Author: Roy Samson
In this article an overview is provided of open source security software categorized based on the technology domains of the Integrated Security Architecture and Management (ISAM) framework and approach.
The software is taxonomized as follow:
- Security Architecture Capabilities (SAC)
- Cyber Security Capabilities
- Information Security Capabilities
- Information Management Capabilities
- Security Management Controls (SMC)
- Host Security Controls
- Network Security Controls
- Application and Middleware Security Controls
For a detailed explanation of our ISAM framework and approach is referred to another article which is dedicated to that. In the context of this article the following information about ISAM is sufficient. A security architecture capability provides a security function which can be invoked as a security management control. A security management control is either an invoked security architecture capability or a security feature intrinsically provided by a layer itself. In other words, a capability can be viewed as a Class, and a control either as an Object (instance of a class) leveraging a Class property (function) or as an Object with it’s own specific property (feature).
Security Architecture Capabilities (SAC)
- Cyber Security Capabilities
- Security Information and Event Management (SIEM)
- SIEMonster – https://siemonster.com/
- Elastic Security – https://www.elastic.co/
- OSSIM – https://cybersecurity.att.com/
- Security Onion – https://securityonionsolutions.com/
- ELK Stack – https://www.elastic.co/what-is/elk-stack
- Log Management
- Elastic Security – https://www.elastic.co/
- Fluentd – https://www.fluentd.org/
- Zenoss Core – https://www.zenoss.com/
- Graylog – https://www.graylog.org/
- Security Analytics and Threat Intelligence
- Mitre ChopShop – https://github.com/MITRECND/chopshop
- AlienVault OTX – https://otx.alienvault.com/
- IBM X-Force Exchange – https://www.ibm.com/security/xforce
- Cisco Talos Intelligence – https://talosintelligence.com/
- ZoomEye – https://zoomeye.org
- OSINT Framework – OSINT Framework
- Asset Management
- Open-Audit – https://www.open-audit.org/
- Snipe-IT – https://snipeitapp.com/
- Kuwaiba – https://www.kuwaiba.org/
- Vulnerability Management
- OpenVAS – https://openvas.org/
- Nikto – https://cirt.net/Nikto2
- Nmap – https://nmap.org/
- NSM/ Network Behavior Analytics (NBA)
- Security Onion Prelude – https://securityonionsolutions.com/
- Zeek (Bro Network Security Monitor) – https://zeek.org/
- Wifi Analyzer
- Vistumbler – https://www.vistumbler.net/
- Honeypots (Deception Technology)
- Honeynet – https://www.honeynet.org/
- Patch Management
- OPSI – https://www.opsi.org/
- Penetration Testing
- Kali Linux – https://www.kali.org/
- Commando VM – https://github.com/fireeye/commando-vm
- Metasploit – https://www.metasploit.com/
- InSpec – GitHub – inspec/inspec: InSpec: Auditing and Testing Framework
- Caldera – https://caldera.mitre.org/
- Application Penetration Testing
- LGTM.com – https://lgtm.com/
- Coverity SCAN – https://scan.coverity.com/
- OWASP Zed Attack Proxy (ZAP) – https://www.zaproxy.org/
- W3af – https://w3af.org/
- Container Malware Analysis
- Cuckoo Sandbox – https://cuckoosandbox.org/
- Security Orchestration
- Unified Threat Management (UTM)
- Endian Firewall Community – https://www.endian.com/
- Security Information and Event Management (SIEM)
- Information Security Capabilities (Access & Data)
- Data Loss/ Leakage Detection/ Protection (DLP)
- OpenDLP – https://code.google.com/archive/p/opendlp/downloads
- MyDLP – https://mydlp.com/
- Key Management
- Vault by HashiCorp – https://www.vaultproject.io/
- StrongKey – https://www.strongkey.com/
- PKI
- EJBCA – https://www.ejbca.org/
- OpenXPKI – https://www.openxpki.org/
- Identity and Authorization Management
- OpenIAM – https://www.openiam.com/
