Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era

Page created by Herbert Chang
 
CONTINUE READING
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
Hindawi
Security and Communication Networks
Volume 2021, Article ID 3187205, 21 pages
https://doi.org/10.1155/2021/3187205

Review Article
Analysis and Classification of Mitigation Tools against
Cyberattacks in COVID-19 Era

          George Iakovakis, Constantinos-Giovanni Xarhoulacos, Konstantinos Giovas,
          and Dimitris Gritzalis
          Information Security and Critical Infrastructure Protection (INFOSEC) Research Group Dept. of Informatics,
          Athens University of Economics & Business, 76 Patission Ave., Athens GR-10434, Greece

          Correspondence should be addressed to Dimitris Gritzalis; dgrit@aueb.gr

          Received 15 July 2021; Accepted 7 August 2021; Published 21 August 2021

          Academic Editor: Konstantinos Rantos

          Copyright © 2021 George Iakovakis et al. This is an open access article distributed under the Creative Commons Attribution
          License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is
          properly cited.

          The COVID-19 outbreak has forced businesses to shift to an unprecedented “work from home” company environment. While
          this provides advantages for employees and businesses, it also leads to a multitude of shortcomings, most prevalent of which is
          the emergence of additional security risks. Previous to the outbreak, company computer networks were mainly confined within
          its facilities. The pandemic has now caused this network to “spread thin,” as the majority of employees work remotely. This has
          opened up a variety of new vulnerabilities, as workers’ cyber protection is not the same at home as it is in office. Although the
          effects of the virus are now subsiding, working remotely has embedded itself as the new normal. Thus, it is imperative for
          company management to take the necessary steps to ensure business continuity and be prepared to deal with an increased
          number of cyber threats. In our research, we provide a detailed classification for a group of tools which will facilitate risk
          mitigation and prevention. We also provide a selection of automated tools such as vulnerability scanners, monitoring and
          logging tools, and antivirus software. We outline each tool using tables, to show useful information such as advantages,
          disadvantages, scalability, cost, and other characteristics. Additionally, we implement decision trees for each category of tools,
          in an attempt to assist in navigating the large amount of information presented in this paper. Our objective is to provide a
          multifaceted taxonomy and analysis of mitigation tools, which will support companies in their endeavor to protect their
          computer networks. Our contribution can also help companies to have some type of cyber threat intelligence so as to put
          themselves one step ahead of cyber criminals.

1. Introduction                                                             Cyberattacks became increasingly sophisticated and
                                                                        menacing in the COVID-19 era. The coronavirus pandemic
Within the context of computers and computer networks, an               has challenged businesses, as they attempt to adapt to an
attack is any plan to expose, alter, disable, destroy, steal, or        operational and functional model which is heavily based on
gain unauthorized access. A cyberattack is any sort of of-              teleworking (working from home or other remote locations).
fensive maneuver that targets computer information systems,             Forcing companies to shift to a mainly digital business
infrastructures, computer networks, or PC devices [1]. An               model has opened them up to multiple new cybersecurity
attacker may be a person or process that attempts to access             risks. The reputational operational, legal, and compliance
data, functions, or other restricted areas of the system without        implications could be considerable if cybersecurity risks are
authorization, potentially with malicious intent. In terms of           neglected. The impact of COVID-19 on cyber risk is too high
context, cyberattacks are often a part of cyberwarfare or               and mitigation measures, which businesses can implement,
cyberterrorism [2]. A cyberattack is often employed by na-              must be effective [3]. The year 2020 will be marked as a
tion-states, individuals, groups, society, or organizations and         distinctively disruptive year, not only for the worldwide
it may originate from an anonymous source.                              health crisis but also for the online life being digitally
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
2                                                                                      Security and Communication Networks

transformed, as exponential change accelerated at home and        the following: Apache JMeter, LoadNinja, and Gatling. The
work via cyberspace [4].                                          research indicates the most important advantages and
    A recent study held by Tanium underlined that there was       disadvantages of the selected tools.
a significant rise in cyberattacks due to the pandemic and             In contrast to the aforementioned literature, our re-
that the transition to remote work led to a delay in key          search will present a great range of IT Security tools with an
security projects [5]. According to ENISA [6], during the         extensive analysis and classification with specific criteria for
pandemic, cybercriminals have been seen fostering their           the purpose of assisting users and organizations to fortify
capabilities, adapting quickly, and targeting relevant victim     their systems.
groups more effectively (Figure 1).
    The increase in remote working requires expertise in
cybersecurity, due to the greater exposure to cyber risk.
                                                                  2.1. Scope of Our Work. The purpose of our publication is to
Reports have shown that almost one in every two individuals
                                                                  assist in the increased treatment of computer security attack
are deceived by a phishing scam while working at home [3].
                                                                  incidents through the categorization of the mitigation tools
Moreover, in most cases, an attack spreads from an infected
                                                                  we have done. Surely, COVID-19 has played an important
user to other employees in their organizations and half of
                                                                  role in the increasing activity of malware since attackers can
them have been affected by ransomware within the past 12
                                                                  find a wider field to act on. As a major part of our work
months [7].
                                                                  revolves around presenting a multitude of products and
    In this research, we will introduce a mitigation analysis
                                                                  tools regarding vulnerability scanning, monitoring and
of obtainable tools, which will support technical security
                                                                  logging, and AV Software, it was imperative to draw in-
policies. Related work is presented in section “Related
                                                                  formation from the most immediate source available. Thus,
Work.” The main contribution of our paper is in section
                                                                  we extracted information from product websites and
“Mitigation Tools Analysis and Classification” where tools
                                                                  technical documents.
are analyzed and classified in several ways. We are going to
                                                                       Τhe work we have done can help organizations and
present an inventory of automated mitigation tools like
                                                                  companies effectively and efficiently protect their assets. It is
vulnerability scanners, monitoring and logging tools, and
                                                                  critical for an organization to have a fast and effective means
antivirus software. There will be a quick outline for each tool
                                                                  of responding, whenever any kind of computer security
and table, which will provide useful information such as
                                                                  attack occurs on it or an intrusion is recognized [15]. For
strong and weak points, cost, and scalability. Finally, section
                                                                  example, our classification can be a tool for Computer Se-
“Conclusions” concludes with the analysis of the classifi-
                                                                  curity Incident Response Teams (CSIRTs). ENISA [16]
cation results.
                                                                  points out how important the role of CSIRT is in dealing
                                                                  with security breach incidents at a national and international
2. Related Work                                                   level. As we know the goal of the CSIRT [15]—when an
                                                                  incident occurs—is to control and minimize any damage,
In an attempt to cope with the exponential rise in cyber
                                                                  preserve evidence, provide quick and efficient recovery,
threats, due to COVID-19, we are motivated to contribute
                                                                  prevent similar events in the future, and acquire knowledge
to the research regarding cyberattack mitigation tools. Snell
                                                                  of threats against the organization.
[8] cites utilities from specific security vendors that seek out
                                                                       The results and findings of mitigation tools can help
unauthorized activity but allow safe transmissions onto the
                                                                  significantly in dealing with similar incidents in the future.
network. As described by Alzahrani et al. [9], security tools
                                                                  CSIRTs concentrate on the coordination of incident han-
are used to scan for these widespread vulnerabilities in web
                                                                  dling, thereby eliminating duplication of effort. Their focus is
applications. Moreover, their paper evaluates them based
                                                                  to mitigate the potentially serious effects of a severe com-
on security vulnerabilities and gives recommendations to
                                                                  puter security-related problem. To achieve this goal, they
the web applications’ users and administrators aiming to
                                                                  concentrate their efforts on the capability to react to inci-
educate them. The objective of Bekavac and Garbin
                                                                  dents and the resources to alert and inform its constituency,
Praničević [10] is to compare and analyze the impact of web
                                                                  as well [17].
analytics tools for measuring the performance of a business
                                                                       A best-case scenario is vulnerabilities scanner results to
model. A summary of web analytics and metrics tools is
                                                                  be shared between CSIRT for improved threat intelligence.
also given, including their main characteristics, function-
                                                                  Businesses need to support their computer security capa-
alities, and available types. Turuvekere and Pandit [11]
                                                                  bilities before they suffer from serious computer security
focus on various attacks that are possible on a web ap-
                                                                  problems that can harm their mission, result in significant
plication and compare various penetration testing tools.
                                                                  expense, and tarnish their image [17]. The wide range of
Naga Sudheer et al. [12] discuss the features of automated
                                                                  tools we suggest in our research can help significantly in this
and manual testing as well as analyzing three automated
                                                                  type of group. A CSIRT should also provide true business
software testing tools: Selenium, UFT/QTP, and Watir.
                                                                  intelligence to its parent organization by virtue of the fol-
This work highlights the differences between automated
                                                                  lowing [18]:
and manual testing. The aim of Kaur and Kumari [13]
research paper is to evaluate three software testing tools to          Information collected regarding various current and
determine their usability and effectiveness. Kołtun and                 potential threats and attacks which threaten the
Pańczyk [14] help users choose the right tool, by comparing           enterprise
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
Security and Communication Networks                                                                                                               3

