The list is created to achieve goals from CISA’s recommendations that are part of the “CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats” report released on January 18th, 2022.

The US Cybersecurity & Infrastructure Security Agency (CISA) is a federal agency that strives to manage, monitor, and reduce any threats to the country’s cybersecurity infrastructure.

The agency also issues alerts and guidelines regarding vulnerability disclosures and high-profile data hacks. The agency recently published an online list of its own and third-parties open-source and free security tools and services to help organizations improve their security posture.

Details of CISA’s Living Repository

CISA has referred to the list as a Living Repository of Free Tools and Services offered by public and private sector firms, updated with new resources as required.

The list is created to achieve four goals from CISA’s recommendations that are part of the “CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats” report released on January 18th, 2022. The goals include:

  1. Improving resilience
  2. Identifying malicious activities quickly
  3. Reduction in ‘damaging’ cyber attacks
  4. Effectively responding to confirmed incidents

This list is part of CISA’s ongoing initiative to improve the security posture for the country’s infrastructure providers and state to local governments. The list is released with a guide containing resources and links to services that organizations can use to reduce their risk exposure and deal with the repercussions of a cybersecurity incident.

Types of Free Tools in the List

The list compiled by CISA includes the agency’s own vulnerability scanning and incident response solutions, Google Safe Browsing, Microsoft Defender Antivirus, Microsoft Defender Application Guard, Mandiant Attack Surface Management, and Cloudflare Zero Trust Services.

The federal agency stated that it doesn’t endorse these resources for particular use cases, so it divided the guide into different categories mentioned above. The resources include guidelines on phishing assessment services, DDoS protection, Project Shield, remote penetration tests, repositories for threat data, backup services, forensics software, and antivirus tools.

Furthermore, skill levels are segregated as per the basic or advanced requirements for each tool or service.

More Tool & CISA News on Hackread.com

Key Recommendations from CISA

CISA recommends that companies endorse basic steps to improve their cybersecurity infrastructure. Organizations must implement patch cycles to timely fix known software vulnerabilities, rely on 2FA (two-factor authentication) or MFA (multi-factor authentication) authentication, keep upgrading their out-of-support and legacy software, and replace old or default passwords.

After ensuring these steps, organizations should proceed to other categories. CISA affirmed that the list will be updated regularly, and a process will be developed where organizations can submit free tools and services to the agency in the future.

Posted by Charlie