Network Security Tools
Network security tools and solutions for firewalls, intrusion detection, network monitoring, and perimeter security.
Browse 472 network security tools
FEATURED
USE CASES
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A controller addon that provides additional security defenses for onion services ahead of official Tor-core release.
An intrusion prevention system for SSH that blocks IP addresses after a set number of consecutive failed login attempts.
Sniffglue is a network sniffer tool written in Rust with advanced filter sensitivity options and secure packet processing.
A wireless network detector, sniffer, and intrusion detection system
Malware sandbox for executing malicious files in an isolated environment with advanced features.
A Python library to interface with a cuckoo-modified instance.
Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
OpenSnitch is a GNU/Linux application firewall with interactive outbound connections filtering and system-wide domain blocking capabilities.
PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.
CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.
Accurate detection of HTTPS interception and robust TLS fingerprinting tool.
A package for capturing and analyzing network flow data and intraflow data.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
A tool for classifying packets into flows based on 4-tuple without additional processing.
A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.
An open-source network security monitoring tool.
A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.
Open source framework for network traffic analysis with advanced features.
Network Security Specializations
472 tools across 7 specializations · 91 free, 381 commercial
Distributed Denial of Service Mitigation
Distributed Denial of Service (DDoS) protection services and mitigation tools for defending against distributed denial of service attacks and traffic flooding.
Intrusion Detection and Prevention Systems
Intrusion Detection and Prevention Systems (IDPS)for monitoring network traffic and blocking malicious activities.
Network Access Control
Network Access Control (NAC) solutions for controlling device access to networks, enforcing security policies, and managing network endpoints.
Network Security Tools FAQ
Common questions about Network Security tools, selection guides, pricing, and comparisons.
Traditional firewalls filter traffic based on ports, protocols, and IP addresses. Next-generation firewalls (NGFWs) add application awareness (identifying apps regardless of port), integrated intrusion prevention (IPS), SSL/TLS inspection, user identity awareness, and threat intelligence feeds. NGFWs can block specific application features while allowing the app itself.
NDR (Network Detection and Response) uses machine learning and behavioral analysis to detect threats in network traffic, including encrypted traffic analysis. Traditional IDS (Intrusion Detection Systems) rely primarily on signature matching against known attack patterns. NDR catches novel attacks and lateral movement that signature-based IDS would miss, and adds automated response capabilities.
Yes. Zero trust reduces reliance on network perimeter security, but network security tools remain essential for: detecting lateral movement, monitoring east-west traffic, protecting legacy systems that cannot support zero trust agents, DDoS mitigation, and providing visibility into encrypted traffic. Zero trust and network security are complementary, not replacements for each other.