           Delivery

                              Attacks against  Fraudulent domains:         SMS                                                      Attacks
                                                                                             Email           Fake testing
                             the Teleworking Corona-virus-map.com        phishing                                                against health
                                                                                            phishing            apps
                              infrastructure Apps: COVID-19 Tracker                                                              organizations
            Exploitation

                                               RDP Brute                               Drive-by
                                                 Force                               compromise

                            Backdoor &                                                                                           Trickbot
            Installation

                            persistence                                                                                           Trojan

                                                              Lokikbot               AZORult Info          Ransomware Samas,
                                                               Trojan                  Stealer                 GradCrab
       on Objectives
          Actions

                           Data Theft       Financial Fraud           Password              Personal        Ransom             Disturbance
                                                                       Stealer         Information theft

                                           Figure 1: Threat landscape mapping during COVID-19 [6].

    Knowledge of general intruder attacks, trends, and                              Analysis and classification of mitigation tools that are
    corresponding mitigation strategies                                          presented in this paper can improve threat intelligence. We
    Infrastructure and policy weakness and strength                              mention the following benefits [22]:
    comprehension: this information is based on incident                             Valuable insight and context: providing details on
    postmortems                                                                      which risks are most likely to damage a company or
    The CSIRT Network [19] provides a forum where                                    industry, as well as indicators to help prevent and
members can cooperate, exchange information, and build                               identify future attacks
trust. Members are able to discuss how to respond in a                               Improved incident response times: prioritizing alerts
coordinated manner to specific incidents and how to handle                            allows an organization to respond faster to real threats
cross-border incidents. Computer security incidents require                          and reduces the likelihood of significant consequences
fast and effective responses from the organizations con-                              from a breach
cerned. CSIRT are responsible for receiving and reviewing
                                                                                     Improved communication, planning, and investment:
incident reports and responding to them appropriately [20].
                                                                                     security teams can communicate real risks to the business
Monitoring and logging tools that have been analyzed in our
                                                                                     and focus on defending high-risk targets from genuine
survey can actually help in this direction. Additionally,
                                                                                     threats by investing in and preparing more security
threat intelligence gives organizations an edge to stay one
step ahead of attackers but the threat intelligence must be                          To create threat intelligence customized to information
relevant and coupled with the right context [21].                                systems, CSIRTs need to collect data internally. External
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
4                                                                                Security and Communication Networks

sources should be monitored for threat data related to any            attack types (XSS, SQLi, etc.) and the user can have
components or tools used. Tools can be utilized, which can            access into a vulnerability to get more information.
automatically return relevant information that can provide        (3) Apptrana: by providing services such as Applica-
additional context for your analyses [23]. Therefore, it is           tion Vulnerability Scanning, Web Application
important to choose appropriate tools that will assist in the         Firewall (WAF), and DDos Protection, AppTrana
successful treatment of attacks.                                      [28] addresses the shortcomings in existing cloud
   Figure 2 [24] shows an indicative workflow of an inci-              security solutions. It offers comprehensive pro-
dent management team. CSIRT should follow the steps while             tection using only technology-based cookie cutter
having the correct information. Our paper offers the                   solutions.
guidelines through analysis and classification to choose the
                                                                  (4) Arachni: it [29] aims towards helping penetration
proper tools for doing this procedure.
                                                                      testers and administrators evaluate the web appli-
                                                                      cation. It is a tool that supports all major operating
2.2. Mitigation Tools Analysis and Classification. In this             systems (MS Windows, Mac OS X, and Linux), and
section, we present the main contribution of our paper,               due to its integrated browser environment, it can
where mitigation tools are analyzed and classified in several          support highly complicated web applications that
ways. We aim to facilitate stakeholders to understand which           make heavy use of technologies, such as JavaScript,
tools better fit their needs. In section “Vulnerability Scanners       HTML5, DOM manipulation, Ruby library, and
Analysis,” we analyze 25 vulnerability scanners, while in             AJAX.
section “Classification of Vulnerability Scanners,” we classify    (5) Burp Suite: it [30] tests Web application security.
them based on 10 specific criteria. In sections “Monitoring            The tool has three editions: A Community Edition
and Logging Tools Analysis” and “Classification of Moni-               free of charge but with limited functionality, a
toring and Logging Tools,” we analyze and categorize 25               Professional Edition and an Enterprise Edition that
monitoring and logging tools based on 8 criteria. In section          can be both purchased after a trial period. It is
“Antivirus Software Classification,” we classify 14 antivirus          designed to provide a comprehensive solution for
software tools according to 9 criteria. Additionally, we              web application security checks. Besides the basic
implement three decisions trees for each category of tools we         functionality, the tool has more advanced options
examined. The purpose of this paper is to give a roadmap for          such as a repeater, a spider, a decoder, a comparer,
stakeholders (CSIRT, CISO, IT professionals, simple users,            an extender and a sequencer. It is written in Java
etc.), choosing the appropriate tool.                                 and developed by PortSwigger Web Security. A
                                                                      mobile application is also available that contains
                                                                      similar tools compatible with iOS 8 and above.
2.3. Vulnerability Scanners Analysis. A vulnerability scanner
[25] is a program designed to assess computers, networks, or      (6) Contrast: Contrast Security [31] is an updated se-
applications for better-known flaws. They are used for                 curity tool that has embedded code analysis and
vulnerability identification and detection arising from                attack prevention directly into software. It protects
misconfigurations or imperfect programming of a network-               web applications against cyberattacks. There are
based quality. Their function is similar to a firewall, router,        sensors that work actively inside applications to
web or application server, and so on. Modern vulnerability            uncover vulnerabilities, while at the same time
scanners provide authenticated and unauthenticated scans.             prevent data breaches. Contrast Protect also avoids
They also usually have the ability to customize vulnerability         diagnosing false positives that waste valuable time
reports as well as the installed software, open ports, cer-           for security teams.
tificates, and other host data which will be queried as a part     (7) Detectify: it [32] accomplishes automated security
of their workflow. A number of them are briefly presented as            tests on databases, web applications and scans assets
follows:                                                              for vulnerabilities, including OWASP Top 10 and
     (1) Acunetix: it [26] is an automated security testing           DNS misconfigurations. There is a contribution of
         tool that checks for web application vulnerabilities         over 150 chosen ethical hackers’ security findings
         such as SQL Injection and Cross-site scripting. It           which are built into Detectify scanner as automated
         scans websites or web applications accessible via a          tests. At this point it should be emphasized that
         web browser and uses the HTTP/HTTPS protocol.                their submissions go beyond the known CVE li-
         Moreover, it is a tool that customizes web appli-            braries and this is something special for modern
         cations including those utilizing JavaScript, AJAX,          application security.
         and Web 2.0 web applications and can find almost          (8) Digifort Detect: it [33] is a three-in-one product
         any file.                                                     tool. It discovers attack attempts and gives in-
     (2) AppSpider: it [27] offers interactive reports that            formation about the time, the attacker’s identity
         prioritize the highest risk and streamline remedi-           and the extent of the attack. It gathers application
         ation efforts, with links for deeper analysis. Thus,          errors and detects security vulnerabilities an at-
         users are enabled to quickly get to and analyze the          tacker could use to gain access to confidential
         most important data. Findings are organized by               information.
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
Security and Communication Networks                                                                                                    5

                                                    Incident Management Workflow

                                                                                              Escalation
        Incident                                                                           (level one, two,
      Identification             Categorization                   Response                 or three support)              Closure

                      Logging                 Prioritization                  Diagnosis                    Resolution
                                              (low, medium,                                               And Recovery
                                             or high-priority)
                                    Figure 2: A generic incident management workflow [24].

