Review Article Analysis and Classification of Mitigation Tools against Cyberattacks in COVID-19 Era
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Hindawi
Security and Communication Networks
Volume 2021, Article ID 3187205, 21 pages
https://doi.org/10.1155/2021/3187205
Review Article
Analysis and Classification of Mitigation Tools against
Cyberattacks in COVID-19 Era
George Iakovakis, Constantinos-Giovanni Xarhoulacos, Konstantinos Giovas,
and Dimitris Gritzalis
Information Security and Critical Infrastructure Protection (INFOSEC) Research Group Dept. of Informatics,
Athens University of Economics & Business, 76 Patission Ave., Athens GR-10434, Greece
Correspondence should be addressed to Dimitris Gritzalis; dgrit@aueb.gr
Received 15 July 2021; Accepted 7 August 2021; Published 21 August 2021
Academic Editor: Konstantinos Rantos
Copyright © 2021 George Iakovakis et al. This is an open access article distributed under the Creative Commons Attribution
License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is
properly cited.
The COVID-19 outbreak has forced businesses to shift to an unprecedented “work from home” company environment. While
this provides advantages for employees and businesses, it also leads to a multitude of shortcomings, most prevalent of which is
the emergence of additional security risks. Previous to the outbreak, company computer networks were mainly confined within
its facilities. The pandemic has now caused this network to “spread thin,” as the majority of employees work remotely. This has
opened up a variety of new vulnerabilities, as workers’ cyber protection is not the same at home as it is in office. Although the
effects of the virus are now subsiding, working remotely has embedded itself as the new normal. Thus, it is imperative for
company management to take the necessary steps to ensure business continuity and be prepared to deal with an increased
number of cyber threats. In our research, we provide a detailed classification for a group of tools which will facilitate risk
mitigation and prevention. We also provide a selection of automated tools such as vulnerability scanners, monitoring and
logging tools, and antivirus software. We outline each tool using tables, to show useful information such as advantages,
disadvantages, scalability, cost, and other characteristics. Additionally, we implement decision trees for each category of tools,
in an attempt to assist in navigating the large amount of information presented in this paper. Our objective is to provide a
multifaceted taxonomy and analysis of mitigation tools, which will support companies in their endeavor to protect their
computer networks. Our contribution can also help companies to have some type of cyber threat intelligence so as to put
themselves one step ahead of cyber criminals.
1. Introduction Cyberattacks became increasingly sophisticated and
menacing in the COVID-19 era. The coronavirus pandemic
Within the context of computers and computer networks, an has challenged businesses, as they attempt to adapt to an
attack is any plan to expose, alter, disable, destroy, steal, or operational and functional model which is heavily based on
gain unauthorized access. A cyberattack is any sort of of- teleworking (working from home or other remote locations).
fensive maneuver that targets computer information systems, Forcing companies to shift to a mainly digital business
infrastructures, computer networks, or PC devices [1]. An model has opened them up to multiple new cybersecurity
attacker may be a person or process that attempts to access risks. The reputational operational, legal, and compliance
data, functions, or other restricted areas of the system without implications could be considerable if cybersecurity risks are
authorization, potentially with malicious intent. In terms of neglected. The impact of COVID-19 on cyber risk is too high
context, cyberattacks are often a part of cyberwarfare or and mitigation measures, which businesses can implement,
cyberterrorism [2]. A cyberattack is often employed by na- must be effective [3]. The year 2020 will be marked as a
tion-states, individuals, groups, society, or organizations and distinctively disruptive year, not only for the worldwide
it may originate from an anonymous source. health crisis but also for the online life being digitally
2 Security and Communication Networks
transformed, as exponential change accelerated at home and the following: Apache JMeter, LoadNinja, and Gatling. The
work via cyberspace [4]. research indicates the most important advantages and
A recent study held by Tanium underlined that there was disadvantages of the selected tools.
a significant rise in cyberattacks due to the pandemic and In contrast to the aforementioned literature, our re-
that the transition to remote work led to a delay in key search will present a great range of IT Security tools with an
security projects [5]. According to ENISA [6], during the extensive analysis and classification with specific criteria for
pandemic, cybercriminals have been seen fostering their the purpose of assisting users and organizations to fortify
capabilities, adapting quickly, and targeting relevant victim their systems.
groups more effectively (Figure 1).
The increase in remote working requires expertise in
cybersecurity, due to the greater exposure to cyber risk.
2.1. Scope of Our Work. The purpose of our publication is to
Reports have shown that almost one in every two individuals
assist in the increased treatment of computer security attack
are deceived by a phishing scam while working at home [3].
incidents through the categorization of the mitigation tools
Moreover, in most cases, an attack spreads from an infected
we have done. Surely, COVID-19 has played an important
user to other employees in their organizations and half of
role in the increasing activity of malware since attackers can
them have been affected by ransomware within the past 12
find a wider field to act on. As a major part of our work
months [7].
revolves around presenting a multitude of products and
In this research, we will introduce a mitigation analysis
tools regarding vulnerability scanning, monitoring and
of obtainable tools, which will support technical security
logging, and AV Software, it was imperative to draw in-
policies. Related work is presented in section “Related
formation from the most immediate source available. Thus,
Work.” The main contribution of our paper is in section
we extracted information from product websites and
“Mitigation Tools Analysis and Classification” where tools
technical documents.
are analyzed and classified in several ways. We are going to
Τhe work we have done can help organizations and
present an inventory of automated mitigation tools like
companies effectively and efficiently protect their assets. It is
vulnerability scanners, monitoring and logging tools, and
critical for an organization to have a fast and effective means
antivirus software. There will be a quick outline for each tool
of responding, whenever any kind of computer security
and table, which will provide useful information such as
attack occurs on it or an intrusion is recognized [15]. For
strong and weak points, cost, and scalability. Finally, section
example, our classification can be a tool for Computer Se-
“Conclusions” concludes with the analysis of the classifi-
curity Incident Response Teams (CSIRTs). ENISA [16]
cation results.
points out how important the role of CSIRT is in dealing
with security breach incidents at a national and international
2. Related Work level. As we know the goal of the CSIRT [15]—when an
incident occurs—is to control and minimize any damage,
In an attempt to cope with the exponential rise in cyber
preserve evidence, provide quick and efficient recovery,
threats, due to COVID-19, we are motivated to contribute
prevent similar events in the future, and acquire knowledge
to the research regarding cyberattack mitigation tools. Snell
of threats against the organization.
