The Cybersecurity and Infrastructure Security Agency (CISA) published the “Free Cybersecurity Services and Tools” webpage intended to be a one-stop resource where organizations of all sizes can find free public and private sector resources to reduce their cybersecurity risk. The catalog published today is a starting point. Going forward, CISA will incorporate other free services into the catalog.
The initial list includes services and tools from CISA, open source community, and private and public sector organizations across the cybersecurity community including Joint Cyber Defense Collaborative (JCDC) partners. The list is organized to align with CISA’s recent advisory on:
- Reducing the likelihood of a damaging cyber incident, including by preventing devices from connecting to malicious sites and scanning for security weaknesses and vulnerabilities, etc.
- Detecting malicious activity quickly, including by deploying network intrusion detection and prevention, undertaking penetration testing, and improving endpoint detections.
- Responding effectively to confirmed incidents, including through collection and analysis of malware and other artifacts.
- Maximizing resilience, including by automating system backups and enhancing threat modeling.
“CISA is super proud to announce the start of a new catalog of free resources available to those critical infrastructure owners and operators who would benefit from tools to help their security and resilience,” said CISA Director Jen Easterly. “Many organizations, both public and private, are target rich and resource poor. The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment. This initial catalog will grow and mature as we include additional free tools from other partners.”
It is imperative that the public and private sector collectively work together to promote basic cybersecurity practices and help organizations of all sizes reduce their cybersecurity risk. In addition to the services and tools offered in this new resource, CISA also provides certain measures that should be taken to establish a foundational cybersecurity program such as:
- Fix the known exploited security flaws in software;
- Implement multifactor authentication;
- Stop bad practices that are exceptionally risky;
- Reduce Internet attack surfaces and get your Stuff off Search; and
- Sign up for CISA’s cyber hygiene vulnerability scanning.
For more information, visit the Free Cybersecurity Services and Tools webpage .
As a reminder, CISA encourages all organizations to review our new Shields Up webpage to find recommended actions on protecting their most critical assets.