    (9) GamaScan: it [34] is a remote online web vulner-                    (13) NetSparker: it [38] uniquely identifies vulnerabil-
        ability assessment service delivered via SaaS. The                       ities such as SQL Injection and Cross-site scripting
        GamaSec Application Vulnerability Scanner detects                        in web applications and web API, proving they are
        not only web application weaknesses but also ap-                         real and not false positives, once a scan is finished. It
        plication vulnerabilities such as Cross-site scripting                   is Windows software and has an online service.
        (XSS), SQL Injection, and Code Inclusion. In ad-                    (14) Nexpose: its [39] vulnerability scanner performs
        dition to its graphical and intuitive HTML reports,                      various network checks for vulnerabilities. Nexpose
        it ranks threat priority and indicates site security                     monitors real-time vulnerabilities and acquaints
        posture by vulnerabilities and threat exposure as                        itself to new hazards with fresh data. In addition, it
        well.                                                                    fixes the issue based on its priority. Furthermore,
   (10) ImmuniWeb: it [35], from Swiss firm High-Tech                             Nexpose scans new devices and assesses vulnera-
        Bridge, is based on machine learning and artificial                       bilities when they access the network.
        intelligence automation. For that reason, it has the                (15) Nikto: it [40] is used to assess probable issues and
        ability to adapt to new and trending threats. It                         vulnerabilities. It carries out wide-ranging tests on
        identifies the most sophisticated defects in web                          web servers to scan various items such as hazardous
        applications and webpages. Besides, it is claimed to                     programs or files. It can scan multiple ports in one
        detect twice as many vulnerabilities than any au-                        sever. Moreover, Nikto verifies the server versions
        tomated solution would. A contractual SLA for                            whether they are outdated and checks for any
        ImmuniWeb provided by High-Tech Bridge                                   specific problem that affects the server’s function-
        guarantees zero false positives to customers.                            ing. It scans protocols such as HTTP, HTTPS, and
   (11) N-Stalker: it [36] is a WebApp Security Scanner that                     HTTPd.
        searches for vulnerabilities, like SQL Injection, XSS,              (16) OpenVas: it [41] serves as a central service that
        and other known attacks in web servers and web                           provides tools for both vulnerabilities scanning and
        application security.                                                    vulnerability management. Its services are free of
                                                                                 cost. It supports various operating systems and is
   (12) Nessus: it [37] is a proprietary vulnerability scan-
                                                                                 licensed under GNU General Public License (GPL).
        ner. It scans a wide range of technologies such as
                                                                                 It is updated with the Network Vulnerability Tests,
        operating systems, databases, network devices, web
                                                                                 on a regular basis.
        servers, hypervisors, and critical infrastructure.
        Tenable Research designs programs which are                         (17) Tripwire IP360: Tripwire IP360 [42] tool is devel-
        called plugins to detect new vulnerabilities and are                     oped by Tripwire Inc. The tool can easily spot
        written in the Nessus Attack Scripting Language                          network hosts, network configurations, applica-
        (NASL). Each plugin conveys vulnerability infor-                         tions, and vulnerabilities. It also uses open stan-
        mation and a set of remediation actions and tests                        dards to facilitate the risk management integration
        for the presence of the security issue. Each week                        and vulnerability into multiple business processes.
        new plugins are published by Tenable, Inc., and new                 (18) Retina CS: it [43] performs automated vulnerability
        ones are released within 24 hours of vulnerability                       scans for workstations, web servers, web applica-
        disclosure. In addition, this scanner haws the ability                   tions, and databases providing an assessment of
        to support configuration and compliance audits,                           cross-platform vulnerability and featuring config-
        SCADA audits, and PCI compliance.                                        uration compliance, patching, compliance
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
6                                                                                         Security and Communication Networks

           reporting, and so forth. In addition, it supports                 scanning is done through MBSA, it presents the
           virtual environments such as virtual app scanning                 user with suggestions regarding fixing the vulner-
           and vCenter integration.                                          abilities. It also investigates computers for any
    (19)   Qualys: it [44] enables organizations to achieve                  missing updates, misconfiguration, any security
           both vulnerability management and policy com-                     patches, and so forth.
           pliance initiatives cohesively. Built on top of Qualys
           Infrastructure and Core Services, the Qualys Clod        2.4. Classification of Vulnerability Scanners. In this section,
           Suite incorporates a number of applications, all of      firstly vulnerability scanners are classified (Table 1). The
           which are delivered via the Cloud: Asset view,           tools are classified according to the following criteria: (i)
           vulnerability management, continuous monitoring,         strengths, (ii) weaknesses, (iii) free trial, (iv) cost/price, (v)
           web application scanning, malware detection,             scalability, (vi) technical support, (vii) vulnerability assess-
           policy compliance, and so forth.                         ment, (viii) reports and analytics, (ix) ease of use, GUI
    (20)   Probely: it [45] scans web applications to find           offered, and (x) compatibility. The next part of the section
           vulnerabilities and security issues providing guid-      includes the proposed decision tree.
           ance on how to fix them. Probely performs auto-               Results showed that the majority of vulnerability scan-
           mated security testing by integrating into               ners that we examined are easy to use and offer technical
           Continuous Integration pipelines, following an           support, scalability, vulnerability assessment, reports, and
           API-First development approach, providing all            analytics. Windows is the main operating system they
           features through an API. This tool covers thousands      support, although an adequate number of them can support
           of vulnerabilities including OWASP TOP10. It is          most platforms. In addition, users can find free trial editions
           also used to check specific PCI-DSS, ISO27001,            in every tool we tested, whereas only Arachni, Nikto,
           HIPAA, and GDPR requirements.                            OpenVas, Retina CS, and Secunia, MBSA are open-source
    (21)   Intruder: it [46] is used for scanning as soon as new    tools. The corresponding decision tree is depicted in
           vulnerabilities are released. Integrations with Slack    Figure 3.
           and Jira help notify development teams when newly
           discovered issues need fixing, and AWS integration        3. Monitoring and Logging Tools Analysis
           means IP addresses need to be synchronized to
                                                                    Monitoring and logging tools are types of software that
           scan. It makes vulnerability management easier for
                                                                    oversee activity and generates log files accordingly. Log files
           small teams and for that reason it is popular among
                                                                    can be created by servers, application, network, and security
           startups and medium-sized businesses.
                                                                    devices. Errors, problems, and other data are continually
    (22)   Secunia Personal Software Inspector: it [47] is          logged and saved for analysis. In order to detect issues
           mainly used to keep all the applications and pro-        mechanically, system administrators, and operations, set up
           grams updated and notifies users when an insecure         monitors on the generated logs. The log monitors scan the
           program in a PC is being identified. It also solves       log files and explore for identified text patterns and rules that
           security vulnerabilities.                                indicate necessary events. Once an event is detected, the
    (23) SolarWinds Network Configuration Manager: it                monitoring system can send an alert, either to a specified
         [48] offers a vulnerability assessment feature, which       individual or to a different software/hardware system.
         claims to fix vulnerabilities using automation, as          Monitoring logs facilitate to spot security events that oc-
         part of its Network Configuration Manager prod-             curred or may occur. A number of them will be presented as
         uct. The software’s built-in configuration manager          follows:
         enables users to monitor configuration changes, so               (1) Solarwinds Network Performance Monitor (NPM):
         as to prevent vulnerabilities. Moreover, after                      Solarwinds [51] is a Windows-based tool, even
         detecting any violations to the system, it runs au-                 though it can monitor lots of devices. A web in-
         tomatic remediation scripts. Using this tool, users                 terface provides information about the devices
         are also enabled to set continuous audit of routers                 being monitored and helps do the configuration.
         and switches to monitor for compliance.                             Alerting and reporting are some of its features as
    (24) Comodos Hackerproof: it [49] tests website secu-                    well. Regarding general infrastructure monitoring,
         rity, by providing the daily vulnerability scanning,                Solarwinds NPM fulfills that role in the Solarwinds
         to ensure that no security hole exists. It has PCI                  Orion suite of tools since it provides information
         scanning included and supplies a visual indicator to                like availability, health status (temperature, power
         ensure safe transactions by the visitors.                           supply, etc.), and performance indicators (e.g.,
    (25) Microsoft Baseline Security Analyzer (MBSA): it is                  interface utilization).
         [50] a free tool of Microsoft designed to secure a              (2) Solarwinds Server and Application Monitor:
         Windows computer based on the specifications and                     Solarwinds SAM [52] provides deep insight into
         guidelines set by Microsoft. It is usually used by                  servers and applications. The tool comes with
         small-sized and medium-sized organizations for                      monitoring templates, customized to monitor
         managing the security of their networks. Once the                   custom applications, so as to help get setup quickly.
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
Table 1: Vulnerability scanners presentation.
                                                                                                                                                                    Ease of
                                                                                                                                                        Reports
                                                                                          Free                              Technical   Vulnerability                use,
No.     Tool name                  Strengths                      Weaknesses                       Cost/price   Scalability                               and                 Compatibility
                                                                                          trial                              support     assessment                  GUI
                                                                                                                                                        analytics
                                                                                                                                                                    offered
                           Ease of use features and        Lack of AD support and
                          functionalities, quick setup    static review process, does
1        Acunetix          with a wide range of test,     not allow web servers audit,    Yes     From 3.685€      Yes        Yes           Yes           Yes        Yes       Windows
                               network, and web           scan may be slow when run
                               vulnerability scan               over the internet
                         Great job on scanning single
                                                           The UI could be better,
                         page apps as well as APIs, no
2       AppSpider                                         maybe needs slightly better     Yes     By request       Yes        Yes           Yes           Yes        Yes       Windows
                          scan errors due to process
                                                                 dashboards
                                                                                                                                                                                              Security and Communication Networks