- Keycloak – https://www.keycloak.org/
- OpenAM – https://www.openidentityplatform.org/
- OpenID – https://openid.net/
- OAuth – https://oauth.net/
- Authentication Management
- LinOTP – https://linotp.org/
- WiKID – https://www.wikidsystems.com/
- OATH – https://openauthentication.org/
- Privileged Account and Access Management
- Apache Guacamole – https://guacamole.apache.org/
- TRASA – https://www.trasa.io/
- Access Management (Container Security)
- Clair – https://github.com/quay/clair
- Anchore – https://anchore.com/
- Dagda – https://github.com/eliasgranderubio/dagda/releases
- Backup and Recovery
- Amanda – http://www.amanda.org/
- UrBackup – https://www.urbackup.org/
- Bacula – https://www.bacula.org/
- Data Loss/ Leakage Detection/ Protection (DLP)
- Information Management Capabilities
- Service Management
- GRC Tooling
- Eramba – https://www.eramba.org/
- Educational
- WebGoat – https://owasp.org/www-project-webgoat/
Security Management Controls (SMC)
- Host Security Controls
- Host-based Firewall
- pfSense – https://www.pfsense.org/
- IPFire – https://www.ipfire.org/
- Untangle NG Firewall – https://www.untangle.com/
- Endian – https://www.endian.com/
- SmoothWall – https://www.smoothwall.com/
- IPCop – http://www.ipcop.org/
- Host-based IDS/ IPS
- OSSEC – https://www.ossec.net/
- Wazuh – https://wazuh.com/
- PHPIDS – https://github.com/PHPIDS/PHPIDS
- Corelight Sofware Sensor (also for containers) – https://corelight.com/products/software-sensor/
- Anti-malware
- Armadito – https://armadito.com/
- ClamAV – https://www.clamav.net/
- System Software Access Control
- AppArmor – https://www.apparmor.net/
- SELinux – https://selinuxproject.org
- File Integrity Monitoring
- OSSEC – https://www.ossec.net/
- Tripwire – https://www.tripwire.com/
- Disk Encryption
- VeraCrypt – https://veracrypt.fr/
- Host-based Firewall
- Network Security Controls
- Network-based IDS/ IPS:
- Snort – https://www.snort.org/
- Suricata – https://suricata-ids.org/
- Network Monitoring
- Nagios Core – https://www.nagios.org/
- Zabbix – https://www.zabbix.com/
- Icinga 2 – https://icinga.com/
- Wireshark – https://www.wireshark.org/
- Ntop (NetFlow) – https://www.ntop.org/
- Web Application Firewall
- ModSecurity – https://modsecurity.comodo.com/
- IronBee – https://github.com/ironbee/ironbee/
- WebKnight (MS IIS) – https://www.aqtronix.com/
- Web Filtering
- E2Guardian – http://e2guardian.org/
- ClearOS Open Source – https://www.clearos.com/
- Filter – https://www.untangle.com/
- E-mail Anti-malware (Gateway)
- Proxmox Mail Gateway – https://www.proxmox.com/
- MailScanner – https://www.mailscanner.info/
- Orange Assassin – https://orangeassassin.org/
- Apache SPAM Assassin – https://spamassassin.apache.org/
- MailCleaner – https://www.mailcleaner.org/
- Reverse Proxy Load Balancer
- Nginx – https://www.nginx.com/
- VPN
- OpenVPN – https://openvpn.net
- SoftEther – https://www.softether.org/
- FreeLan – https://freelan.org/
- WireGuard – https://www.wireguard.com/
- Openswan – https://openswan.org/
- Strongswan – https://strongswan.org/
- Libreswan – https://libreswan.org/
- Network Access Control
- PacketFence – https://www.packetfence.org/
- openNAC – http://opennac.org/
- Secure DNS (DNSSEC)
- BIND – https://www.isc.org/
- PowerDNS – https://www.powerdns.com/
- Network-based IDS/ IPS:
- Application and Middleware Security Controls
- SSL Certificates
- Let’s Encrypt – https://letsencrypt.org/
- SSL For Free – https://www.sslforfree.com/
- Zero SSL – https://zerossl.com/
- Cloudflare – https://www.cloudflare.com/
- SSL Certificates
- Data and Database Security Controls
- Storage and File Services Security Controls
- Virtual Infrastructure Security Controls
This overview will be continuously updated. Comparisons and tutorials of the software listed will be added to this blog as well. Stay tuned!