[8] cites utilities from specific security vendors that seek out
The results and findings of mitigation tools can help
unauthorized activity but allow safe transmissions onto the
significantly in dealing with similar incidents in the future.
network. As described by Alzahrani et al. [9], security tools
CSIRTs concentrate on the coordination of incident han-
are used to scan for these widespread vulnerabilities in web
dling, thereby eliminating duplication of effort. Their focus is
applications. Moreover, their paper evaluates them based
to mitigate the potentially serious effects of a severe com-
on security vulnerabilities and gives recommendations to
puter security-related problem. To achieve this goal, they
the web applications’ users and administrators aiming to
concentrate their efforts on the capability to react to inci-
educate them. The objective of Bekavac and Garbin
dents and the resources to alert and inform its constituency,
Praničević [10] is to compare and analyze the impact of web
as well [17].
analytics tools for measuring the performance of a business
A best-case scenario is vulnerabilities scanner results to
model. A summary of web analytics and metrics tools is
be shared between CSIRT for improved threat intelligence.
also given, including their main characteristics, function-
Businesses need to support their computer security capa-
alities, and available types. Turuvekere and Pandit [11]
bilities before they suffer from serious computer security
focus on various attacks that are possible on a web ap-
problems that can harm their mission, result in significant
plication and compare various penetration testing tools.
expense, and tarnish their image [17]. The wide range of
Naga Sudheer et al. [12] discuss the features of automated
tools we suggest in our research can help significantly in this
and manual testing as well as analyzing three automated
type of group. A CSIRT should also provide true business
software testing tools: Selenium, UFT/QTP, and Watir.
intelligence to its parent organization by virtue of the fol-
This work highlights the differences between automated
lowing [18]:
and manual testing. The aim of Kaur and Kumari [13]
research paper is to evaluate three software testing tools to Information collected regarding various current and
determine their usability and effectiveness. Kołtun and potential threats and attacks which threaten the
Pańczyk [14] help users choose the right tool, by comparing enterprise
Security and Communication Networks 3
Delivery
Attacks against Fraudulent domains: SMS Attacks
Email Fake testing
the Teleworking Corona-virus-map.com phishing against health
phishing apps
infrastructure Apps: COVID-19 Tracker organizations
Exploitation
RDP Brute Drive-by
Force compromise
Backdoor & Trickbot
Installation
persistence Trojan
Lokikbot AZORult Info Ransomware Samas,
Trojan Stealer GradCrab
on Objectives
Actions
Data Theft Financial Fraud Password Personal Ransom Disturbance
Stealer Information theft
Figure 1: Threat landscape mapping during COVID-19 [6].
Knowledge of general intruder attacks, trends, and Analysis and classification of mitigation tools that are
corresponding mitigation strategies presented in this paper can improve threat intelligence. We
Infrastructure and policy weakness and strength mention the following benefits [22]:
comprehension: this information is based on incident Valuable insight and context: providing details on
postmortems which risks are most likely to damage a company or
The CSIRT Network [19] provides a forum where industry, as well as indicators to help prevent and
members can cooperate, exchange information, and build identify future attacks
trust. Members are able to discuss how to respond in a Improved incident response times: prioritizing alerts
coordinated manner to specific incidents and how to handle allows an organization to respond faster to real threats
cross-border incidents. Computer security incidents require and reduces the likelihood of significant consequences
fast and effective responses from the organizations con- from a breach
cerned. CSIRT are responsible for receiving and reviewing
Improved communication, planning, and investment:
incident reports and responding to them appropriately [20].
security teams can communicate real risks to the business
Monitoring and logging tools that have been analyzed in our
and focus on defending high-risk targets from genuine
survey can actually help in this direction. Additionally,
threats by investing in and preparing more security
threat intelligence gives organizations an edge to stay one
step ahead of attackers but the threat intelligence must be To create threat intelligence customized to information
relevant and coupled with the right context [21]. systems, CSIRTs need to collect data internally. External
4 Security and Communication Networks
sources should be monitored for threat data related to any attack types (XSS, SQLi, etc.) and the user can have
components or tools used. Tools can be utilized, which can access into a vulnerability to get more information.
automatically return relevant information that can provide (3) Apptrana: by providing services such as Applica-
additional context for your analyses [23]. Therefore, it is tion Vulnerability Scanning, Web Application
important to choose appropriate tools that will assist in the Firewall (WAF), and DDos Protection, AppTrana
successful treatment of attacks. [28] addresses the shortcomings in existing cloud
Figure 2 [24] shows an indicative workflow of an inci- security solutions. It offers comprehensive pro-
dent management team. CSIRT should follow the steps while tection using only technology-based cookie cutter
having the correct information. Our paper offers the solutions.
guidelines through analysis and classification to choose the
(4) Arachni: it [29] aims towards helping penetration
proper tools for doing this procedure.
testers and administrators evaluate the web appli-
cation. It is a tool that supports all major operating
2.2. Mitigation Tools Analysis and Classification. In this systems (MS Windows, Mac OS X, and Linux), and
section, we present the main contribution of our paper, due to its integrated browser environment, it can
where mitigation tools are analyzed and classified in several support highly complicated web applications that
ways. We aim to facilitate stakeholders to understand which make heavy use of technologies, such as JavaScript,
tools better fit their needs. In section “Vulnerability Scanners HTML5, DOM manipulation, Ruby library, and
Analysis,” we analyze 25 vulnerability scanners, while in AJAX.
section “Classification of Vulnerability Scanners,” we classify (5) Burp Suite: it [30] tests Web application security.
them based on 10 specific criteria. In sections “Monitoring The tool has three editions: A Community Edition
and Logging Tools Analysis” and “Classification of Moni- free of charge but with limited functionality, a
toring and Logging Tools,” we analyze and categorize 25 Professional Edition and an Enterprise Edition that
monitoring and logging tools based on 8 criteria. In section can be both purchased after a trial period. It is
“Antivirus Software Classification,” we classify 14 antivirus designed to provide a comprehensive solution for
software tools according to 9 criteria. Additionally, we web application security checks. Besides the basic
implement three decisions trees for each category of tools we functionality, the tool has more advanced options
examined. The purpose of this paper is to give a roadmap for such as a repeater, a spider, a decoder, a comparer,
stakeholders (CSIRT, CISO, IT professionals, simple users, an extender and a sequencer. It is written in Java
etc.), choosing the appropriate tool. and developed by PortSwigger Web Security. A
mobile application is also available that contains
similar tools compatible with iOS 8 and above.
