HECTOR is an open source initiative originally sponsored by the University of Pennsylvania School of Arts & Sciences (SAS). The HECTOR developers are deeply committed to increasing the security posture of every organization by sharing our security discoveries. We believe that a safer and more secure internet environment begins with informed security decisions and with sharing security knowledge with others. We are deeply grateful for all of the contributors to the software that lies at the heart of the HECTOR platform including other open source projects like NMAP, OSSEC, and more. How Does it Work?
HECTOR is a powerful, extensible, framework for security intelligence data gathering, analysis and sharing. HECTOR is based on a stable MySQL database back end with a PHP powered web accessible interface. HECTOR gathers security data from a number of sources including:
- darknet sensors
- Incident reports from your organization
- OSSEC intrusion detection logs
- NMAP port scans
- Vulnerability detection scans
- Incident reports
- RSS feed imports
- and more...
HECTOR's intuitive web based front-end allows for easy data analysis, scan configuration, and even incident reporting.
Security is more than just a vulnerability report or a code review. Security intelligence starts with knowing your environment, then expands as you begin to track actionable data about vulnerabilities, threats, and the specifics of your environment. Making smart decisions depends on having good data at your fingertips.
No! HECTOR is much more than a security incident/event management platform. HECTOR allows you to correlate between otherwise unrelated security data points and metrics to extrapolate exactly what's happening in your environment. HECTOR allows you to see security related data that might not indicate an event or incident. Types of data include open source news feeds, vulnerability research announcements, new exploits, and data like port scans or unique host classifications.
If you thought threat intelligence was paying thousands of dollars to a security company so they could lurk in 4chan IRC channels and tell you that Anonymous is planning to hack your vertical then you've been mislead. Security intelligence applies the principles of big data to your organization allowing you to see beyond traditional analysis to make better security investment decisions.
We're often asked why we don't use a NoSQL database like MongoDB for HECTOR. NoSQL is all the rage in "big data" circles and we certainly see the power in unstructured data stores. However, HECTOR developers believe there is power in structure, and that databases are uniquely designed to maximize that power. Unstructured security data isn't really unstructured, it is just stored in an unstructured way, which forces developers to apply structure to the data as it is pulled from the data store. This ignores the enormous power of a structured database to enhance the ability of developers to query data stores. Sure, structuring data is a hassle, and requires a lot of skill and patience, but we believe the effort is rewarded by creating a data store that is stable, extensible, and allows HECTOR to easily import and export data in standard formats.