5 essential cybersecurity tools for 2024
Just because you’re a tech business doesn’t mean you’re not a target for attackers. In fact, modern, digital-first tech businesses are often more vulnerable because you may not have the security resources of larger businesses – or you don’t think you’re a target for hackers.
Tech businesses may also have to run lean to maintain profit margins and the capital you need to grow and expand. Common perceptions that cyber security is expensive or complicated and best left for bigger companies can then leave you open to automated, opportunistic attacks.
But strong cyber security doesn’t need to be complex or expensive. Whether you’re a tech start-up or scaling business, you can easily protect your digital systems and data in just few simple steps with powerful, cost-effective tools – and you don’t need to be an IT expert to use them. Let’s look at how to get started.
5 essential cyber security tools for every tech business
1. Vulnerability Scanner
Your first port of call. A vulnerability scanner will monitor risk across your existing tech stack by finding vulnerabilities such as misconfigurations, missing patches, encryption weaknesses and bugs. The best scanners and monitoring tools will also give recommendations on how to fix the vulnerabilities to prevent potentially harmful or costly breaches.
Using powerful open-source and commercial scanning engines, Intruder is designed with simplicity in mind. It prioritizes results based on their potential risk, with remediation advice that’s easy to action. It continuously monitors the attack surface with proactive vulnerability scans so users can respond faster to new threats. Integrating seamlessly with an existing tech stack, it runs over 140,000 security checks across the internal and external perimeter infrastructure, including API and application-layer vulnerability checks for OWASP Top 10, XSS, SQL injection, CWE/SANS Top 25, remote code execution and OS command injection. Its CloudBot also runs hourly checks for new IP addresses or hostnames in connected AWS, Google Cloud or Azure accounts. See for yourself by trying our interactive demo below.
Known for its comprehensive scanning capabilities and flexibility, Qualys is a premium commercial scanning tool which can scan multiple systems from a single console, including cloud environments and your internal network. But premium comes with a price tag. You can create custom reports that segment and prioritize analytical data, and can be scheduled for more responsive vulnerability management. However, its UI isn’t the easiest to use or navigate for newbies, and some users who’ve reviewed its performance have experienced false positives, slower scans and unexpected downtimes.
OpenVAS is open-source and backed by the developer community – and as such, it’s created with tech-savvy users in mind, so non-techies beware. It comes in two forms: as an open-source module and a commercial version with an enhanced plugin set. It provides a good level of coverage if you’re running fewer on-premises corporate products so it’s a potential cheaper option if your budget is limited, if you’re a very early-stage start-up or SMB with a limited internet footprint, although what it saves you in cost, can cost you more investing in what can be fairly complicated installation and usage. Even the experts at Cloudflare have run in to difficulties trying to implement open-source scanning.
2. Endpoint Protection / Antivirus
This shouldn’t need saying, but antivirus is an essential requirement for every business. Antivirus, endpoint protection and endpoint security are almost interchangeable today because most products billed as antivirus offer the same functionality as endpoint protection/security solutions.
They’re deployed on endpoint devices including desktop and laptop computers, servers and smartphones to prevent file-based malware, detect and block malicious activity from trusted and untrusted applications, and to provide the remediation capabilities needed to proactively respond to security incidents and alerts. Windows now comes with Defender installed by default, but here are some options if you’re MacOS or Linux based.
Sophos Intercept X with XDR integrates powerful endpoint detection and response (EDR) with top-rated antivirus protection. Built for both IT security and threat hunting, Intercept X detects and investigates suspicious activity with AI-driven analysis. Unlike some EDR tools, it adds expertise by replicating the skills of analysts. Its dashboard is intuitive with good customization and an end-to-end security view that’s easy to understand out of the box.
ESET Endpoint Security is a comprehensive multi-layered solution, combining machine learning and human expertise to deliver comprehensive protection and excellent detection rates. It’s deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.
Bitdefender’s GravityZone Business Security provides excellent security on Windows, macOS, Linux, iOS, and Android. Where it really stands apart is that it offers highly sophisticated security add-ons including a sandbox, content control, device control, and Microsoft Exchange protection. It also has sophisticated endpoint detection and response (EDR) capabilities, which are becoming increasingly sought-after in this category.
3. Web Application Firewall (WAF)
When you’re running applications for your customers, a WAF provides an additional layer of protection to help stop application layer exploits. They won’t stop everything, but good WAFs get updated regularly with the latest threats and make an attacker's life much more difficult. WAFs are a secondary layer of defence, and are not a replacement for vulnerability management or penetration testing to find and fix application layer weaknesses at their source. Think of the WAF a fallback if something gets missed.
