Information Governance - includes Industry Participants

Open Source Cyber Tools for When You Are On a Tight Budget

By Georg Thomas posted 08-20-2021 09:15


Please enjoy this blog post authored by Dr. Georg Thomas, CCISO, CDPSE, CISM, CISSP, GRCP

 Cyber-attacks are on the rise across the globe with 2021 identified as the highest average cost of data breaches over the past 17 years (IBM, 2021). Law firms are under increased pressure from clients, insurers, and regulators to name a few to ensure that adequate protections are in place to provide protection from cyber threats. It is no secret that law firms hold vast amounts of sensitive and valuable information and consequently, law firms are increasingly becoming targets (Shanker, 2021).

Over the past few years, there has been an increased focus on implementing and maturing cyber security programs within law firms. There has also been a focus on third party cyber risk and law firms are often asked to complete security assessments at the request of clients and insurers and commit to remediating any identified gaps usually within a set timeframe. Law firms, like all industries are at varying stages in their cyber security journey. Some are just starting, others are part way through, and some are mature, having even obtained certifications, such as ISO/IEC 27001. In some cases, simply developing and implementing a policy or procedure can improve the security program of a law firm or address a clients’ concerns, however, in some cases the adoption of new tools and technologies is required.

Let’s face it, cyber security tools can be expensive. Thankfully, there are options that can help drive the cyber security maturity forward even for those on a very limited budget using open source and free tools. Although open source and free tools often lack the slick interfaces and the “bells and whistles” that are seen in commercial/enterprise tools, they still have the required functionality to get the job done. Let’s look at a few of those open source tools:

Security Onion (– is free Linux distribution that can be used for threat hunting, enterprise security monitoring and log management. It contains several tools within the distribution such as Suricata (threat detection engine), Zeek (Network Security Monitor), Logstash (log processor), and Network Miner (network forensic analysis tool). The distribution is scalable and can be installed directly on hardware, as a virtual machine or directly into cloud (via Amazon AWS Marketplace).

Snort ( is a free intrusion detection and prevention system (IDS/IPS). Snort uses rules to identify anomalies in network traffic, which can then be used to generate alerts or stop packets. Snort can be used with the free community ruleset and additional rulesets can also be purchased.

OSSEC+ ( is an open-source intrusion detection system. Unlike Snort, which is network based. OSSEC+ is a host-based intrusion detection system. Registering OSSEC+ also enabled machine learning capabilities which further enhances its capabilities to detect and block malicious activity.

Graylog Open ( is the open-source version of Graylog. Graylog is a log aggregator used to perform Security Information and Event Monitoring (SIEM) operations. It ingests logs from multiple sources, which can then be correlated, analysed, and used to trigger alerts.

OPNsense ( is a free, hardened firewall and routing platform. It provides many features that are available in other commercial products such as forward caching proxy, traffic shaping, intrusion detection, VPN, network monitoring, captive portal and stateful packet inspection.

NMAP ( or Network Mapper is a free tool that can be used to scan the network and identify assets and services that are running. It is particularly useful for auditing (such as identifying unauthorised systems and devices on the network. NMAP is command line, but there is a Windows user interface available for download called ZenMAP.

OpenVAS ( is a full featured vulnerability scanner that can be used to identify missing patches and poor configurations within your infrastructure with can then be remediated. OpenVAS is included in distributions of Kali Linux.

Kali Linux ( and ParrotSec ( are both Linux distributions that contain a host of security tools can be used to identify security weaknesses, conduct security assessments and perform forensic tasks.

Autopsy ( is a free digital forensics tool that can be used to conduct investigations as part of cyber incident response. Some examples of its capabilities include carving our data, identify indicators of compromise and searching for keywords within datasets such as files and logs.

VeraCrypt ( is a free disk encryption utility. This platform used to be known as TrueCrypt (which was discontinued). VeraCrypt was improved to address some of the issues that TrueCrypt had. Where encryption through features such as BitLocker for Windows are not available, VeraCrypt provides a good alternative.

This is by no means an exhaustive list of the tools that are available it addresses a lot of the common controls and requirements in a cyber security program. There is an open-source option for nearly every requirement, but where there is a gap, there are low-cost tools. In any case, such tools can help to overcome budget constraints and help to protect your firm.


IBM (2021). Cost of a Data Breach Report. Retrieved from:

Shanker, A. J. (2021). Ransomware Attackers Take Aim at Law Firms. Retrieved from:

1 comment



09-13-2021 10:11

Thanks for this guide! For those interested in low-cost security tools, @Mark Manoukian did an excellent presentation on this subject at LegalSEC Summit 2020. The recording (which might be available only to conference registrants?) is available at ​