A blonde, a drunk and an alien walk up to a bar, but it’s a Microsoft bar, so it’s closed. leaving our three characters with nothing to do but have fun together and develop their own network of free, open source bars.
Freedom
Too often I felt trapped within a vendor's grip as I was forced to play by only their rules. We were stuck paying for licensing, negotiating, listening to various sales pitches and up-sales, all the while I was not convinced we were provided with "World Class" software and support. So I decided to explore the world of Open-Source software and see what cyber security solutions it could provide me with. What I discovered was a world where I was in control. Cost of entry was free, tools were backed by strong communities, documentation was plentiful, and integration between tools were either already supported or simple enough to put together. I decided to make the leap and employ the tools I discovered to form a robust, secure, and user friendly network security platform.
Humble Beginnings
I am by no means a software engineer and still being early in my professional career did not serve in my favor. So were there pain points, of course. But what I found was a rich community of enthusiastic individuals who supported or worked with the tools I was looking to implement. I quickly learned that these communities took great pride in their work and they were willing to assist in any way they could. I also realized that many of these tools were detailed by great documentation, I did not have to read source code to try to understand how these tools functioned or to add any features I thought were lacking. These were detailed, strong, well thought out, capable tools that could be used to form a network security platform.
But was it enough?
What does it take to implement a strong network defense program?
I first had some questions I needed to answer. What exactly was I looking for? I had my generic goal (Network Security), but what tools would help me achieve this goal? What tools would scale as my company grew and could be relied upon so that my networks, servers, and applications could still operate with adequate functionality and speed? I focused on the below:
Host Intrusion Detection
Network IPS/IDS
SIEM
Anti Virus
Forensics/Hunts
Network Vulnerability Scanner
Web Application Vulnerability Scanner
Honeypots
Security Operations Center
I felt that finding tools within each of these categories would provide me and my team with the ability to see what exactly was going in within our environments at any given time, alert us on any potential threats, block threats before they reached their destination, help us understand where we were vulnerable, allow us to perform forensics in the event of a breach, and to provide a user friendly environment where all of this data could be easily digested and reacted upon.
What I found were tools that fit each of these needs, were functional, well developed, were already in use within Fortune 500 companies, could be customized to fit any environment, and were free. It was obvious that Open Source software was not just for hobbyist or research purposes, but these tools were trusted by thousands of companies to keep their networks and intellectual property secure.
But don't just take my word for it. Experience it for yourself by interacting with our demo.