Cloudflare is an intelligent, integrated and scalable solution to protect your business-critical web applications. First and foremost it’s a CDN (content delivery network) but the Cloudflare WAF is one of its best features, protecting websites from DDoS attacks, content scraping and application-layer attacks.
The Akamai Intelligent Platform is a cloud-based cyber security software tool that provides a secure, high-performance UX on any device, anywhere. It’s designed to remove many of the issues with traditional WAF that can be a source of intra-organizational friction. From a self-service onboarding wizard to self-tuning recommendations, it provides automated protection that allows security teams to take a hands-off approach to web application security.
Whilst VPNs are first and foremost a means to provide remote access to private networks, they’re also an invaluable security tool to reduce the attack surface. Reducing your attack surface to a minimum is as important for startups as big business because you can’t exploit what’s not exposed.
Short for Virtual Private Network, a VPN provides secure remote access by encrypting network traffic flowing between a user device (laptop or smartphone) and the VPN server, which is positioned within a private network. That makes it very hard for hackers to pry into confidential data. Make sure you put all sensitive systems which require access over the internet for remote workers behind your VPN and don’t expose admin panels to the internet.
You may ask why a VPN is needed, if most edge systems, internet exposed services, and admin panels can be protected by layers of authentication and encryption. Unfortunately, these are not enough to reduce the risk entirely.
When zero-day weakness are discovered in exposed products, they’re exposed to any attacker over the internet and can’t always be patched before they are exploited. This is where and why a VPN is essential, since would-be attackers now need to compromise the VPN first, before they can reach and exploit the new weakness in the product.
OpenVPN is one of the fastest, most secure protocols. It’s also free. The balance between security, functionality and reliability, topped off with its unrivalled ability to bypass firewalls, has made it something of a standard in the open-source world. It's flexible and well managed and connects to a variety of servers, but connecting it to the rest of the OpenVPN suite of security solutions requires IT-level expertise.
Cisco is one of the biggest names in cyber security, and AnyConnect is its flagship VPN package. Offering very solid encryption, leak protection and protocols, AnyConnect caters for multiple platforms, offers flexible network architecture, and scales up as companies grow. Aimed at larger enterprises it’s not cheap, and privacy concerns and reports of sluggish speeds mean that it may not be the perfect option for an agile startup.
Citrix Gateway provides single sign on (SSO) across all applications, whether they are in a data centre, the cloud or delivered as SaaS app. It allows users to access any app from any device using a single URL. It’s simple to set up and easy to manage. The most common deployment is to place the Citrix Gateway appliance within a DMZ. For more complex deployments, you can install multiple Citrix gateway appliances on your network.
5. Logging and monitoring
Many traditional attack techniques may not apply in cloud-only or zero trust networks, but monitoring device activity, health and configuration are still essential for investigating potential attacks, and figuring out whether traffic is malicious and if action needs to be taken. In the event of incidents, logging data can help to effectively identify the source and the extent of any compromise. Most cloud providers offer logging services, which are relatively easy to configure and offer the basic security features every tech company needs.
If your key systems are in the cloud, our recommendation would be to use the cloud services designed for security logging and monitoring such as CloudWatch and GuardDuty for AWS. Google Cloud and Azure have equivalent services which are easy to deploy and manage. But if your systems aren’t in the cloud, a good alternative is...
Graylog is an open-source log management and SIEM (security information and event management) solution for capturing, storing and enabling real-time analysis of data. It provides scalable storage, an easy-to-use web interface, and a powerful toolkit to parse messages, build dashboards, and set alerts on logs. It’s a great tool, with one caveat: you have to be willing to do a lot of work yourself. The money you save in not paying for a commercial log management tool (such as Splunk), may be eaten up in your own time investment to customize and adapt Graylog to your environment.
Cyber security doesn’t need to be complex
As you can see, the good news is protecting your business isn’t as difficult as you think, especially as these cyber security tools complement each other to meet a range of threats. Whether you want to protect employee email, your web applications, APIs or endpoints, there’s something for anyone and everyone. Why not try Intruder for free for 14 days?
- Raw CVE Coverage
- Risk Rating Coverage
- Remote Check Types
- Check Publication Lead Time
- Local/Authenticated vs Remote Check Prioritisation
- Software Vendor & Package Coverage
- Headline Vulnerabilities of 2021 Coverage
- Analysis Decisions
Red teamers, security researchers, detection engineers, threat actors have to actively research type of vulnerability, location in vulnerable software and build an associated exploit.