2.3. Vulnerability Scanners Analysis. A vulnerability scanner
[25] is a program designed to assess computers, networks, or (6) Contrast: Contrast Security [31] is an updated se-
applications for better-known flaws. They are used for curity tool that has embedded code analysis and
vulnerability identification and detection arising from attack prevention directly into software. It protects
misconfigurations or imperfect programming of a network- web applications against cyberattacks. There are
based quality. Their function is similar to a firewall, router, sensors that work actively inside applications to
web or application server, and so on. Modern vulnerability uncover vulnerabilities, while at the same time
scanners provide authenticated and unauthenticated scans. prevent data breaches. Contrast Protect also avoids
They also usually have the ability to customize vulnerability diagnosing false positives that waste valuable time
reports as well as the installed software, open ports, cer- for security teams.
tificates, and other host data which will be queried as a part (7) Detectify: it [32] accomplishes automated security
of their workflow. A number of them are briefly presented as tests on databases, web applications and scans assets
follows: for vulnerabilities, including OWASP Top 10 and
(1) Acunetix: it [26] is an automated security testing DNS misconfigurations. There is a contribution of
tool that checks for web application vulnerabilities over 150 chosen ethical hackers’ security findings
such as SQL Injection and Cross-site scripting. It which are built into Detectify scanner as automated
scans websites or web applications accessible via a tests. At this point it should be emphasized that
web browser and uses the HTTP/HTTPS protocol. their submissions go beyond the known CVE li-
Moreover, it is a tool that customizes web appli- braries and this is something special for modern
cations including those utilizing JavaScript, AJAX, application security.
and Web 2.0 web applications and can find almost (8) Digifort Detect: it [33] is a three-in-one product
any file. tool. It discovers attack attempts and gives in-
(2) AppSpider: it [27] offers interactive reports that formation about the time, the attacker’s identity
prioritize the highest risk and streamline remedi- and the extent of the attack. It gathers application
ation efforts, with links for deeper analysis. Thus, errors and detects security vulnerabilities an at-
users are enabled to quickly get to and analyze the tacker could use to gain access to confidential
most important data. Findings are organized by information.
Security and Communication Networks 5
Incident Management Workflow
Escalation
Incident (level one, two,
Identification Categorization Response or three support) Closure
Logging Prioritization Diagnosis Resolution
(low, medium, And Recovery
or high-priority)
Figure 2: A generic incident management workflow [24].
(9) GamaScan: it [34] is a remote online web vulner- (13) NetSparker: it [38] uniquely identifies vulnerabil-
ability assessment service delivered via SaaS. The ities such as SQL Injection and Cross-site scripting
GamaSec Application Vulnerability Scanner detects in web applications and web API, proving they are
not only web application weaknesses but also ap- real and not false positives, once a scan is finished. It
plication vulnerabilities such as Cross-site scripting is Windows software and has an online service.
(XSS), SQL Injection, and Code Inclusion. In ad- (14) Nexpose: its [39] vulnerability scanner performs
dition to its graphical and intuitive HTML reports, various network checks for vulnerabilities. Nexpose
it ranks threat priority and indicates site security monitors real-time vulnerabilities and acquaints
posture by vulnerabilities and threat exposure as itself to new hazards with fresh data. In addition, it
well. fixes the issue based on its priority. Furthermore,
(10) ImmuniWeb: it [35], from Swiss firm High-Tech Nexpose scans new devices and assesses vulnera-
Bridge, is based on machine learning and artificial bilities when they access the network.
intelligence automation. For that reason, it has the (15) Nikto: it [40] is used to assess probable issues and
ability to adapt to new and trending threats. It vulnerabilities. It carries out wide-ranging tests on
identifies the most sophisticated defects in web web servers to scan various items such as hazardous
applications and webpages. Besides, it is claimed to programs or files. It can scan multiple ports in one
detect twice as many vulnerabilities than any au- sever. Moreover, Nikto verifies the server versions
tomated solution would. A contractual SLA for whether they are outdated and checks for any
ImmuniWeb provided by High-Tech Bridge specific problem that affects the server’s function-
guarantees zero false positives to customers. ing. It scans protocols such as HTTP, HTTPS, and
(11) N-Stalker: it [36] is a WebApp Security Scanner that HTTPd.
searches for vulnerabilities, like SQL Injection, XSS, (16) OpenVas: it [41] serves as a central service that
and other known attacks in web servers and web provides tools for both vulnerabilities scanning and
application security. vulnerability management. Its services are free of
cost. It supports various operating systems and is
(12) Nessus: it [37] is a proprietary vulnerability scan-
licensed under GNU General Public License (GPL).
ner. It scans a wide range of technologies such as
It is updated with the Network Vulnerability Tests,
operating systems, databases, network devices, web
on a regular basis.
servers, hypervisors, and critical infrastructure.
Tenable Research designs programs which are (17) Tripwire IP360: Tripwire IP360 [42] tool is devel-
called plugins to detect new vulnerabilities and are oped by Tripwire Inc. The tool can easily spot
written in the Nessus Attack Scripting Language network hosts, network configurations, applica-
(NASL). Each plugin conveys vulnerability infor- tions, and vulnerabilities. It also uses open stan-
mation and a set of remediation actions and tests dards to facilitate the risk management integration
for the presence of the security issue. Each week and vulnerability into multiple business processes.
new plugins are published by Tenable, Inc., and new (18) Retina CS: it [43] performs automated vulnerability
ones are released within 24 hours of vulnerability scans for workstations, web servers, web applica-
disclosure. In addition, this scanner haws the ability tions, and databases providing an assessment of
to support configuration and compliance audits, cross-platform vulnerability and featuring config-
SCADA audits, and PCI compliance. uration compliance, patching, compliance
6 Security and Communication Networks
reporting, and so forth. In addition, it supports scanning is done through MBSA, it presents the
virtual environments such as virtual app scanning user with suggestions regarding fixing the vulner-
and vCenter integration. abilities. It also investigates computers for any
(19) Qualys: it [44] enables organizations to achieve missing updates, misconfiguration, any security
both vulnerability management and policy com- patches, and so forth.
pliance initiatives cohesively. Built on top of Qualys
Infrastructure and Core Services, the Qualys Clod 2.4. Classification of Vulnerability Scanners. In this section,
Suite incorporates a number of applications, all of firstly vulnerability scanners are classified (Table 1). The
which are delivered via the Cloud: Asset view, tools are classified according to the following criteria: (i)
vulnerability management, continuous monitoring, strengths, (ii) weaknesses, (iii) free trial, (iv) cost/price, (v)
web application scanning, malware detection, scalability, (vi) technical support, (vii) vulnerability assess-
policy compliance, and so forth. ment, (viii) reports and analytics, (ix) ease of use, GUI
(20) Probely: it [45] scans web applications to find offered, and (x) compatibility. The next part of the section
vulnerabilities and security issues providing guid- includes the proposed decision tree.