                                    failure
                                                                                                  From 99$/
3       AppTrana          Quick, reliable, affordable                                      Yes                      Yes        Yes           Yes           Yes        Yes          SaaS
                                                                                                    month
                                                                                                                                                                                 Most
                                                                                                  Free (open-
4        Arachni               Ease of use, free                                          Yes                                               Yes           Yes        Yes       platforms
                                                                                                    source)
                                                                                                                                                                               supported
                         Inspection/altering of HTTP
                               requests/responses,                                                                                                                               Most
                                                          Difficult setup for proxies,              From 349€/
5       Burp Suite       comprehensive scans, works                                       Yes                      Yes        Yes           Yes           Yes        Yes       platforms
                                                            it uses tabs everywhere                user/year
                           great on private network                                                                                                                            supported
                         without Internet connection
                                                              Currently supported
                         Easy to run scans, fast security    technologies are Java,
                            results, provides security    Python, and .Net, missing                                                                                           SaaS or on-
6        Contrast                                                                         Yes     By request       Yes        Yes           Yes           Yes        Yes
                           dashboard with real-time        web layer vulnerabilities                                                                                           premises
                                      metrics             detection, e.g., detection of
                                                               TLS vulnerabilities
                         Fully automated testing, easy Does not detect business                   From 40€/
7        Detectify                                                                        Yes                      Yes        Yes           Yes           Yes        Yes          SaaS
                           to use, extremely detailed             logical flaws                    user/month
                                  Also discovers
8     Digifort Inspect         misconfigurations,                                          Yes     By request       Yes        Yes           Yes           Yes        Yes          SaaS
                              lightweight, friendly
                               24/7 support, good
9       GamaScan                                             Only Windows-based           Yes     By request       Yes        Yes           Yes           Yes        Yes       Windows
                             dashboard, ease of use
                                                          Does not consider business
                         Clear instructions for fixing       or website elements in
                                                                                                    1000$/
10     ImmuniWeb          issues, straightforward and context, does not perform           Yes                      Yes        Yes           Yes           Yes        Yes          SaaS
                                                                                                    month
                             easy to use, affordable       advanced pen tests or brute
                                                                   force tests
                                                                                                                                                                                              7
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
8
                                                                                    Table 1: Continued.
                                                                                                                                                                 Ease of
                                                                                                                                                     Reports
                                                                                       Free                              Technical   Vulnerability                use,
No.     Tool name                Strengths                    Weaknesses                       Cost/price    Scalability                               and                 Compatibility
                                                                                       trial                              support     assessment                  GUI
                                                                                                                                                     analytics
                                                                                                                                                                 offered
                       Good support, pinpoint web
11      N-Stalker                                         Only windows-based           Yes     By request       Yes        Yes           Yes           Yes        Yes       Windows
                        application security scanner
                          Easy to configure, good        Nonresponsive UI, the
12       Nessus        vulnerabilities database, good   update of plugins takes        Yes     By request       Yes        Yes           Yes           Yes        Yes        Windows
                                   reports                    some time
                        Ease of use, great scanning
                                                                                                  From
                         and crawling for large and      Only Windows-based
                                                                                               4.995$/year
13     NetSparker      complex singe page web apps,     vulnerability handling is      Yes                      Yes        Yes           Yes           Yes        Yes       Windows
                                                                                                (standard
                           accurate findings and          still a bit cumbersome
                                                                                                 edition)
                                  coverage
                         Intuitive, end point agent
                                                        Expensive, not so good                 From 22$/                                                                    Windows/
14       Nexpose       deployment and management                                       Yes                      Yes        Yes           Yes           Yes        Yes
                                                         filtering capabilities                    asset                                                                      Linux
                            are easy, ease of use
                                                             Does not find all                  Free (open-
15        Nikto              Free, ease of use                                         Yes                                 No            Yes                      Yes       Unix/Linux
                                                               vulnerabilities                   source)
                                                          Long time to load, not                                                                                              Most
                                                                                               Free (open-
16      OpenVas        Free, user-friendly, ease of use dependable as database         Yes                                               Yes           Yes        Yes       platforms
                                                                                                 source)
                                                                 fails often                                                                                                supported
                                                        The ability to automate a
                                                                                                                                                                              Most
                          Great scalability, many      lot of IT regulatory stuff is
17    Tripwire IP360                                                                   Yes     By request       Yes        Yes           Yes           Yes        Yes       platforms
                              support options          done well but is complex to
                                                                                                                                                                            supported
                                                                    setup
                        Provides evaluation on the
                                                         Sometimes the software                Free (open-
18      Retina CS       vulnerabilities found, deep                                    Yes                                               Yes                      Yes       Windows
                                                         gets stuck and runs slow                source)
                           analysis on networks
                                                        Scanning areas monitored
                         Easy installation, lots of     by Qualys may take long,                                                                                            Windows/
19       Qualys                                                                        Yes     By request       Yes        Yes           Yes           Yes        Yes
                       documentation, free training not well suited for modern                                                                                               Linux
                                                                technologies
                                                                                               From 69€/
                       Full details on scan results,
20       Probely                                          Limited functionality        Yes     month (Pro       Yes        Yes           Yes           Yes        Yes          SaaS
                        flexible GUI, API-driven
                                                                                                 license)
                                                                                               From 145€/                                                                     Most
                       Excellent support, proactive
21       Intruder                                                                      Yes     month (Pro       Yes        Yes           Yes           Yes        Yes       platforms
                            scans, ease of use
                                                                                                 license)                                                                   supported
                                                                                                                                                                                           Security and Communication Networks
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
Table 1: Continued.
                                                                                                                                                                Ease of
                                                                                                                                                    Reports
                                                                                                                                                                                          Security and Communication Networks