Tenable release checks for 47.43% of the CVEs they cover in this window, and Greenbone release 32.96%.
Red teamers, security researchers, detection engineers and threat actors now have access to some of the information they were previously having to hunt themselves, speeding up potential exploit creation.
Tenable release checks for 17.12% of the CVEs they cover in this window, and Greenbone release 17.69%.
The likelihood that exploitation in the wild is going to be happening is steadily increasing.
Tenable release checks for 10.9% of the CVEs they cover in this window, and Greenbone release 20.69%.
We’re starting to lose some of the benefit of rapid, automated vulnerability detection.
Tenable release checks for 9.58% of the CVEs they cover in this window, and Greenbone release 12.43%.
Any detection released a month after the details are publicly available is decreasing in value for me.
Tenable release checks for 14.97% of the CVEs they cover over a month after the CVE details have been published, and Greenbone release 16.23%.
With this information in mind, I wanted to check what is the delay for both Tenable and Greenbone to release a detection for their scanners. The following section will focus on vulnerabilities which:
- Have CVSSv2 rating of 10
- Are exploitable over the network
- Require no user interaction
These are the ones where an attacker can point their exploit code at your vulnerable system and gain unauthorised access.
We’ve seen previously that Tenable have remote checks for 643 critical vulnerabilities, and OpenVAS have remote checks for 450 critical vulnerabilities. Tenable release remote checks for critical vulnerabilities within 1 month of the details being made public 58.4% of the time, but Greenbone release their checks within 1 month 76.8% of the time. So, even though OpenVAS has fewer checks for those critical vulnerabilities, you are more likely to get them within 1 month of the details being made public. Let’s break that down further.
In Figure 10 we can see the absolute number of remote checks released on a given day after a CVE for a critical vulnerability has been published. What you can immediately see is that both Tenable and OpenVAS release the majority of their checks on or before the CVE details are made public; Tenable have released checks for 247 CVEs, and OpenVAS have released checks for 144 CVEs. Then since 2010 Tenable have remote released checks for 147 critical CVEs and OpenVAS 79 critical CVEs on the same day as the vulnerability details were published. The number of vulnerabilities then drops off across the first week and drops further after 1 week, as we would hope for in an efficient time-to-release scenario.
While raw numbers are good, Tenable have a larger number of checks available so it could be unfair to go on raw numbers alone. It’s potentially more important to understand the likelihood that OpenVAS or Tenable will release a check of a vulnerability on any given day after a CVE for a critical vulnerability is released. In Figure 11 we can see that Tenable release 61% their checks on or before the date that a CVE is published, and OpenVAS release a shade under 50% of their checks on or before the day that a CVE is published.
So, since 2010 Tenable has more frequently released their checks before or on the same day as the CVE details have been published for critical vulnerabilities. While Tenable is leading at this point, Greenbone’s community feed still gets a considerable percentage of their checks out on or before day 0.
I thought I’d go another step further and try and see if I could identify any trend in each organisations release delay, are they getting better year-on-year or are their releases getting later? In Figure 12 I’ve taken the mean delay for critical vulnerabilities per year and plotted them. The mean as a metric is particularly influenced by outliers in a data set, so I expected some wackiness and limited the mean to only checks released 180 days prior to a CVE being published and 31 days after a CVE being published. These seem to me like reasonable limits, as anything greater than 6 months prior to CVE details being released is potentially a quirk of the check details and anything after a 1-month delay is less important for us.
What can we take away from Figure 12?
- We can see that between 2011 and 2014 Greenbone’s release delay was better than that of Tenable, by between 5 and 10 days.
- In 2015 things reverse and for 3 years Tenable is considerably ahead of Greenbone by a matter of weeks.
- But, then in 2019 things get much closer and Greenbone seem to be releasing on average about a day earlier than Tenable.
- For both the trendline over an 11-year period is very close, with Tenable marginally beating Greenbone.
- We have yet to have any data for 2021 for OpenVAS checks for critical show-stopper CVEs.
With the larger number of checks, and still being able to release a greater percentage of their remote checks for critical vulnerabilities Tenable could win this category. However, the delay time from 2019 and 2020 going to OpenVAS, and the trend lines being so close, I am going to declare this one a tie. It’s a tie.
The takeaway from this is that both vendors are getting their checks out the majority of the time either before the CVE details are published or on the day the details are published. This is overwhelmingly positive for both scanning solutions. Over time both also appear to be releasing remote checks for critical vulnerabilities more quickly.