ance on how to fix them. Probely performs auto- Results showed that the majority of vulnerability scan-
mated security testing by integrating into ners that we examined are easy to use and offer technical
Continuous Integration pipelines, following an support, scalability, vulnerability assessment, reports, and
API-First development approach, providing all analytics. Windows is the main operating system they
features through an API. This tool covers thousands support, although an adequate number of them can support
of vulnerabilities including OWASP TOP10. It is most platforms. In addition, users can find free trial editions
also used to check specific PCI-DSS, ISO27001, in every tool we tested, whereas only Arachni, Nikto,
HIPAA, and GDPR requirements. OpenVas, Retina CS, and Secunia, MBSA are open-source
(21) Intruder: it [46] is used for scanning as soon as new tools. The corresponding decision tree is depicted in
vulnerabilities are released. Integrations with Slack Figure 3.
and Jira help notify development teams when newly
discovered issues need fixing, and AWS integration 3. Monitoring and Logging Tools Analysis
means IP addresses need to be synchronized to
Monitoring and logging tools are types of software that
scan. It makes vulnerability management easier for
oversee activity and generates log files accordingly. Log files
small teams and for that reason it is popular among
can be created by servers, application, network, and security
startups and medium-sized businesses.
devices. Errors, problems, and other data are continually
(22) Secunia Personal Software Inspector: it [47] is logged and saved for analysis. In order to detect issues
mainly used to keep all the applications and pro- mechanically, system administrators, and operations, set up
grams updated and notifies users when an insecure monitors on the generated logs. The log monitors scan the
program in a PC is being identified. It also solves log files and explore for identified text patterns and rules that
security vulnerabilities. indicate necessary events. Once an event is detected, the
(23) SolarWinds Network Configuration Manager: it monitoring system can send an alert, either to a specified
[48] offers a vulnerability assessment feature, which individual or to a different software/hardware system.
claims to fix vulnerabilities using automation, as Monitoring logs facilitate to spot security events that oc-
part of its Network Configuration Manager prod- curred or may occur. A number of them will be presented as
uct. The software’s built-in configuration manager follows:
enables users to monitor configuration changes, so (1) Solarwinds Network Performance Monitor (NPM):
as to prevent vulnerabilities. Moreover, after Solarwinds [51] is a Windows-based tool, even
detecting any violations to the system, it runs au- though it can monitor lots of devices. A web in-
tomatic remediation scripts. Using this tool, users terface provides information about the devices
are also enabled to set continuous audit of routers being monitored and helps do the configuration.
and switches to monitor for compliance. Alerting and reporting are some of its features as
(24) Comodos Hackerproof: it [49] tests website secu- well. Regarding general infrastructure monitoring,
rity, by providing the daily vulnerability scanning, Solarwinds NPM fulfills that role in the Solarwinds
to ensure that no security hole exists. It has PCI Orion suite of tools since it provides information
scanning included and supplies a visual indicator to like availability, health status (temperature, power
ensure safe transactions by the visitors. supply, etc.), and performance indicators (e.g.,
(25) Microsoft Baseline Security Analyzer (MBSA): it is interface utilization).
[50] a free tool of Microsoft designed to secure a (2) Solarwinds Server and Application Monitor:
Windows computer based on the specifications and Solarwinds SAM [52] provides deep insight into
guidelines set by Microsoft. It is usually used by servers and applications. The tool comes with
small-sized and medium-sized organizations for monitoring templates, customized to monitor
managing the security of their networks. Once the custom applications, so as to help get setup quickly.
Table 1: Vulnerability scanners presentation.
Ease of
Reports
Free Technical Vulnerability use,
No. Tool name Strengths Weaknesses Cost/price Scalability and Compatibility
trial support assessment GUI
analytics
offered
Ease of use features and Lack of AD support and
functionalities, quick setup static review process, does
1 Acunetix with a wide range of test, not allow web servers audit, Yes From 3.685€ Yes Yes Yes Yes Yes Windows
network, and web scan may be slow when run
vulnerability scan over the internet
Great job on scanning single
The UI could be better,
page apps as well as APIs, no
2 AppSpider maybe needs slightly better Yes By request Yes Yes Yes Yes Yes Windows
scan errors due to process
dashboards
Security and Communication Networks
failure
From 99$/
3 AppTrana Quick, reliable, affordable Yes Yes Yes Yes Yes Yes SaaS
month
Most
Free (open-
4 Arachni Ease of use, free Yes Yes Yes Yes platforms
source)
supported
Inspection/altering of HTTP
requests/responses, Most
Difficult setup for proxies, From 349€/
5 Burp Suite comprehensive scans, works Yes Yes Yes Yes Yes Yes platforms
it uses tabs everywhere user/year
great on private network supported
without Internet connection
Currently supported
Easy to run scans, fast security technologies are Java,
results, provides security Python, and .Net, missing SaaS or on-
6 Contrast Yes By request Yes Yes Yes Yes Yes
dashboard with real-time web layer vulnerabilities premises
metrics detection, e.g., detection of
TLS vulnerabilities
Fully automated testing, easy Does not detect business From 40€/
7 Detectify Yes Yes Yes Yes Yes Yes SaaS
to use, extremely detailed logical flaws user/month
Also discovers
8 Digifort Inspect misconfigurations, Yes By request Yes Yes Yes Yes Yes SaaS
lightweight, friendly
24/7 support, good
9 GamaScan Only Windows-based Yes By request Yes Yes Yes Yes Yes Windows
dashboard, ease of use
Does not consider business
Clear instructions for fixing or website elements in
1000$/
10 ImmuniWeb issues, straightforward and context, does not perform Yes Yes Yes Yes Yes Yes SaaS
month
easy to use, affordable advanced pen tests or brute
force tests
7
8
Table 1: Continued.