                                                                                      Free                              Technical   Vulnerability                use,
No.      Tool name                 Strengths                    Weaknesses                    Cost/price    Scalability                               and                 Compatibility
                                                                                      trial                              support     assessment                  GUI
                                                                                                                                                    analytics
                                                                                                                                                                offered
                                                          Takes a long time to scan
      Secunia Personal Simple interface, ease of use,      for outdated programs,
                                                                                              Free (open-
22        Software      used for updating insecure           cannot modify the        Yes                                               Yes                      Yes       Windows
                                                                                                source)
         Inspector             applications               scanning schedule, often
                                                              slow at scanning
        SolarWinds
                                                                                                                                                                             Most
         Network             Lightweight, easy to
23                                                               Expensive            Yes     From 2440€       Yes        Yes           Yes           Yes        Yes       platforms
       Configuration        configure, online training
                                                                                                                                                                           supported
         Manager
                                                                                                                                                                             Most
         Comodo’s         Daily vulnerability scanning,                                       From 499€/
24                                                                                    Yes                      Yes        Yes           Yes           Yes        Yes       platforms
        Hackerproof                ease of use                                                   year
                                                                                                                                                                           supported
         Microsoft
                             Ease of use, free, good      Does not offer in-depth              Free (open-
25    Baseline Security                                                               Yes                                               Yes           Yes        Yes        Windows
                                  auditing tool                  security                       source)
      Analyzer (MBSA)
                                                                                                                                                                                          9
Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
10                                                                                                                                        Security and Communication Networks

                                                                                  Vulnerability Scanners

                            Open source                                                   Budget                                                                  By request

             Arachni, Nikto, OpenVas, RetinaCS,                             AppTrana, Detectify, ImmuniWeb,
             Secunia Personal Software Inspector,                        Probely, Acunetix, N-Stalker, NetSparker,                                         AppSpider, Contrast, Digifort
             Microsoft Baseline Security Analyzer                        Burp Suite, Nexpose, Intruder, SolarWinds                                         Inspect, GamaScan, N-Stalker,
                          (MBSA)                                            Network, Configuration Manager,                                                 Nessus, Tripwire IP360, Qualys
                                                                                  Comodo’s Hackerproof

         Windows based                  Most platforms
                                        supported            SaaS                    Windows based                   Most platforms           SaaS                Windows based             Most platforms
                                                                                                                     supported                                                              supported

          Retina CS
           Secunia                                                                                                 Burp Suite
          Personal                      Arachni           AppTrana                       Acunetix                   Nexpose
          Software                                         Detectify                    N-Stalker                   Intruder                                        AppSpider               Tripwire IP360
                                        OpenVas
          Inspector                                      ImmuniWeb                      NetSparker                SolarWinds               Contrast                 GamaScan                    Qualys
          Microsoft                                        Probely                                                  Network             Digifort Inspect             Nessus
           Baseline                                                                                              Configuration
           Security                                                                                                 Manager
          Analyzer                                                                                                 Comodo’s
           (MBSA)                                        Scalability-                  Scalability-              Hackerproof                                                                Scalability-
                                                         Technical                     Technical                                         Scalability-               Scalability-            Technical
                                       Vulnerability                                   support-                                          Technical                  Technical
                                                         support-                                                                                                                           support-
                                       assessment-                                     Vulnerability                                     support-                   support-
                                                         Vulnerability                                      Scalability-Technical                                                           Vulnerability
         Vulnerability                 Reports-                                        assessment-                                       Vulnerability              Vulnerability
                                                         assessment-                                        support-                                                                        assessment-
         assessment-                   GUI offered                                      Reports-                                          assessment-                assessment-
                                                         Reports-                                           Vulnerability assessment-                                                       Reports-
         Reports-                                        GUI offered                    GUI offered           Reports-                     Reports-                   Reports-                GUI offered
         GUI offered                                                                                         GUI offered                   GUI offered                 GUI offered

                                                                                                              Burp Suite, Nexpose,
                                                          AppTrana                                            Intruder, SolarWinds
          Microsoft                                                                     Acunetix
                                         Arachni           Detectify                                                Network                Contrast                  AppSpider              Tripwire IP360
          Baseline                                                                      N-Stalker
                                         OpenVas         ImmuniWeb                                                Configuration          Digifort Inspect             GamaScan                   Qualys
          Security                                                                      NetSparke
                                                           Probely                                             Manager, Comodo’s                                      Nessus
          Analyzer
          (MBSA)                                                                                                  Hackerproof

                                                         Figure 3: Vulnerability scanners decision tree.

     (3) PRTG Network Monitor: this monitoring tool is                                                               having an easy-to-use responsive web interface. It
         considered to be simple to set up and easy to use.                                                          can be installed on either Windows or Linux OS
         PRTG [53] covers the whole monitoring spectrum,                                                             and offers several features like server monitoring,
         like network, bandwidth, server, and application                                                            network mapping, monitoring templates, alerting
         monitoring in an all-in-one solution including,                                                             (SMS, e-mail), reporting network configuration
         such as alerting (SMS, e-mail, Push notifications                                                            management, and network traffic analysis. Most of
         through mobile apps, etc.), robust reporting, and an                                                        these features are included in the base installation,
         intuitive web interface. It uses and relies on                                                              whereas some require a separate license purchase.
         agentless monitoring. PRTG can be used to monitor                                                       (7) Wireshark: it [57] is a widely used network pro-
         several types of devices including Linux, Windows,                                                          tocol analyzer. Some of this multiplatform run tool
         Cisco, HP, and VMware; however, it can only be                                                              features perform live capture and offline analysis,
         installed on Windows OS.                                                                                    as well as VoIP analysis. They also offer decryption
     (4) WhatsUp Gold: it [54] is an easy-to-use tool that                                                           support for many protocols. The output can be
         provides several features including discovery,
         configuration management, alerting, reporting, and
                                                                                                                     exported to XML, PostScript , CSV, or plain text.
                                                                                                                     Moreover, it compresses capture files with gzip
                                                                                                                                                                                 ®
         monitoring of virtual environments. Some of these                                                           and decompresses them on the spot. It is used
         features are available in certain editions; WhatsUp                                                         mainly by many commercial and nonprofit en-
         Gold provides four different editions: Basic, Pro,                                                           terprises, government agencies, and educational
         Total, and Total Plus. Also, WhatsUp Gold can be                                                            institutions and it follows a project started by
         installed only on Windows OS and may not be as                                                              Gerald Combs (1998).
         customizable as Linux-based monitoring tools.                                                           (8) OP5 Monitor: it [58] is a network monitoring tool
     (5) Nagios XI: it [55] is a Linux-based solution that is                                                        based partly on Nagios (Naemon). Some of its
         flexible and powerful because the core can be ex-                                                            features include customizable dashboards, perfor-
         tended with plugins. It comes in two types: Nagios                                                          mance monitoring, alerting, reporting, web-based
         Core, which is free and open-source, and Nagios XI,                                                         configuration (unlike the default Nagios Core).
         which is the paid enterprise edition. Nagios XI                                                             Moreover, it is built to scale having a license (Ent+)
         simplifies and makes available (by default) many of                                                          that can monitor over 100 K devices.
         the things lacking in Nagios Core. Some of the                                                          (9) Zabbix: it [59] is an all-in-one network monitoring
         features available on Nagios XI include a much better                                                       solution. Although it supports agentless monitor-
         web interface, auto discovery, graphs, alerting (SMS,                                                       ing, the Zabbix server gets monitoring information
         e-mail), reporting, and configuration wizards.                                                               from the Zabbix agent (as a client-server model).
     (6) ManageEngine OpManager: it [56] is a compre-                                                                Some of the features provided by Zabbix are per-
         hensive IT infrastructure monitoring solution                                                               formance and application monitoring, web-based
Security and Communication Networks                                                                                       11

