Solved

Open source threat intelligence for SMB

Posted on 2016-10-02
8
25 Views
Last Modified: 2016-10-22
Hi
We service SMB marke and desperately trying to find some sort of SiEM / threat intelligence. Yverything that we looked at is just out of budget
Anything out there somewhat close to Splunk or Alienvalt?

What about www.openvas.org?

Please advice. We are small MSP
0
Comment
Question by:mavrukin
  • 5
  • 3
8 Comments
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41825715
OpenVAS is not siems but more of vulnerability scanner like Nessus. But you are into siems than probably OSSIM which is open source coming for AlienVault.

You can see the difference btw the commercial tool from AlienVault see https://www.alienvault.com/resource-center/white-papers/ossim-vs-usm

Another is can ask for demo from Recordedfuture.

https://www.recordedfuture.com/services/intelligence/
0
 
LVL 1

Author Comment

by:mavrukin
ID: 41825759
Thank you
What do you think about security onion ?
0
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41825857
Not bad either esp if you are already running OSSEC for HIDS and Snort/Suricata/Bro for NIDS rule cum event driven detection. It does full capture with its sensor which SIEMS may not necessary have included that. It comes with analysis tools too which is quite well used in the open community. It covers server and client setup too. Check the architecture

https://github.com/Security-Onion-Solutions/security-onion/wiki/Architecture

They do have active community maintaining it so it does give good crebility but just need some hands on for beginner. If you need to have expertise to setup and managed the rule to reduce false positive then the good thing is they have commercial support too.
https://securityonionsolutions.com

You may also see Kiwisyslog for the log analysis and collection.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 1

Author Comment

by:mavrukin
ID: 41825893
So can it be used as SiEM for SMB instead of Alienvalt?
0
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41825898
Not entirely unless you are only looking at HIDS alerts from OSSEC and NIDS alerts from Snort/Suricata
0
 
LVL 1

Author Comment

by:mavrukin
ID: 41825899
Is there anything there that is more affordable ?
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41825978
Already mentioned the AlienVault OSSIM, being open source, has community-supported threat intelligence feeds available. This is an option. I doubt the costing of other SIEMS is very much lower but you need their respective sales support to advise instead. Regardless, for your info
For example, LogRhythm Security Intelligence Platform is the only studied SIEM product that strongly supports all seven criteria. Close behind it is McAfee ESM and SolarWinds Log & Event Manager, followed by EMC RSA Security Analytics, HP ArcSight ESM, and Splunk Enterprise. Any of these products are strong candidates for enterprise usage. For organizations that cannot afford a full-fledged commercial SIEM product, the AlienVault OSSIM offers some basic SIEM capabilities with no software costs.
http://searchsecurity.techtarget.com/feature/Comparing-the-best-SIEM-systems-on-the-market
0
 
LVL 62

Expert Comment

by:btan
ID: 41855076
As per advised.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question