Ease of
Reports
Free Technical Vulnerability use,
No. Tool name Strengths Weaknesses Cost/price Scalability and Compatibility
trial support assessment GUI
analytics
offered
Good support, pinpoint web
11 N-Stalker Only windows-based Yes By request Yes Yes Yes Yes Yes Windows
application security scanner
Easy to configure, good Nonresponsive UI, the
12 Nessus vulnerabilities database, good update of plugins takes Yes By request Yes Yes Yes Yes Yes Windows
reports some time
Ease of use, great scanning
From
and crawling for large and Only Windows-based
4.995$/year
13 NetSparker complex singe page web apps, vulnerability handling is Yes Yes Yes Yes Yes Yes Windows
(standard
accurate findings and still a bit cumbersome
edition)
coverage
Intuitive, end point agent
Expensive, not so good From 22$/ Windows/
14 Nexpose deployment and management Yes Yes Yes Yes Yes Yes
filtering capabilities asset Linux
are easy, ease of use
Does not find all Free (open-
15 Nikto Free, ease of use Yes No Yes Yes Unix/Linux
vulnerabilities source)
Long time to load, not Most
Free (open-
16 OpenVas Free, user-friendly, ease of use dependable as database Yes Yes Yes Yes platforms
source)
fails often supported
The ability to automate a
Most
Great scalability, many lot of IT regulatory stuff is
17 Tripwire IP360 Yes By request Yes Yes Yes Yes Yes platforms
support options done well but is complex to
supported
setup
Provides evaluation on the
Sometimes the software Free (open-
18 Retina CS vulnerabilities found, deep Yes Yes Yes Windows
gets stuck and runs slow source)
analysis on networks
Scanning areas monitored
Easy installation, lots of by Qualys may take long, Windows/
19 Qualys Yes By request Yes Yes Yes Yes Yes
documentation, free training not well suited for modern Linux
technologies
From 69€/
Full details on scan results,
20 Probely Limited functionality Yes month (Pro Yes Yes Yes Yes Yes SaaS
flexible GUI, API-driven
license)
From 145€/ Most
Excellent support, proactive
21 Intruder Yes month (Pro Yes Yes Yes Yes Yes platforms
scans, ease of use
license) supported
Security and Communication Networks
Table 1: Continued.
Ease of
Reports
Security and Communication Networks
Free Technical Vulnerability use,
No. Tool name Strengths Weaknesses Cost/price Scalability and Compatibility
trial support assessment GUI
analytics
offered
Takes a long time to scan
Secunia Personal Simple interface, ease of use, for outdated programs,
Free (open-
22 Software used for updating insecure cannot modify the Yes Yes Yes Windows
source)
Inspector applications scanning schedule, often
slow at scanning
SolarWinds
Most
Network Lightweight, easy to
23 Expensive Yes From 2440€ Yes Yes Yes Yes Yes platforms
Configuration configure, online training
supported
Manager
Most
Comodo’s Daily vulnerability scanning, From 499€/
24 Yes Yes Yes Yes Yes Yes platforms
Hackerproof ease of use year
supported
Microsoft
Ease of use, free, good Does not offer in-depth Free (open-
25 Baseline Security Yes Yes Yes Yes Windows
auditing tool security source)
Analyzer (MBSA)
9
10 Security and Communication Networks
Vulnerability Scanners
Open source Budget By request
Arachni, Nikto, OpenVas, RetinaCS, AppTrana, Detectify, ImmuniWeb,
Secunia Personal Software Inspector, Probely, Acunetix, N-Stalker, NetSparker, AppSpider, Contrast, Digifort
Microsoft Baseline Security Analyzer Burp Suite, Nexpose, Intruder, SolarWinds Inspect, GamaScan, N-Stalker,
(MBSA) Network, Configuration Manager, Nessus, Tripwire IP360, Qualys
Comodo’s Hackerproof
Windows based Most platforms
supported SaaS Windows based Most platforms SaaS Windows based Most platforms
supported supported
Retina CS
Secunia Burp Suite
Personal Arachni AppTrana Acunetix Nexpose
Software Detectify N-Stalker Intruder AppSpider Tripwire IP360
OpenVas
Inspector ImmuniWeb NetSparker SolarWinds Contrast GamaScan Qualys
Microsoft Probely Network Digifort Inspect Nessus
Baseline Configuration
Security Manager
Analyzer Comodo’s
(MBSA) Scalability- Scalability- Hackerproof Scalability-
Technical Technical Scalability- Scalability- Technical
Vulnerability support- Technical Technical
support- support-
assessment- Vulnerability support- support-
Vulnerability Scalability-Technical Vulnerability
Vulnerability Reports- assessment- Vulnerability Vulnerability
assessment- support- assessment-
assessment- GUI offered Reports- assessment- assessment-
Reports- Vulnerability assessment- Reports-
Reports- GUI offered GUI offered Reports- Reports- Reports- GUI offered
GUI offered GUI offered GUI offered GUI offered
Burp Suite, Nexpose,
AppTrana Intruder, SolarWinds
Microsoft Acunetix
Arachni Detectify Network Contrast AppSpider Tripwire IP360
Baseline N-Stalker
OpenVas ImmuniWeb Configuration Digifort Inspect GamaScan Qualys
Security NetSparke
Probely Manager, Comodo’s Nessus
Analyzer
(MBSA) Hackerproof
Figure 3: Vulnerability scanners decision tree.
(3) PRTG Network Monitor: this monitoring tool is having an easy-to-use responsive web interface. It
considered to be simple to set up and easy to use. can be installed on either Windows or Linux OS
PRTG [53] covers the whole monitoring spectrum, and offers several features like server monitoring,
like network, bandwidth, server, and application network mapping, monitoring templates, alerting
monitoring in an all-in-one solution including, (SMS, e-mail), reporting network configuration
such as alerting (SMS, e-mail, Push notifications management, and network traffic analysis. Most of
through mobile apps, etc.), robust reporting, and an these features are included in the base installation,
intuitive web interface. It uses and relies on whereas some require a separate license purchase.
agentless monitoring. PRTG can be used to monitor (7) Wireshark: it [57] is a widely used network pro-
several types of devices including Linux, Windows, tocol analyzer. Some of this multiplatform run tool
Cisco, HP, and VMware; however, it can only be features perform live capture and offline analysis,
installed on Windows OS. as well as VoIP analysis. They also offer decryption
(4) WhatsUp Gold: it [54] is an easy-to-use tool that support for many protocols. The output can be
provides several features including discovery,
configuration management, alerting, reporting, and
exported to XML, PostScript , CSV, or plain text.