        configuration, auto discovery, alerting, and                   devices in a network so they can be monitored
        reporting.                                                    proactively. The tool mitigates the issue having
   (10) Icinga: it [60] is a network monitoring tool that             interpreted problems first and initiates then an
        comes in two versions: Icinga 1 and Icinga 2. Icinga          automatic predefined action. Another feature is
        provides features such as performance monitoring,             that it permits remote control, remote support,
        alerting, reporting, extensibility through plugins.           remote access, even remote meetings, by extending
        Icinga 1 resembles Nagios Core with added func-               the ConnectWise suite. In addition, the “Patch
        tionality such as a better web interface, support for         Management” allows protection of all systems with
        more databases, and easier plugin integration. It is          simultaneous patching from a centralized
        compatible with Nagios plugins. Icinga 2 is a re-             manager.
        write of Core and features a responsive web in-          (16) Logic Monitor: it [66] is an automated SaaS
        terface. However, it reduces configuration                     (Software-as-a-Service) IT performance monitoring
        complexity and supports distributed monitoring.               tool providing full visibility of the performance and
   (11) LibreNMS: it [61] is a free open-source network               health of a network and their improvement. It
        monitoring tool and a fork of Observium. It pro-              discovers IT infrastructure devices and monitors
        vides features such as graphs, auto network dis-              them proactively, by identifying incoming issues by
        covery, alerting (SMS, e-mail, Slack, etc.),                  providing predictive alters and trend analysis. It
        configuration through web interface or command-                includes a customizable dashboard, alerts, and
        line interface. It does not have a paid support, which        reports.
        is available through several channels like commu-        (17) LogFusion: it [67] handles text-based log dumps,
        nity forums, IRC, GitHub, and Twitter.                        event logs, remote logging, and even remote event
   (12) Spiceworks: its [62] inventory originally started out         channels. Free and licensed versions are much of
        as a utility for scanning devices on the network and          the same except for a couple of features such as
        reporting information on what was running on                  customizable columns and tabbed interface.
        them. It has a real-time alerting function and the
                                                                 (18) Netwrix Event Log Manager: On the freeware
        community has played a significant role to its
                                                                      version, it [68] handles the basic needs such as real-
        growth. Using Spiceworks Network Monitor, the
                                                                      time email alerting of critical events, some limited
        user views the status of various devices and services
                                                                      amount of alert criteria filtering, and some ar-
        and is alerted if particular values do not match the
                                                                      chiving ability (limited to 1 month).
        preset criteria.
   (13) Snort: it [63] is an open-source network intrusion       (19) Splunk: it [69] is a log management program which
        detection system for Linux and Windows which                  encapsulates data from an entire range of devices
        performs packet logging on IP networks and real-              across a network. Its core functionality can be
        time traffic analysis. This tool is composed of two             expanded via add-ons and plugin apps. It can also
        major components: a detection engine that utilizes            work fully on-site, hybrid on-site/cloud, or fully in a
        modular plugin architecture and a flexible rule                cloud environment to ease remote management.
        language to describe traffic to be collected. It can       (20) Tripwire Log Center: it [70] identifies and responds
        perform protocol analysis, content searching, and             to threats as well as assuring that all devices and
        can be used to detect a variety of attacks and probes,        traffic meet proper compliance and that extensive
        such as stealth port scans, CGI attacks, buffer                backup and protection features are on top of log
        overflows, OS fingerprinting attempts, and SMB                  management and analysis.
        probes.                                                  (21) LogRhythm: it [71] is a program that gathers log
   (14) Datadog: it [64] is a monitoring easy-to-install tool         data from applications and databases from all
        specially designed for hybrid cloud environments.             sources. It is fully automated in a great deal of
        It offers performance monitoring of network, tools,            management aspect, though it is still able to be
        apps, and services. It can also provide extensibility         manually adjusted.
        through many API (Application Programming                (22) SumoLogic: it [72] is a cloud-based tool that does
        Interfaces) with documentation, graphs, metrics,              not restrict IT professionals to the operating en-
        and alerts, which the software can adjust dynam-              vironment or a particular system. One of its features
        ically based on different conditions. Moreover, the            is that forensics are run as separate threads which
        software can be downloaded and installed by                   can help isolate resource use in cloud space.
        agents, available for different platforms such as              SumoLogic does segmentation, which offers the
        Windows, Mac OS, Several Linux distributions,                 convenience to add and remove whatever is nec-
        Docker, Chef, and Puppet.                                     essary to have a customized solution for supporting
   (15) ConnectWise Automate: [65] formerly known as                  your environment without wasting resources.
        Labtech, it can keep track of IT infrastructure          (23) EventTracker Log Manager: it [73] grabs all the
        devices from a single location. It discovers all              security, application, and error logs for analysis and
12                                                                                        Security and Communication Networks

          encompasses Linux, Unix, Syslog, and Windows              for as long as possible. Installing antivirus software is often
          logs. It offers intuitive graphs and charts and a          the foremost way for a user to secure his computer [80].
          powerful visual front end.                                     According to the information mentioned above, it is vital
     (24) Correlog: it [74] focuses on the real-time man-           to install antivirus software. Below, there is helpful data
          agement aspect. The software evaluates every bit of       regarding each antivirus software, which are classified using
          event information bringing to attention things of         the following nine criteria: (i) strengths, (ii) weaknesses, (iii)
          concern. It combines a centralized control interface      price, (iv) on-demand malware scan, (v) on-access malware
          for managing and collecting data as well.                 scan, (vi) website rating, (vii) malicious URL blocking, (viii)
                                                                    phishing protection, and (ix) behavior-based detection and
     (25) ELK Stack: ELK stands for three open-source
                                                                    the results are listed in Table 3. At the end, we present the
          projects: Elasticsearch, Logstash, and Kibana.
                                                                    decision tree for this category of tools.
          Elasticsearch is a search and analytics engine.
                                                                         It appears that only a few antivirus software tools are
          Logstash is a server-side data processing pipeline
                                                                    totally free of cost and these tools are Bitdefender Free
          that collects data from multiple sources at the same
                                                                    Edition, Avast, Avira, and Sophos. We can also distinguish
          time, transforms it, and then sends it to Elas-
                                                                    that the examined antivirus tools that meet all criteria we
          ticsearch. Kibana helps users to visualize data with
                                                                    posed are McAfee, Symantec Norton, Webroot Secure-
          charts and graphs in Elasticsearch [75]. Lately, the
                                                                    Anywhere, Kaspersky, Trend Micro, and Bitdefender An-
          addition of Beats turned the stack into a four-legged
                                                                    tivirus Plus. Figure 5 depicts the decision tree.
          project. These different components are used to-
          gether for monitoring, troubleshooting, and se-
          curing IT environments (though there are many             3.3. The COVID-19 Era and Factor. In March 2020, the
          more use cases for the ELK Stack, such as business        coronavirus was pronounced by WHO as a global pandemic.
          intelligence and web analytics) [76]. For many            Until today (July 2021), the COVID-19 crisis has made
          organizations, the ELK Stack is an open-source            prevention an urgent need and the lessons that humanity has
          alternative to other SIEM (security information and       learned are, hopefully, enough to highlight the serious role of
          event management) systems [77]. A CSIRT can               IT security and privacy. The dramatic experience of COVID-
          benefit from ELK stack because of the combination          19 in several countries, e.g., Brazil, India, Italy, Spain, and
          of tools that it uses. Also, ELK stack can be used for    USA, to name a few, has outlined the importance of effective
          vulnerability management [78].                            cybersecurity due to numerous successful cyberattacks.
                                                                    There is no surprise that, during the pandemic, more so-
                                                                    phisticated intrusion methods were detected and reported.
3.1. Classification of Monitoring and Logging Tools. In Ta-              Organizations must take additional steps to achieve
ble 2, the examined tools have been classified based on the          security requirements by implementing stronger defenses
following parameters: (i) strengths, (ii) weaknesses, (iii) free    and better practices. This entails applying a collection of
trial available, (iv) cost/price, (v) scalability, (vi) technical   security solutions to prevent any attraction from threat
support, (vii) reports and analytics, and (viii) ease of use,       factors, as noticed during the COVID-19 pandemic and the
GUI offered. At the end of this section, we present the              crisis that followed. Sophisticated and highly organized
corresponding decision tree.                                        cybercriminals target organizations showing every day how
    From the monitoring and logging tools we examined, all          vulnerable the systems are. For example, health organiza-
have free trial versions and the vast majority of them are easy     tions have become a prime target because advanced per-
to use and offer scalability, technical support, report, and         sistent threats (APT) try to obtain information for domestic
analytics. Moreover, many of them like Zabbix, LibreNMS,            research into COVID-19-related medicine [94]. Addition-
Spiceworks, Snort, Netwrix Event Log Manager, and Splunk            ally, attackers take advantage of collective fear to perform
are open-source network systems. The decision tree is               phishing campaigns using coronavirus as a trap [95]. Threat
depicted in Figure 4.                                               actors like hackers and state-backed attackers have been
                                                                    using an APT technique to gain a foothold on victim ma-
                                                                    chines and launch several types of malware attacks. In 2020,
3.2. Antivirus Software Classification. Commonly, malicious          e-mail phishing attacks were more than 600% since the end
software is blocked by antivirus materials through the              of February 2020 [96]. And the situation keeps getting more
identification of code signatures distinctive to different kinds      difficult, so there is a need of keeping one step ahead from all
of malware. Once the applications encounter a file with a            these intruders.
code string that matches one in their database for an already           As there is no one-size-fits-all security solution, it is not
known virus, they block its access to the intended victim’s         feasible to address every cybersecurity challenge with a
computer [79].                                                      single method/technology/solution because every partic-
    In the fight between attackers and security researchers,         ular system faces different threats, different vulnerabilities,
the former endeavor is to break any defense mechanism by            and different risk tolerances. No matter how much we
masquerading, social engineering, or by impeding antivirus          shield a system, human errors and weaknesses will always
software from detecting, so that they can settle on as many         be a threat. Unpredictable situations, such as the COVID-
computers as possible and their malware can lay in the hosts        19 crisis, will create new challenges. There is an urgent need
Security and Communication Networks                                                                                                        13

