Do you want to take risk with your network’s security? No one wants to, not even normal users who spend lots of their time on laptops and smart phones. Everyone wants the best protection mechanism and better security outcomes with proper vulnerability management. With this article you will come to know all about network security tools!

Sec+ Training – Resources (InfoSec)

In most computer networks, we use network tools to manage, analyze and monitor network operations. And these tools constantly monitor network operations; when an issue occurs, a notification will be generated and sent out to concerned teams. This article reviews the top 10 network security tools in different functional areas and, first of all, I would like to introduce one of the most widely used and very popular network security tool, named “ManageEngine Firewall Analyzer.”

ManageEngine Firewall Analyzer (ultimate utility to examine firewall, VPN and proxy server activities)

ManageEngine Firewall Analyzer provides the best utilization of your network security devices with its in-depth logs inspection and automated compliance audits and reports. This utility supports a wide range of multi-vendor network firewalls, such as Check Point, Cisco, Juniper, Fortinet, SonicWALL, etc., and it can also scrutinize IDS/IPS, VPNs, and web proxies. Firewall Analyzer offers smooth examination of firewall operations, such as inbound and outbound traffic flow, instant notification on configuration changes, internet or bandwidth usage. It regulates possible network attacks and provides deep statistics on active threats or virus to prevent security breaches. Its firewall policy management feature enhances firewall performance by fixing suspicious anomalies in firewall policies.

The minimum hardware and system requirements for installing Firewall Analyzer (both standalone and distributed editions) are 1 GHz dual core processor with at least 1 GB RAM, 1 GB HDD space, and Windows or Linux environment.

Further system requirements can be checked @ https://www.manageengine.com/products/firewall/system-requirements.html

Price: ManageEngine Firewall Analyzer comes in three variants,

  • Professional : Starts at $395 (supports up to 60 devices)
  • Premium : Starts at $595 (supports up to 60 devices)
  • Distributed : Starts at $6995 (supports up to 1200 devices)

Website: https://www.manageengine.com/products/firewall/

Pros

  • Multi-vendor security devices support
  • Automated real-time alerts
  • Firewall security audit reports
  • Distributed central-collector architecture
  • Firewall rules management

Cons

  • Hard to find any particular issue

SolarWinds Firewall Security Manager (centralized firewall management)

SolarWinds Firewall Security Manager offers completely centralized and simplified firewall management in a multi-vendor Layer 3 network security environment and allows intuitive dashboard customization for fast and easy security and risk assessment. This tool automates security audits with more than 100 customizable policy checks, based on standards from NSA, NIST, SANS, and others. Its change impact analysis mechanism details packet traversal throughout the network, based on connectivity, routing, and the devices involved in a change request. It also offers rules change tracking, ACLs validations, and simplified change management for rapid identification and elimination of security breaches.

SolarWinds Firewall Security Manager can be installed on Windows Server 2003 or later editions and its client application perfectly runs on Windows 7 or 8. Required hardware specification is at least 2 GHz or faster CPU with 2 GB RAM and JRE 6.0 environment.

For more information on system requirements, check the following link: http://www.solarwinds.com/firewall-security-manager.aspx#p_systemrequirements

Price: Latest pricing can be obtained from online quotes at http://www.solarwinds.com/onlinequotes/

Website: http://www.solarwinds.com/firewall-security-manager.aspx

Pros

  • Automated firewall security and compliance audits
  • Customized dashboard
  • Advanced change management and reporting
  • Extensive troubleshooting capabilities
  • Integrates with SolarWinds NCM to extend configuration management capabilities

Cons

  • Hard to find any issue; fine in almost every functional area

HP ArcSight Enterprise Security Management (advanced risk management with pattern recognition and behavioral analysis)

HP ArcSight ESM is an advanced security event manager to examine risk management, security intelligence, and operations. HP ESM software scrutinizes millions of log records to find the critical events with progressive dashboards, notifications, and reports. ArcSight ESM offers unique user and roles-based mechanisms to understand ongoing network activities with its pattern recognition and behavioral analysis to detect the harmful threats and its built-in workflow engine manages incidents and prevents damage. The HP ArcSight ESM solution uses the CORR-Engine (correlation optimized retention and retrieval) as the foundation to help security administrators for advanced threat detection, security analysis, and log data management.

