Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 143
  • Last Modified:

Low-cost /freeware IOC tools

Anyone has any suggestion for < US$3500 tools for Indicators of Compromise
0
sunhux
Asked:
sunhux
  • 2
2 Solutions
 
btanExec ConsultantCommented:
I suppose you meant scavenging for IOC on system and network. The detection of IOC should be covered by those FW, NIPS, NGFW, UTM, Endpoint security etc. More so if you have a SIEMS that aggregate the logs from these device sources to detect the list of IOC that you are targeting. I supposed the IOC are the malware callbacks to Command/Control ip addresses, blacklisted domain, etc. See this framework

http://blog.sqrrl.com/a-framework-for-threat-hunting-part-1-the-pyramid-of-pain
In fact, Sqrrl has such solution  - http://sqrrl.com/product/sqrrl-enterprise/

I am also see service based such as Recordedfuture as possibility and they can supply IOC in term of Yara rules to your security device to detect and alter on sighting those IOC.

https://www.recordedfuture.com/internal-network-hunting/

But largely searching for IOC is no trivial task, as first off it can be either be a passive means like deploying a honeypot or even extending it to honeynet. See this

https://www.anomali.com/resources/modern-honey-net

Manual inhouse means to search IOC may be possible for a small setup via IOC Finder tool. See this

https://www.fireeye.com/blog/threat-research/2011/12/redline-openioc-build-effective-indicators.html

Otherwise the COTS for such Finder, you likely have to poll the sales support for candidates like Lightcyber for exploited behaviors or Sift Science for fraud related

http://lightcyber.com/why-lightcyber-even-if-i-have-edr/

https://siftscience.com/pricing
0
 
gheistCommented:
You mean €€€ 3500 per month per year or for lifetime support?
0
 
sunhuxAuthor Commented:
US$3500 purchase price;  yearly maintenance is separate.

I'm more concerned with Ransomware, phishing and data leakages.
OSSEC is one such tool
0
 
btanExec ConsultantCommented:
I am thinking as a whole on two approach
a) Proactive - Setup Honeypot to generate the IOC for further discovery esp on evolved threats since signature and behavioral detection is not foolproof. Need to stop targeted attack and isolate fast to contain damage.

b) Early detection -  Beef up security baseline implemented at system/network/appl level, go beyond just IOC findings instead tap on the reinforced controls to alert you or OPS team instead. Tap on SIEMS to correlate rule to trigger on DLP, IRM, Anti-spam/phishing and Anti-Ransomware related to suspected events. This in a way also "discover" IOC.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now