                                        Table 2: Monitoring and logging tools presentation.
                                                                                                                                    Ease of
                                                                                                                        Reports
                                                                   Free trial                               Technical                use,
Νo.     Tool name           Strengths            Weaknesses                     Cost/price    Scalability                 and
                                                                   available                                 support                 GUI
                                                                                                                        analytics
                                                                                                                                    offered
                      Easy to implement
        Solarwinds
                     and customize, free Expensive, there are
         Network
1                       fully functional    some user interface       Yes       From 2440€       Yes          Yes         Yes        Yes
       Performance
                         demo, ease of               issues
      Monitor (NPM)
                            scalability
                         Extensive and
                         customizable
        Solarwinds   platform, workflow
                                            Expensive, outdated
        Server and         that allows
2                                               GUI, complex          Yes       From 2440€       Yes          Yes         Yes        Yes
        Application        monitoring
                                                 architecture
         Monitor       resources, can be
                    integrated with open-
                         source clients
                     Very good structure
                    and overview of your                                        From 1200€
      PRTG Network                              Runs only on
3                    devices, ease of use                             Yes        (PRTG500        Yes          Yes         Yes        Yes
         Monitor                                   windows
                    and installation, very                                        license)
                              flexible
                                            Everything must be
                    Device cards is a nice      installed on-
                         addition, easy       premises, device
4     WhatsUp Gold                                                    Yes       By request       Yes          Yes         Yes        Yes
                           creation of      roles and discovery
                    dashboard, easy GUI        could use some
                                                     work
                      Complete solution
                                            Advanced reporting
                    for any type of server,
                                             should have some
                    user interface is easy
                                            bulk server options,                From 1995$
                      to understand and
5       Nagios XI                            interface becomes        Yes        (standard       Yes          Yes         Yes        Yes
                    simple to customize,
                                            slow when it goes to                  edition)
                         configuration
                                            many clients in the
                     wizards simplify the
                                                    system
                         setup process
                     3D visualization of Everything must be
                           the server,          installed on-
      ManageEngine     customizable and        premises, cloud
6                                                                     Yes       By request       Yes          Yes         Yes        Yes
       OpManager          friendly user         management
                      interface, ability to requires a different
                      map the workflow              product
                    Lightweight software,
                                               GUI should be
                     free, filter function,
                                              better, might be                  Free (open-
7       Wireshark        simultaneous                                 Yes                                      No         Yes        Yes
                                             confusing for new                    source)
                     capturing on all the
                                                     users
                       network adapters
                                            Needs work in GUI
                                              to become more
                     Great support team,
                                            user friendly, would
                    fast and reliable with
8      OP5 Monitor                          work towards better       Yes       By request                    Yes         Yes        Yes
                    remote collectors and
                                             automated tools to
                          load sharing
                                               handle network
                                                   devices
                                            Zabbix notification
                     Free, stores data in
                                             and per-user view
                    JSON format so other                                        Free (open-                 Yes (not
9         Zabbix                                  need to be          Yes                                                 Yes        Yes
                     application can also                                         source)                    free)
                                             enhanced, requires
                     use it, friendly GUI
                                              lots of resources
14                                                                                                 Security and Communication Networks

                                                           Table 2: Continued.
                                                                                                                                         Ease of
                                                                                                                             Reports
                                                                        Free trial                               Technical                use,
Νo.    Tool name            Strengths               Weaknesses                       Cost/price    Scalability                 and
                                                                        available                                 support                 GUI
                                                                                                                             analytics
                                                                                                                                         offered
                      Can monitor almost
                                                Setup can be tricky,
                         everything, good
10       Icinga                                     not so good            Yes       By request       Yes          Yes         Yes        Yes
                       community forums
                                                 technical support
                            for support
                       Helpful community,                                            Free (open-
11     LibreNMS                                 High memory usage          Yes                        Yes          Yes         Yes        Yes
                          free, great GUI                                              source)
                      Free, extensible with
                          other (not free)
                                                  The program is
12     Spiceworks     products, good basic                                 Yes          Free          Yes          Yes         Yes        Yes
                                                     outdated
                       monitoring, easy to
                       use and understand
                      Good feedback, free,      Requires significant
                       network packets are       configuration and
13        Snort       saved in log file either    domain knowledge          Yes          Free          Yes          Yes         Yes        Yes
                         displayed in the       to set up, sometimes
                              console           gives false positives
                        Agent installation
                                                  Heavy learning
                        can be automated,
                                                curve to several key
                         advanced graph                                              Up to 31$/
14      Datadog                                    features, not           Yes                        Yes          Yes         Yes        Yes
                        functionality, high                                           month
                                                  available as on-
                              level of
                                                 premises solution
                           customization
                       Ability to automate
                      agent installation and
                                                Some functionality
                       manage system and
                                                 requires plug-ins,
                           vendor patch
                                                URL changes, on-
      ConnectWise      deployment, ability
15                                                   premises              Yes       By request       Yes          Yes         Yes        Yes
       Automate        to offer self-service
                                                    installation
                         options to users,
                                                   requirements,
                          allows multiple
                                                complex to set up
                       vendors to integrate
                               with it
                                                 High volume of
                            Agentless,
                                                 information and
                      comprehensive, and
                                                      multiple
                         secure systems
                                                   customization
                        monitor service,
                                                  options make it
16    Logic Monitor   excellent online help                                Yes       By request       Yes          Yes         Yes        Yes
                                                  complex, steep
                          and technical
                                                learning curve for
                         support, great
                                                those not familiar
                            workflow
                                                 with monitoring
                      management features
                                                tools and services
                      Lightweight, handles          Inadequate                       From 15$/
17     LogFusion                                                           Yes                        Yes          Yes         Yes        Yes
                         most of log files       customer support                      machine
                        Free, all event log
      Netwrix Event                                                                  Free (open-
18                    data in a single view,                               Yes                        Yes          Yes         Yes        Yes
      Log Manager                                                                      source)
                       ensures compliance
                                            Not free for more
                      Free, no development
                                            than the minimal
                        work required to                                             Free (open-
19       Splunk                            use, complex until              Yes                        Yes          Yes         Yes        Yes
                      deploy, segmentation                                             source)
                                                one gains
                             of logs
                                            experience with it
                            Very good
      Tripwire Log                         Reports can be more
20                    monitoring, detailed                                 Yes       By request       Yes          Yes         Yes        Yes
         Center                               user-friendly
                             reports
Security and Communication Networks                                                                                                                  15