Its add-on utility, HP ArcSight Risk Insight, continuously monitor risk and compliance in dynamic environments and maps real-time security events with business services through IT asset data.

Refer to the following figure to know the system requirements for deploying HP ARCSIGHT Enterprise Security Management solution;

Further System Requirements can be checked @
http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/tech-specs.html.

Price: Contact sales representative @ HP Software Solutions (US- 1877-686-9637) for price quotations.

Website:
http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/index.html

Pros

  • Automated pattern analysis
  • Intelligent reporting and Forensic analysis capabilities for cyber security
  • Instant detection in large-scale deployment

Cons

  • Was not able to find any major issue

Splunk Enterprise Security (develops statistical analysis of network security with advanced threat protection)

Splunk Enterprise Security platform deals with internal and external network threats and provides ultimate support in the area of malware detection, payload analysis, threat intelligence, and much more. With this tool, you will be able to combine several threat intelligence sources and all unusual activities associated with advanced threats can easily be controlled by its innovative features, such as statistical analysis, correlation searches, and anomaly detection. It also offers deep inspection of user’s activities to detect abnormal events and high-risk behaviors; its proactive protocols use threat intelligence to analyze email envelopes, DNS queries and responses, and SSL certificates to accelerate incident response and detection. Splunk Enterprise Security delivers next-generation security intelligence platform with SIEM (security information and event management) to identify and report initial security threats through the use of advanced monitoring, alerts and analytics mechanism.

Splunk Enterprise Security application requires a 16-core CPU with minimum of 16 GB RAM and a valid Splunk Enterprise edition (6.3 or above), which supports a variety of OS such as Solaris, Mac OS, Windows, Linux etc. For more information on system requirements, visit this link http://docs.splunk.com/Documentation/ES/latest/Install/DeploymentPlanning

For pricing information visit: http://www.splunk.com/en_us/products/pricing.html

Website: http://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security.html

Pros

  • User identity and asset correlation
  • Advanced threat intelligence
  • Rich set of pre-build dashboards

Cons

  • Not a standalone utility; must be integrated with Splunk Enterprise edition (no other technical issues to speak of)

Nexpose (ultimate utility with advanced vulnerabilities management)

Nexpose security tool helps you to create better security outcomes with proper vulnerability management. It is not an easy job to reduce risk without detecting the vulnerabilities and administrators can’t remediate all risks. Nexpose enables the administrators to prioritize high risk using threat intelligence and offers most impactful actions for reducing risk with the least amount of effort. Nexpose provides scalable and flexible deployment, including software, appliance, and virtual services. It also deals with well-known security assessments to certify your compliance with regulations such as PCI, HIPAA, NERC, FISMA. etc. Nexpose also supports automated scans to examine policy violations, malwares, misconfigurations throughout the network, including operating systems, networks, databases and web applications.

System requirements for installing Nexpose tool can be checked with following link: http://www.rapid7.com/products/nexpose/system-requirements.jsp

Price: Nexpose is available in many editions; click link below to know more about licensing and editions http://www.rapid7.com/products/nexpose/editions.jsp

Website: http://www.rapid7.com/products/nexpose/editions-and-features.jsp

Pros

  • Advanced vulnerabilities management
  • Integration with VMware NSX
  • Comprehensive assessment and risk prioritization

Cons

  • Limited automated escalation features (as compared to above listed products)
  • Takes time to understand its features

IBM Security QRadar (security intelligence for protecting assets and information from advanced threats)

IBM Security QRadar offers near real-time visibility for threat detection and prioritization, and delivers comprehensive surveillance throughout the IT infrastructure. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. QRadar can also be integrated with X-Force Threat Intelligence, which supplies a list of potentially malicious IP addresses, including malware hosts, spam sources and other threats. This software uses single architecture for analyzing log, flow, vulnerability, user and provides high-priority incident detection among billions of data points with its advanced network and application visibility.