Moreover, it compresses capture files with gzip
®
monitoring of virtual environments. Some of these and decompresses them on the spot. It is used
features are available in certain editions; WhatsUp mainly by many commercial and nonprofit en-
Gold provides four different editions: Basic, Pro, terprises, government agencies, and educational
Total, and Total Plus. Also, WhatsUp Gold can be institutions and it follows a project started by
installed only on Windows OS and may not be as Gerald Combs (1998).
customizable as Linux-based monitoring tools. (8) OP5 Monitor: it [58] is a network monitoring tool
(5) Nagios XI: it [55] is a Linux-based solution that is based partly on Nagios (Naemon). Some of its
flexible and powerful because the core can be ex- features include customizable dashboards, perfor-
tended with plugins. It comes in two types: Nagios mance monitoring, alerting, reporting, web-based
Core, which is free and open-source, and Nagios XI, configuration (unlike the default Nagios Core).
which is the paid enterprise edition. Nagios XI Moreover, it is built to scale having a license (Ent+)
simplifies and makes available (by default) many of that can monitor over 100 K devices.
the things lacking in Nagios Core. Some of the (9) Zabbix: it [59] is an all-in-one network monitoring
features available on Nagios XI include a much better solution. Although it supports agentless monitor-
web interface, auto discovery, graphs, alerting (SMS, ing, the Zabbix server gets monitoring information
e-mail), reporting, and configuration wizards. from the Zabbix agent (as a client-server model).
(6) ManageEngine OpManager: it [56] is a compre- Some of the features provided by Zabbix are per-
hensive IT infrastructure monitoring solution formance and application monitoring, web-basedSecurity and Communication Networks 11
configuration, auto discovery, alerting, and devices in a network so they can be monitored
reporting. proactively. The tool mitigates the issue having
(10) Icinga: it [60] is a network monitoring tool that interpreted problems first and initiates then an
comes in two versions: Icinga 1 and Icinga 2. Icinga automatic predefined action. Another feature is
provides features such as performance monitoring, that it permits remote control, remote support,
alerting, reporting, extensibility through plugins. remote access, even remote meetings, by extending
Icinga 1 resembles Nagios Core with added func- the ConnectWise suite. In addition, the “Patch
tionality such as a better web interface, support for Management” allows protection of all systems with
more databases, and easier plugin integration. It is simultaneous patching from a centralized
compatible with Nagios plugins. Icinga 2 is a re- manager.
write of Core and features a responsive web in- (16) Logic Monitor: it [66] is an automated SaaS
terface. However, it reduces configuration (Software-as-a-Service) IT performance monitoring
complexity and supports distributed monitoring. tool providing full visibility of the performance and
(11) LibreNMS: it [61] is a free open-source network health of a network and their improvement. It
monitoring tool and a fork of Observium. It pro- discovers IT infrastructure devices and monitors
vides features such as graphs, auto network dis- them proactively, by identifying incoming issues by
covery, alerting (SMS, e-mail, Slack, etc.), providing predictive alters and trend analysis. It
configuration through web interface or command- includes a customizable dashboard, alerts, and
line interface. It does not have a paid support, which reports.
is available through several channels like commu- (17) LogFusion: it [67] handles text-based log dumps,
nity forums, IRC, GitHub, and Twitter. event logs, remote logging, and even remote event
(12) Spiceworks: its [62] inventory originally started out channels. Free and licensed versions are much of
as a utility for scanning devices on the network and the same except for a couple of features such as
reporting information on what was running on customizable columns and tabbed interface.
them. It has a real-time alerting function and the
(18) Netwrix Event Log Manager: On the freeware
community has played a significant role to its
version, it [68] handles the basic needs such as real-
growth. Using Spiceworks Network Monitor, the
time email alerting of critical events, some limited
user views the status of various devices and services
amount of alert criteria filtering, and some ar-
and is alerted if particular values do not match the
chiving ability (limited to 1 month).
preset criteria.
(13) Snort: it [63] is an open-source network intrusion (19) Splunk: it [69] is a log management program which
detection system for Linux and Windows which encapsulates data from an entire range of devices
performs packet logging on IP networks and real- across a network. Its core functionality can be
time traffic analysis. This tool is composed of two expanded via add-ons and plugin apps. It can also
major components: a detection engine that utilizes work fully on-site, hybrid on-site/cloud, or fully in a
modular plugin architecture and a flexible rule cloud environment to ease remote management.
language to describe traffic to be collected. It can (20) Tripwire Log Center: it [70] identifies and responds
perform protocol analysis, content searching, and to threats as well as assuring that all devices and
can be used to detect a variety of attacks and probes, traffic meet proper compliance and that extensive
such as stealth port scans, CGI attacks, buffer backup and protection features are on top of log
overflows, OS fingerprinting attempts, and SMB management and analysis.
probes. (21) LogRhythm: it [71] is a program that gathers log
(14) Datadog: it [64] is a monitoring easy-to-install tool data from applications and databases from all
specially designed for hybrid cloud environments. sources. It is fully automated in a great deal of
It offers performance monitoring of network, tools, management aspect, though it is still able to be
apps, and services. It can also provide extensibility manually adjusted.
through many API (Application Programming (22) SumoLogic: it [72] is a cloud-based tool that does
Interfaces) with documentation, graphs, metrics, not restrict IT professionals to the operating en-
and alerts, which the software can adjust dynam- vironment or a particular system. One of its features
ically based on different conditions. Moreover, the is that forensics are run as separate threads which
software can be downloaded and installed by can help isolate resource use in cloud space.
agents, available for different platforms such as SumoLogic does segmentation, which offers the
Windows, Mac OS, Several Linux distributions, convenience to add and remove whatever is nec-
Docker, Chef, and Puppet. essary to have a customized solution for supporting
(15) ConnectWise Automate: [65] formerly known as your environment without wasting resources.
Labtech, it can keep track of IT infrastructure (23) EventTracker Log Manager: it [73] grabs all the
devices from a single location. It discovers all security, application, and error logs for analysis and12 Security and Communication Networks
encompasses Linux, Unix, Syslog, and Windows for as long as possible. Installing antivirus software is often
logs. It offers intuitive graphs and charts and a the foremost way for a user to secure his computer [80].
powerful visual front end. According to the information mentioned above, it is vital
(24) Correlog: it [74] focuses on the real-time man- to install antivirus software. Below, there is helpful data
agement aspect. The software evaluates every bit of regarding each antivirus software, which are classified using
event information bringing to attention things of the following nine criteria: (i) strengths, (ii) weaknesses, (iii)
concern. It combines a centralized control interface price, (iv) on-demand malware scan, (v) on-access malware
for managing and collecting data as well. scan, (vi) website rating, (vii) malicious URL blocking, (viii)
phishing protection, and (ix) behavior-based detection and
(25) ELK Stack: ELK stands for three open-source
the results are listed in Table 3. At the end, we present the
projects: Elasticsearch, Logstash, and Kibana.
decision tree for this category of tools.
Elasticsearch is a search and analytics engine.
