The U.S. Cybersecurity and Infrastructure Security Agency has released a litany of free security tools and resources designed to help organizations advance its security capabilities, including widely used open-source tools and services offered by private and public sector organizations.
The catalog of free resources comes amid rising geopolitical tensions that both government agencies and software providers say could lead to a rise in cyberattacks against government and critical infrastructure organizations.
According to CISA, the catalog includes the agency’s own services and tools, open-source resources, and others from the cybersecurity community, including the Joint Cyber Defense Collaborative.
The agency says it will implement a process for organizations to submit additional free tools and services for inclusion on the list, which it said is subject to change.
In addition to CISA resources such as vulnerability scanning, phishing assessment and penetration tests, the catalog includes free and open-source resources from Microsoft, Cloudflare, Google, CrowdStrike, Mandiant, IBM, Splunk, VMware and other leading IT vendors.
The catalog is designed to align with the agency’s recent advisory on reducing the likelihood of a cyber incident, detecting malicious activity, response and resilience. That advisory came after a series of cyberattacks against Ukraine, which is currently the subject of geopolitical turmoil.
Specifically, the resources are aligned with the advisory’s goals of reducing the likelihood of a damaging cyber incident, detecting malicious activity quickly, responding effectively to confirmed incidents and maximizing resilience.
In a statement, CISA Director Jen Easterly said many organizations in both public and private sectors are target rich, yet resource poor.
“The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment,” Easterly said. “This initial catalog will grow and mature as we include additional free tools from other partners.”
In addition to the catalog of free resources, CISA instructs all organizations to take several steps to harden their cybersecurity infrastructure, including patching known vulnerabilities, implementing MFA, adopting good cybersecurity practices and scanning for vulnerabilities.
The agency also maintains a running list of known exploited vulnerabilities, which includes nearly 380 security bugs known to be exploited by threat actors.