network monitoring tool and application scanning tool for on premise

D_wathi
D_wathi used Ask the Experts™
on
Dear Experts

We have application servers hosted on-premise, the servers are behind the firewall.  users who access the application server from external network have to pass though the VPN network. I am looking for the network monitoring tool and also vulnerable scanning tool for web application server. I found following New Relic network monitoring tool and Qualys Security solution but these are cloud based. Please suggest for on premise deployment and suggestions please.
Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Infrastructure admin
Commented:
PRTG is a good network monitoring App has many features you can try it for free limited for 30 days.
https://www.paessler.com/
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Describe your App a bit + your security concerns + OS where App runs.
David FavorFractional CTO
Distinguished Expert 2018
Commented:
For example, if your App uses...

1) SSL certs you might use openssl to ensure security.

2) SQL, then you might use sqlmap for continuous checking for SQL injections.

3) nmap, will be used to ensure no open ports mysteriously appear on your machine.

Tip: Most hackers get in via outdated software, so your first line of defense is run latest stable software at each layer.

For example, if you're running your App on a LAMP Stack, then use Ubuntu Bionic (LTS version - 5 years of updates) for a recent Kernel + updates to all major software components.
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Observium is a decent option.

http://www.observium.org/
Certainly you can go down the Kali Linux/Metasploit route for vulnerability scanning.  Qualsys might have an agent too with cloud reporting.

As for monitoring, PRTG or ManageEngine OpManager are my typical gotos.  We switched to PRTG a couple years ago, very favorable pricing.

Commented:
You can use Kali Linux built specifically to be used by penetration testers. It comes prepackaged with different security tools
• Nmap
• Wireshark
• Metasploit Framework
• John the Ripper
• Aircrack-ng
• Burp Suite
• Ettercap
• OWASP ZAP
• THC Hydra
• Maltego
• sqlmap
• Social Engineer Toolkit

For monitoring you can use PRTG or Nagios
https://www.ittsystems.com/prtg-vs-nagios/

Author

Commented:
Thank you very much. We have windows AD, IIS , MSSQL, linux servers, apache, mysql, php . will PRTG provides audit logs please let me know.
Ibrahim KasabriInfrastructure admin

Commented:
PRTG has many features one of those is Active Directory Event Auditing with PRTG
https://www.paessler.com/active-directory-auditing

have a quick look for the main PRTG features on this link
https://www.paessler.com/prtg/features
Distinguished Expert 2018

Commented:
You could also use Rapid7's InsightVM for network/vulnerability scanning, which may cost you more than some of the other products here. Nessus would be a very costly proposition. Rapid7 does have a separate tool for app scanning, but I'd recommend looking at the products others have listed here first.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial