats are and how to deal with them is a large part of secure coding. We take a look at ten threat intelligence tools.
Join the DZone community and get the full member experience.Join For Free
SecOps is a multi-faceted function tasked with a variety of responsibilities, not the least of which is coming up with secure software and applications while maintaining the development and release cadence users demand. It's no longer enough to just concern yourself with writing code and developing software.
Fortunately, a number of tools can help SecOps professionals meet these demands and achieve business goals. From dashboards that let SecOps pros view all the essential metrics about their apps in one place, to hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats, and more, there are many types of tools that today's SecOps pros should have in their arsenal.
In this series, we've rounded up 50 of the most useful tools for SecOps teams in the following categories. In this post, we focus on Threat Intelligence tools.
- Attack Modeling
- Red Team
- Secret Management
- Threat Intelligence
Critical Stack Intel Marketplace gives you access to a wide range of intel sources, blacklists, and feeds. You can choose which ones to use. Each intel feed is peer reviewed in that other users can rate the feed to give you an indicator if it is trustworthy or not. What's more, a lot of these are free to use. You can even choose two or more feeds and mix and match, and you can decide which indicators and metrics to focus on. The Intel Marketplace supports two-step authentication, and you can use the command line to deploy the tool.
- A wide range of intel sources, blacklists, and feeds.
- Peer-reviewed resources to gauge trust.
- Deploys from the command line.
32. IntelMQ Feeds
IntelMQ Feeds collects and processes security-related feeds, log files, tweets, and pastebins. IntelMQ Feeds makes it relatively easier for incident and threat responders to gather threat intelligence that they can use for their incident handling. For instance, you can learn more about the Palevo worm, the Zeus Botnet, SSH brute force threats, attacks on the Service SSH, and other threats. IntelMQ Feeds uses a message queue protocol and is easy to use. It does score high on features and value, as it tries to avoid feature bloat and keeps only the important and essential features on board.
- Automate incident handling responses.
- Write your own bots for data feeds.
- Create your own blacklist.
Open Threat Partner Exchange, or OpenTPX, lets you share and exchange information on threat intelligence, collections, context, and networks, as well as on how to mitigate these threats. It uses the large volume of data that you get from different sources and in numerous formats. OpenTPX is machine-readable, but humans can also understand the content easily.
- Share and exchange information on threat intel.
- Machine-readable and human-interpretable content.
- Handles data of any size.
- Works with relational data.
- Provides data on when threat data was captured and when it was last modified and viewed.
- Determine if threat analysis was conducted and when it expires.
RiskIQ Passive Total is a threat analysis tool that brings together all the relevant online data sets in order to make an investigation into, and subsequent elimination of, threats a whole lot faster. Passive Total will expose and map threat infrastructure while also giving you all the intelligence and context to the incidents and events that you are investigating. Not only that, you can also predict attacks and threats that are just starting to proliferate on the internet and look into infrastructures that are used in different attacks. Most importantly, you can use RiskIQ Passive Total to defend yourself from attacks.
- Curates relevant online data sets related to threats.
- Exposes and maps threat infrastructure.
- Provides intelligence and context for events you’re investigating.
- Predict attacks and threats.
Brakeman is a security scanner that you can use when you are developing on Ruby on Rails. It can scan your applications for any vulnerability that may exist, no matter what stage of development you are in. Brakeman is different from other scanners because it looks at your source code; you do not need to set up your entire application stack. The beauty of using Brakeman is that you spend no time setting it up; you only need to execute it. You can run it any time, and it is very flexible. Brakeman does not use spidering sites, allowing it to completely cover all aspects of your application.
- Scans apps developed in Ruby on Rails for vulnerabilities.
- Scans source code.
- Reports on all detected vulnerabilities.
- Evaluates whether configurations are in line with best practices.
36. Chef Inspec
Chef Inspec is a testing framework that allows you to determine which of your servers needs to be patched, to validate that a new feature is secure, or to ensure that your IT assets comply with regulatory rules even when an audit is far away. This open source framework is very easy to deploy and it's customizable and extensible. It supports just about every operating system and is not locked onto a particular platform - and you can test remotely or on-site.
- Set up system expectations.
- Get alerts when deviations are detected.
- Create automated tests for security, policy, and compliance requirements.
David is a tool that helps you see all dependencies of a particular project, as well as the version that you are using and the latest version that is available. David will then show a badge that lets you know the current status of the project, which you can embed on your website. For instance, it can tell you whether the dependencies of a particular project are up to date, out of date, or unsecure. This tool is free for all public projects hosted on GitHub, and it is very easy to use. All you need to do is declare all your dependencies in a JSON file, and David will do the rest.
- See all dependencies of a project
- Get a badge that displays current project status
- Free for GitHub-hosted projects
Gauntlt gives ops, dev, and security professionals an attack framework, allowing them to run a variety of different attacks and build better software. Gauntlt takes your code through the most relentless attacks out there - to make sure that it can withstand the biggest threats in existence. It works with different testing tools, including curl, dirb, nmap, sqlmap, arachnid, and sslyze. In short, Gauntlt does not really give you the security tools you need, but it enables you to use these tools for your testing.
- Runs your code through the most brutal attacks to test security.
- Communicate and test between various groups.
- Create actionable testing tools connected to processes.
- Works with a variety of testing tools.
- Offers several security tool adapters.
- Uses standard Unix error to show status.
Hakiri is another tool that monitors Ruby on Rails applications to detect vulnerabilities in your code. It can also scan your code to find security holes that could be used for XSS, SQL injections, or other types of attacks. What's more important is that Hakiri helps to ensure that these bugs are not there when your application is released.
- Monitors Ruby on Rails apps for vulnerabilities.
- Identifies common vulnerabilities and exposures in Gems.
- Identifies vulnerabilities listed in the Open Source Vulnerability Database.
- Alerts issued via email or Slack.
Infer can help you weed out bugs in your code if you write programs in C, C++, Objective C, or Java. You can use this static analysis tool to detect critical bugs before your applications are released. This process can also help improve your application's performance and prevent crashes. For instance, you can use Infer to check for annotation reachability, null pointer exceptions, concurrency race situations, and omitted lock guards in your Android app code. Infer can be used for projects such as Amazon Web Services (AWS), Facebook, Instagram, Mozilla, Oculus, Spotify, Kiuwan, Uber, What's App, and more.
- Detects bugs in C, C++, Objective C, and Java.
- Checks for annotation reachability, null pointer exceptions, and more.
- Improves app performance and prevents crashes.
- Used for AWS projects as well as Facebook, Instagram, Mozilla, and other popular services.
Published at DZone with permission of Christian Lappin , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.