It appears that only a few antivirus software tools are
Logstash is a server-side data processing pipeline
totally free of cost and these tools are Bitdefender Free
that collects data from multiple sources at the same
Edition, Avast, Avira, and Sophos. We can also distinguish
time, transforms it, and then sends it to Elas-
that the examined antivirus tools that meet all criteria we
ticsearch. Kibana helps users to visualize data with
posed are McAfee, Symantec Norton, Webroot Secure-
charts and graphs in Elasticsearch [75]. Lately, the
Anywhere, Kaspersky, Trend Micro, and Bitdefender An-
addition of Beats turned the stack into a four-legged
tivirus Plus. Figure 5 depicts the decision tree.
project. These different components are used to-
gether for monitoring, troubleshooting, and se-
curing IT environments (though there are many 3.3. The COVID-19 Era and Factor. In March 2020, the
more use cases for the ELK Stack, such as business coronavirus was pronounced by WHO as a global pandemic.
intelligence and web analytics) [76]. For many Until today (July 2021), the COVID-19 crisis has made
organizations, the ELK Stack is an open-source prevention an urgent need and the lessons that humanity has
alternative to other SIEM (security information and learned are, hopefully, enough to highlight the serious role of
event management) systems [77]. A CSIRT can IT security and privacy. The dramatic experience of COVID-
benefit from ELK stack because of the combination 19 in several countries, e.g., Brazil, India, Italy, Spain, and
of tools that it uses. Also, ELK stack can be used for USA, to name a few, has outlined the importance of effective
vulnerability management [78]. cybersecurity due to numerous successful cyberattacks.
There is no surprise that, during the pandemic, more so-
phisticated intrusion methods were detected and reported.
3.1. Classification of Monitoring and Logging Tools. In Ta- Organizations must take additional steps to achieve
ble 2, the examined tools have been classified based on the security requirements by implementing stronger defenses
following parameters: (i) strengths, (ii) weaknesses, (iii) free and better practices. This entails applying a collection of
trial available, (iv) cost/price, (v) scalability, (vi) technical security solutions to prevent any attraction from threat
support, (vii) reports and analytics, and (viii) ease of use, factors, as noticed during the COVID-19 pandemic and the
GUI offered. At the end of this section, we present the crisis that followed. Sophisticated and highly organized
corresponding decision tree. cybercriminals target organizations showing every day how
From the monitoring and logging tools we examined, all vulnerable the systems are. For example, health organiza-
have free trial versions and the vast majority of them are easy tions have become a prime target because advanced per-
to use and offer scalability, technical support, report, and sistent threats (APT) try to obtain information for domestic
analytics. Moreover, many of them like Zabbix, LibreNMS, research into COVID-19-related medicine [94]. Addition-
Spiceworks, Snort, Netwrix Event Log Manager, and Splunk ally, attackers take advantage of collective fear to perform
are open-source network systems. The decision tree is phishing campaigns using coronavirus as a trap [95]. Threat
depicted in Figure 4. actors like hackers and state-backed attackers have been
using an APT technique to gain a foothold on victim ma-
chines and launch several types of malware attacks. In 2020,
3.2. Antivirus Software Classification. Commonly, malicious e-mail phishing attacks were more than 600% since the end
software is blocked by antivirus materials through the of February 2020 [96]. And the situation keeps getting more
identification of code signatures distinctive to different kinds difficult, so there is a need of keeping one step ahead from all
of malware. Once the applications encounter a file with a these intruders.
code string that matches one in their database for an already As there is no one-size-fits-all security solution, it is not
known virus, they block its access to the intended victim’s feasible to address every cybersecurity challenge with a
computer [79]. single method/technology/solution because every partic-
In the fight between attackers and security researchers, ular system faces different threats, different vulnerabilities,
the former endeavor is to break any defense mechanism by and different risk tolerances. No matter how much we
masquerading, social engineering, or by impeding antivirus shield a system, human errors and weaknesses will always
software from detecting, so that they can settle on as many be a threat. Unpredictable situations, such as the COVID-
computers as possible and their malware can lay in the hosts 19 crisis, will create new challenges. There is an urgent needSecurity and Communication Networks 13
Table 2: Monitoring and logging tools presentation.
Ease of
Reports
Free trial Technical use,
Νo. Tool name Strengths Weaknesses Cost/price Scalability and
available support GUI
analytics
offered
Easy to implement
Solarwinds
and customize, free Expensive, there are
Network
1 fully functional some user interface Yes From 2440€ Yes Yes Yes Yes
Performance
demo, ease of issues
Monitor (NPM)
scalability
Extensive and
customizable
Solarwinds platform, workflow
Expensive, outdated
Server and that allows
2 GUI, complex Yes From 2440€ Yes Yes Yes Yes
Application monitoring
architecture
Monitor resources, can be
integrated with open-
source clients
Very good structure
and overview of your From 1200€
PRTG Network Runs only on
3 devices, ease of use Yes (PRTG500 Yes Yes Yes Yes
Monitor windows
and installation, very license)
flexible
Everything must be
Device cards is a nice installed on-
addition, easy premises, device
4 WhatsUp Gold Yes By request Yes Yes Yes Yes
creation of roles and discovery
dashboard, easy GUI could use some
work
Complete solution
Advanced reporting
for any type of server,
should have some
user interface is easy
bulk server options, From 1995$
to understand and
5 Nagios XI interface becomes Yes (standard Yes Yes Yes Yes
simple to customize,
slow when it goes to edition)
configuration
many clients in the
wizards simplify the
system
setup process
3D visualization of Everything must be
the server, installed on-
ManageEngine customizable and premises, cloud
6 Yes By request Yes Yes Yes Yes
OpManager friendly user management
interface, ability to requires a different
map the workflow product
Lightweight software,
GUI should be
free, filter function,
better, might be Free (open-
7 Wireshark simultaneous Yes No Yes Yes
confusing for new source)
capturing on all the
users
network adapters
Needs work in GUI
to become more
Great support team,
user friendly, would
fast and reliable with
8 OP5 Monitor work towards better Yes By request Yes Yes Yes
remote collectors and
automated tools to
load sharing
handle network
devices
Zabbix notification
Free, stores data in
and per-user view
JSON format so other Free (open- Yes (not
9 Zabbix need to be Yes Yes Yes
application can also source) free)
enhanced, requires
use it, friendly GUI
lots of resources14 Security and Communication Networks
Table 2: Continued.
