CISA compiles list of free cybersecurity tools and services

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a list of free cybersecurity services and tools to help organizations increase their security capabilities and better defend against cyberattacks.

While the set is neither comprehensive nor impervious to change, it aims to mature an entity’s cybersecurity risk management when combined with baseline security practices for a strong cybersecurity program.

The list is a mix of services from CISA, open-source utilities, and free tools and services from organizations in the public and private sectors.

Build on a strong foundation

Before turning to the tools and services compiled by CISA, organizations need to adopt some of its recommended security practices:

  • Apply security updates that fix known vulnerabilities
  • Implement multi-factor authentication (MFA)
  • Quit using software that is no longer supported (end-of-life) and replace systems/software with passwords that are known, default, or hard-coded
  • Use CISA’s Cyber Hygiene Vulnerability Scanning service (register at vulnerability@cisa.dhs.gov)

Reduce visibility on the public web for sensitive devices and platforms (get your stuff off search)

Once the above measures are implemented, CISA says that organizations can move to use the free tools and services it compiled to improve their cybersecurity risk management.

The agency has grouped the resources into four categories, based on the objectives that need to be met to protect against potential critical threats:

  1. Reducing the likelihood of a damaging cyber incident
  2. Detecting malicious activity quickly
  3. Responding effectively to confirmed incidents
  4. Maximizing resilience

The list includes 97 tools and services from the open-source space as well as from CISA’s repository and various organizations relevant to the cybersecurity sector: Microsoft, Google, VMware, IBM, Mandiant, Cisco, Secureworks, Cloudflare, Center for Internet Security, CrowdStrike, Tenable, AT&T Cybersecurity, Kali Linux Project, Splunk, SANS, and Palo Alto Networks.

Each entry comes with a brief description, a link, and an assessment of the skill level required to handle it, which varies between “basic” and “advanced.”

CISA agency highlights that the listed tools and services are not guaranteed to be suitable “for any particular use case.”

Although many of the resources listed are from private companies, CISA notes that selecting them in no way implies endorsement or favoring by the agency.

Related Articles:

CISA urges software devs to weed out SQL injection vulnerabilities

US govt shares cyberattack defense tips for water utilities

CISA tags Microsoft SharePoint RCE bug as actively exploited

CISA: Critical Microsoft SharePoint bug now actively exploited

What the Latest Ransomware Attacks Teach About Defending Networks