OT infrastructures are more vulnerable than ever before. Not just because of our ever increasing ‘networked interactivity’. Rather, it is often the less obvious aspects of infrastructures and the inter-dependencies among them that create vulnerabilities. This poses a challenge for organisations that want to address cyber risk quickly but have a lengthy budget process to get funds allocated for the Cyber Security Solutions they require. In this article we’ll ‘signpost’ some of the Open Source tools you may wish to explore while there are budget constraints. Please note that without further discussion of your network and system we cannot say that the solutions are a good fit for your organisation or compatible with your network architecture.
Vulnerability and Patch Management (Greenbone)
Open-source Security does not only deliver a high level of transparency of the solution itself, it is a contribution to the Security community in general. Greenbone are connected with this idea and committed to it. Greenbone technology is available in two different versions: Security Manager (GSM) build for professional use in enterprises and administrations, delivered as a turn-key appliance and the Community Edition for the security-aware user in Single Office Home Office (SOHO) environments. https://www.greenbone.net/en/community-edition/
Network Monitoring (Idaho National Laboratory)
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: easy to use, powerful traffic analysis, streamlined deployment, secure communications and permissive license. While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common ICS protocols.
In short, Malcolm provides an deployable network analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs. While Internet access is required to build it, it is not required at runtime. https://github.com/idaholab/Malcolm
Logging Made Easy (NCSC)
Written by the UK National Cyber Security Centre (NCSC), Logging Made Easy (LME) is a self-install for small organisations to gain a basic level of centralised security logging for Windows clients and provide functionality to detect attacks. It's the coming together of multiple free and open-source where LME helps the reader integrate them together to produce an end-to-end logging capability. We also provide some pre-made configuration files and scripts, although there is the option to do it on your own. https://github.com/ukncsc/lme
Alien Vault OSSIM (Alien Vault)
Open Source Security Information and Event Management (SIEM), provides users with a feature-rich open source SIEM complete with event collection, normalisation and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: a SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility. https://www.alienvault.com/products/ossim
Open Source, Open Mind
We hope you enjoyed this blog and found it useful. If you would like to know more about how to improve your cyber hygiene and operational resilience get in touch and one of our architects or security consultants will provide advice and guidance on reducing your risk in a very cost effective manner!