Have you heard about RITA? Real Intelligence Threat Analysis is a an open source tool – a framework, actually – aimed at helping organizations find malicious activity on their network.
Developed by Black Hills Information Security, RITA does not detect malicious activity through signatures, but mainly through statistical analysis.
It sifts through network data, logs and so on, and looks for anomalous behaviors: beaconing behavior, systems connecting to blacklisted IP addresses, scanning behavior, long duration connections (good for data exfiltration), long URLs, and accounts that have multiple concurrent logons to multiple systems.
The tool can be downloaded and used for free. The Black Hills team hopes that users will continue to add new modules to it.
More information about RITA can be had here, and in this video:
This blog post also carries more information on how to install and use the framework.