The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a list of free cybersecurity services and tools to help organizations increase their security capabilities and better defend against cyberattacks.
While the set is neither comprehensive nor impervious to change, it aims to mature an entity’s cybersecurity risk management when combined with baseline security practices for a strong cybersecurity program.
The list is a mix of services from CISA, open-source utilities, and free tools and services from organizations in the public and private sectors.
Build on a strong foundation
Before turning to the tools and services compiled by CISA, organizations need to adopt some of its recommended security practices:
- Apply security updates that fix known vulnerabilities
- Implement multi-factor authentication (MFA)
- Quit using software that is no longer supported (end-of-life) and replace systems/software with passwords that are known, default, or hard-coded
- Use CISA’s Cyber Hygiene Vulnerability Scanning service (register at vulnerability@cisa.dhs.gov)
Reduce visibility on the public web for sensitive devices and platforms (get your stuff off search)
Once the…