Ease of
Reports
Free trial Technical use,
Νo. Tool name Strengths Weaknesses Cost/price Scalability and
available support GUI
analytics
offered
Can monitor almost
Setup can be tricky,
everything, good
10 Icinga not so good Yes By request Yes Yes Yes Yes
community forums
technical support
for support
Helpful community, Free (open-
11 LibreNMS High memory usage Yes Yes Yes Yes Yes
free, great GUI source)
Free, extensible with
other (not free)
The program is
12 Spiceworks products, good basic Yes Free Yes Yes Yes Yes
outdated
monitoring, easy to
use and understand
Good feedback, free, Requires significant
network packets are configuration and
13 Snort saved in log file either domain knowledge Yes Free Yes Yes Yes Yes
displayed in the to set up, sometimes
console gives false positives
Agent installation
Heavy learning
can be automated,
curve to several key
advanced graph Up to 31$/
14 Datadog features, not Yes Yes Yes Yes Yes
functionality, high month
available as on-
level of
premises solution
customization
Ability to automate
agent installation and
Some functionality
manage system and
requires plug-ins,
vendor patch
URL changes, on-
ConnectWise deployment, ability
15 premises Yes By request Yes Yes Yes Yes
Automate to offer self-service
installation
options to users,
requirements,
allows multiple
complex to set up
vendors to integrate
with it
High volume of
Agentless,
information and
comprehensive, and
multiple
secure systems
customization
monitor service,
options make it
16 Logic Monitor excellent online help Yes By request Yes Yes Yes Yes
complex, steep
and technical
learning curve for
support, great
those not familiar
workflow
with monitoring
management features
tools and services
Lightweight, handles Inadequate From 15$/
17 LogFusion Yes Yes Yes Yes Yes
most of log files customer support machine
Free, all event log
Netwrix Event Free (open-
18 data in a single view, Yes Yes Yes Yes Yes
Log Manager source)
ensures compliance
Not free for more
Free, no development
than the minimal
work required to Free (open-
19 Splunk use, complex until Yes Yes Yes Yes Yes
deploy, segmentation source)
one gains
of logs
experience with it
Very good
Tripwire Log Reports can be more
20 monitoring, detailed Yes By request Yes Yes Yes Yes
Center user-friendly
reportsSecurity and Communication Networks 15
Table 2: Continued.
Ease of
Reports
Free trial Technical use,
Νo. Tool name Strengths Weaknesses Cost/price Scalability and
available support GUI
analytics
offered
Not so good back-
Excellent web
end technology,
console, configurable
21 LogRhythm time and effort to Yes By request Yes Yes Yes Yes
dashboards, quick
learn how to use it
searches
properly
Slow search for
Good functions, log
older information,
ingestion from
poor account From 90$/
22 SumoLogic essential any source, Yes Yes Yes Yes Yes
management, some month
flexible search and
inadequate UI
reporting
decisions
Extremely powerful
search, very good
EventTracker support team, easy to Search can be
23 Yes By request Yes Yes Yes Yes
Log Manager deploy agent complex
collectors and
generate reports
Easy deployment, Not so good
24 Correlog Yes By request Yes Yes Yes Yes
good reporting documentation
Free to get started,
Complex
multiple hosting
management
options, real-time
requirements, Open-
25 ELK Stack data analysis and Yes Yes Yes Yes Yes
stability and uptime source
visualization,
issues, data
centralized logging
retention tradeoffs
capabilities
Monitoring and Logging Tools
Open source Budget By request
Solarwinds Network
Performance Monitor WhatsUp Gold
Wireshark
(NPM) ManageEngine OpManager
Zabbix
Solarwinds Server and OP5 Monitor
LibreNMS
Application Monitor Icinga
Spiceworks
PRTG Network Monitor ConnectWise Automate
Snort
Nagios XI Logic Monitor
Netwrix Event Log Manager
Datadog Tripwire Log Center
Splunk
LogFusion LogRhythm
ELK Stack
SumoLogic EventTracker Log Manager
Correlog
Scalability- Scalability-
Scalability-
Technical Technical
Technical support-
support- support-
Reports-
Reports- Reports-
GUI offered
GUI offered GUI offered
Solarwinds Network Performance
Monitor (NPM) WhatsUp Gold
LibreNMS Solarwinds Server and Application Icinga
Spiceworks Monitor ConnectWise Automate
Snort PRTG Network Monitor Logic Monitor
Netwrix Event Log Manager Nagios XI Tripwire Log Center
Splunk Datadog LogRhythm
ELK Stack LogFusion EventTracker Log Manager
SumoLogic Correlog
Figure 4: Monitoring and logging tools decision tree.16 Security and Communication Networks
Table 3: Antivirus software presentation.
On- On-
Malicious Behavior-
demand access Website Phishing
No. Tool name Strengths Weaknesses Price URL based
malware malware rating protection
blocking detection
scan scan
Strong
Fewer
protection,
features in From
good scores in
McAfee AntiVirus iOS, PC boost 19.99$/
1 hands-on tests, Yes Yes Yes Yes Yes Yes
Plus [81] web speedup device
perfect score in
works only in (year)
antiphishing
Chrome
tests
Blocks even
brand-new Browser From
Symantec Norton malware, low extension 39.99$/
2 Yes Yes Yes Yes Yes Yes
AntiVirus Plus [82] impact on extras can be device
system unreliable (year)
resources
Extremely light From
Webroot No testing
on system 29.99$/
3 SecureAnywhere data from the Yes Yes Yes Yes Yes Yes
resources, device
AntiVirus [83] top labs
lightning fast (year)
Accurate, From
Can be
Bitdefender password 25.99$/
4 resource Yes Yes Yes Yes Yes Yes
Antivirus Plus [84] manager, cheap device
hungry
subscription (year)
One of the best
performing From
Kaspersky’s
Kaspersky security 39.95$/
5 full suites are Yes Yes Yes Yes Yes Yes
AntiVirus [85] packages, device
better value
supremely easy (year)
to use
Highly From
Relatively
ESET NOD32 configurable, 19€/
6 expensive, not Yes Yes No Yes Yes Yes
Antivirus [86] device access user
for beginners
control (year)
Might slow
Affordable
Trend Micro you down,
pricing, easy to
7 Antivirus + Security slightly Yes Yes Yes Yes Yes Yes
use, strong
[87] limiting
protection
options
Prevents
nonwhitelisted
Could
programs from
possibly From
launching
VoodooSoft whitelist 29.99$/
8 when PC is at No Yes No No No Yes
VoodooShield [88] malware device
risk, new
running prior (year)
machine-
to installation
learning tool
flags malware
Malware can
Exempt
act freely until
personal
eliminated by 19.95$/
folders from
9 The Kure [89] reboot, does device No No No No No No
being wiped,
not offer 24- (year)
live-chat tech
hour tech
support built in
support
From
F-Secure Antivirus User-friendly, Prone to false 29.99$/
10 Yes Yes No Yes No Yes
[90] good value positives device
(year)You can also read