                                                            Table 2: Continued.
                                                                                                                                              Ease of
                                                                                                                                  Reports
                                                                          Free trial                                 Technical                 use,
Νo.    Tool name                Strengths             Weaknesses                          Cost/price   Scalability                  and
                                                                          available                                   support                  GUI
                                                                                                                                  analytics
                                                                                                                                              offered
                                              Not so good back-
                            Excellent web
                                               end technology,
                       console, configurable
21    LogRhythm                               time and effort to              Yes          By request      Yes           Yes            Yes     Yes
                         dashboards, quick
                                             learn how to use it
                                searches
                                                     properly
                                                Slow search for
                        Good functions, log
                                              older information,
                           ingestion from
                                                  poor account                            From 90$/
22    SumoLogic        essential any source,                                 Yes                          Yes           Yes            Yes     Yes
                                             management, some                               month
                        flexible search and
                                                 inadequate UI
                               reporting
                                                    decisions
                        Extremely powerful
                         search, very good
      EventTracker     support team, easy to     Search can be
23                                                                           Yes          By request      Yes           Yes            Yes     Yes
      Log Manager            deploy agent            complex
                            collectors and
                          generate reports
                         Easy deployment,         Not so good
24      Correlog                                                             Yes          By request      Yes           Yes            Yes     Yes
                           good reporting       documentation
                        Free to get started,
                                                     Complex
                          multiple hosting
                                                  management
                         options, real-time
                                                 requirements,                               Open-
25     ELK Stack         data analysis and                                   Yes                          Yes           Yes            Yes     Yes
                                             stability and uptime                            source
                            visualization,
                                                   issues, data
                        centralized logging
                                              retention tradeoffs
                              capabilities

                                                           Monitoring and Logging Tools

            Open source                                         Budget                                               By request

                                                               Solarwinds Network
                                                              Performance Monitor                               WhatsUp Gold
                 Wireshark
                                                                     (NPM)                                 ManageEngine OpManager
                   Zabbix
                                                              Solarwinds Server and                              OP5 Monitor
                 LibreNMS
                                                               Application Monitor                                   Icinga
                 Spiceworks
                                                             PRTG Network Monitor                           ConnectWise Automate
                    Snort
                                                                    Nagios XI                                    Logic Monitor
         Netwrix Event Log Manager
                                                                     Datadog                                  Tripwire Log Center
                   Splunk
                                                                    LogFusion                                     LogRhythm
                 ELK Stack
                                                                   SumoLogic                               EventTracker Log Manager
                                                                                                                   Correlog

                                                                  Scalability-                                   Scalability-
           Scalability-
                                                                  Technical                                      Technical
           Technical support-
                                                                  support-                                       support-
           Reports-
                                                                  Reports-                                       Reports-
           GUI offered
                                                                  GUI offered                                     GUI offered

                                                         Solarwinds Network Performance
                                                                 Monitor (NPM)                                   WhatsUp Gold
                 LibreNMS                                Solarwinds Server and Application                            Icinga
                 Spiceworks                                          Monitor                                 ConnectWise Automate
                    Snort                                     PRTG Network Monitor                                Logic Monitor
         Netwrix Event Log Manager                                   Nagios XI                                 Tripwire Log Center
                   Splunk                                            Datadog                                       LogRhythm
                 ELK Stack                                          LogFusion                               EventTracker Log Manager
                                                                    SumoLogic                                       Correlog

                                            Figure 4: Monitoring and logging tools decision tree.
16                                                                                           Security and Communication Networks

                                                Table 3: Antivirus software presentation.
                                                                           On-       On-
                                                                                                       Malicious            Behavior-
                                                                         demand     access   Website              Phishing
No.       Tool name           Strengths        Weaknesses       Price                                    URL                  based
                                                                         malware   malware   rating              protection
                                                                                                       blocking             detection
                                                                           scan      scan
                                Strong
                                                  Fewer
                             protection,
                                                features in  From
                          good scores in
      McAfee AntiVirus                        iOS, PC boost 19.99$/
1                         hands-on tests,                                  Yes       Yes      Yes        Yes        Yes        Yes
           Plus [81]                           web speedup device
                          perfect score in
                                              works only in (year)
                            antiphishing
                                                 Chrome
                                 tests
                            Blocks even
                             brand-new           Browser     From
       Symantec Norton     malware, low         extension   39.99$/
2                                                                          Yes       Yes      Yes        Yes        Yes        Yes
      AntiVirus Plus [82]    impact on        extras can be device
                                system          unreliable   (year)
                              resources
                          Extremely light                    From
           Webroot                             No testing
                             on system                      29.99$/
3      SecureAnywhere                         data from the                Yes       Yes      Yes        Yes        Yes        Yes
                              resources,                    device
        AntiVirus [83]                           top labs
                           lightning fast                    (year)
                              Accurate,                      From
                                                  Can be
          Bitdefender         password                      25.99$/
4                                               resource                   Yes       Yes      Yes        Yes        Yes        Yes
      Antivirus Plus [84] manager, cheap                    device
                                                  hungry
                            subscription                     (year)
                          One of the best
                             performing                        From
                                               Kaspersky’s
           Kaspersky           security                       39.95$/
5                                             full suites are              Yes       Yes      Yes        Yes        Yes        Yes
        AntiVirus [85]        packages,                       device
                                               better value
                          supremely easy                       (year)
                                to use
                                Highly                         From
                                                Relatively
         ESET NOD32        configurable,                         19€/
6                                             expensive, not               Yes       Yes       No        Yes        Yes        Yes
         Antivirus [86]    device access                        user
                                              for beginners
                               control                         (year)
                                               Might slow
                             Affordable
         Trend Micro                           you down,
                           pricing, easy to
7     Antivirus + Security                       slightly                  Yes       Yes      Yes        Yes        Yes        Yes
                             use, strong
             [87]                               limiting
                              protection
                                                options
                             Prevents
                         nonwhitelisted
                                              Could
                        programs from
                                            possibly            From
                            launching
         VoodooSoft                         whitelist          29.99$/
8                        when PC is at                                     No        Yes       No        No         No         Yes
      VoodooShield [88]                     malware            device
                             risk, new
                                         running prior          (year)
                            machine-
                                         to installation
                          learning tool
                         flags malware
                                          Malware can
                              Exempt
                                         act freely until
                             personal
                                         eliminated by         19.95$/
                          folders from
9       The Kure [89]                     reboot, does         device      No        No        No        No         No         No
                          being wiped,
                                          not offer 24-          (year)
                         live-chat tech
                                           hour tech
                        support built in
                                             support
                                                              From
      F-Secure Antivirus    User-friendly,    Prone to false 29.99$/
10                                                                         Yes       Yes       No        Yes        No         Yes
             [90]            good value         positives    device
                                                              (year)
You can also read