Has your network been compromised? Use RITA to find out
Have you heard about RITA? Real Intelligence Threat Analysis is a an open source tool – a framework, actually – aimed at helping organizations find malicious activity on their network.
Developed by Black Hills Information Security, RITA does not detect malicious activity through signatures, but mainly through statistical analysis.
It sifts through network data, logs and so on, and looks for anomalous behaviors: beaconing behavior, systems connecting to blacklisted IP addresses, scanning behavior, long duration connections (good for data exfiltration), long URLs, and accounts that have multiple concurrent logons to multiple systems.