IBM Security QRadar comes in following editions:

  • IBM Security QRadar Data Node
  • IBM Security QRadar Incident Forensics
  • IBM Security QRadar Log Manager
  • IBM Security QRadar QFlow Collector
  • IBM Security QRadar Risk Manager
  • IBM Security QRadar SIEM
  • IBM Security QRadar VFlow Collector
  • IBM Security QRadar Vulnerability Manager

For more details:

http://www-03.ibm.com/software/products/en/qradar

Pros

  • Real-time visibility for threat detection
  • Single architecture for security assessments
  • Advanced surveillance on vulnerabilities

Cons

  • Qradar is available in multiple editions and every variant has its own strengths and weaknesses; I have described some of common strengths but it is little difficult for me to define a common weakness

nChronos (recommended utility to protect and prevent cyber-attacks)

Colasoft nChronos offers definitive solution to protect and prevent cyber-crime and cyber-attacks. This application is not limited only to SNMP or Netflow captures but can effectively monitor all real-time inbound and outbound network traffic from emails to chat sessions and generates alerts/notifications when an abnormal network communication takes place. nChronos is a well-designed network security application for medium to large corporate networks with the capability of 24×7 continuous packet sniffing to identify unusual network behavior. Apart from Cyber Attack notifications or alerts, it records all packet data and the user can “rewind” or “replay” the recently occurred network activity, as with video cameras used to monitor the physical activities of a person in offices/homes.

nChronos server application can be installed on 64-bit Windows Server (2003,2008,2012) and the required hardware configuration is at least a server machine with quad core processor, 8 GB RAM, and 100 GB HDD space and its console application requires minimum dual core processor and 4 GB RAM. For more details on system requirements, you can visit http://www.colasoft.com/nchronos/system.php.

Price: Colasoft’s nChronos price is not disclosed by the company; to know license types and pricing details you will have to visit following website link.

Website: http://www.colasoft.com/nchronos/

To know more features: http://www.colasoft.com/nchronos/features.php

Pros

  • Quick network Infiltration Identification (DoS, Trojans and worm attacks)
  • Isolate and determine cyber security breach
  • Continuous packet analysis (24/7, 365 days)

Cons

  • Fewer options for customizations

Symantec Enterprise Security Manager (proactive security approach for large scale enterprise networks)

Symantec is a very well-known security solution provider company, and its Enterprise Security Manager (ESM) is designed to identify security vulnerabilities and abnormalities across the network. With ESM, an administrator is allowed to design industry standards and policies and it delivers a unique functionality to measure security breaches by building security baselines for each system and verifying the system activities against those baselines to ensure that network resources are being used according to designed policies. Its advanced vulnerability assessment evaluates operating systems, applications and other network devices for missing fixes to known problems and automates reports on various databases and provide new security content with latest versions checks, templates, and enhancements.

Apart from proactive security approach, threats eradication, low resources utilization, Symantec ESM is also loaded with following functionalities:

Patch Policies (delivers security update releases)

Program Updates (updates provide bug fixes and program enhancements)

User/Group rights and permissions (for authorization and accounting)

File Attributes (access permissions with advanced controls)

Regulatory Policies (supports various industry regulations)

Security Updates (provides six monthly security content and modules)

Its server application supports Windows Server, UNIX and Linux environments and its console application supports Windows XP or higher editions.

