CISA Free Cybersecurity Services and Tools
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of free public and private sector cybersecurity services. The Free Cybersecurity Services and Tools webpage “includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community.” CISA plans to include additional tools and services in the future.
Sadly, some organizations, in particular in the government, have a hard time using free/open-source tools for political reasons, not due to the quality of the tool. I hope that CISA's list will put a spotlight on some of these tools and make it easier to overcome "Layer 8" issues in implementing them. Currently, the list is a bit dominated by a few vendors and I hope over time more tools will be added. Great start and high-quality resources.
This is an amazing list of tools but remember you need people and processes to take advantage of them in the most efficient way possible.
This is a great resource for businesses, particularly small businesses, to refer to when looking for tools. However, while this helps deal with the challenge of the technology part of cybersecurity, I do hope there will be additional resources made available around the other areas such as processes and people.
The site includes foundational security measures you should be incorporating, links to tools you can deploy locally, as well as information on free services CISA can provide to help your cyber hygiene. Leverage these services and tools to both augment current capabilities and verify your assessed posture, possibly discovering issues previously overlooked.
In light of recent Russian activity, security professionals and leaders are asking, “What should I be doing?” In most cases, nothing different than what you are already doing now from a security perspective. This CISA publication and release of tools emphasizes the same key lessons: focus on the fundamentals. Neither the attack methods nor the defense methods have changed; it is the sense of urgency that has changed.