For more information: http://www.symantec.com/security_response/securityupdates/list.jsp?fid=esm&pvid=ad#esm100

Pros

  • Offers more than 3,000 unique security checks
  • Advanced Network Assessment Module identifies and reports on vulnerabilities without installing an agent on target network devices such as routers, switches, etc.
  • Inbuilt policy assessment templates for key regulation

Cons

  • Quite tough to understand its functionalities
  • Not so valuable for small-scale networks

Websense TRITON (comprehensive network security solution)

Websense is a premier network security solution company and its appliances and software applications are widely used in the every corner of the planet. Websense TRITON is a well-known network security product that delivers comprehensive network security solution and deals with sophisticated security breaches by detecting and remediate all risks. Websense TRITON is available in various editions:

  • TRITON APX Enterprise Core (a complete data theft prevention solution)
  • TRITON AP-WEB (real-time protection against advanced threats and data theft)
  • TRITON AP-DATA (discover and protect sensitive data on servers, endpoints or cloud)
  • TRITON AP-EMAIL (identify targeted attacks, high-risk users and insider threats)
  • TRITON AP-ENDPOINT (defend roaming users against data theft)

To know about its system and hardware specifications, click the link below: http://www.websense.com/content/support/library/deployctr/v76/dic_sys_req.aspx

Price: Not disclosed by company; you will have to contact the company’s sales executive. To download 15- or 30-day trial copy: http://www.websense.com/content/websense-free-trials.aspx?intcmp=nav-mm-downloads-evaluations-heading

Website:
http://www.websense.com/content/triton-apx.aspx?intcmp=nav-mm-products-core-apx

Pros

  • Unified architecture
  • Unified security intelligence
  • Unified policy and reporting

Cons 

  • Websense Triton is available in multiple editions and every variant has its own strengths and weaknesses. I have described some of common strengths but it is quite hard for me to define a common weakness.

Microsoft Enhanced Mitigation Experience Toolkit (easy-to-use freeware utility for Windows environment)

Microsoft Enhanced Mitigation Experience Toolkit (EMET) is a freeware utility and runs on Windows machines to identify sophisticated vulnerable issues and third-party applications. Microsoft EMET creates a stiffer environment for attackers to find and exploit vulnerabilities using following specific mitigation techniques:

•Data execution prevention

•Mandatory address space layout randomization

•Structured exception handler overwrite

•Export address table access filtering

•Anti-return oriented programming

•SSL/TLS certificate trust pinning

Price: Freeware

Website: https://www.microsoft.com/en-us/download/details.aspx?id=43714

Pros

  • Easy to use
  • Prevents small/medium-scale networks with detailed mitigation techniques

Cons

  • Limited to Windows OS
  • Fewer options for customization and automation
  • Limited features (as you can expect from a freeware)

Apart from above network security tools, I also would like to mention following products to make network security better than ever;

  • Arbor Networks (Pravail and Peakflow)
  • Cyberoam network security products
  • Fortigate network security solutions
  • Checkpoint network security solutions

Conclusion:

After scrutinizing all the above utilities, it will be a tough decision to make for anyone because selection of the right tool always depends on your network’s environment.

I hope this article will be appreciated so that I will be able to offer more in this segment. You can write me @comment section below for providing any query/feedback; I will try my best to resolve your queries. And don’t forget to spread the link of this article on your Facebook, Twitter, and LinkedIn accounts so the maximum of people can get this exclusive piece of information. Keep reading @ Intenseschool.com and you can join our Facebook group, http://www.facebook.com/intenseschool to get updates on new posts.

References

Apart from my experience, my team, corporate clients, and colleagues helped me a lot to design this article, and the following web pages provided me all the latest functionalities of these tools.

http://www.solarwinds.com/firewall-security-manager.aspx

https://www.manageengine.com/products/firewall/

http://www-03.ibm.com/software/products/en/qradar

http://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security.html

http://www8.hp.com/in/en/software-solutions/arcsight-esm-enterprise-security-management

http://www.rapid7.com/products/nexpose/editions-and-features.jsp

http://www.symantec.com/security_response/securityupdates/list.jsp?fid=esm&pvid=ad#esm100

http://www.colasoft.com/nchronos/

https://www.microsoft.com/en-us/download/details.aspx?id=43714

http://www.websense.com/content/websense-triton-security-gateway-anywhere-features.aspx