As an agency of the United States Department of Homeland Security, a key part of the Cybersecurity and Infrastructure Security Agency’s mission (CISA) is helping businesses improve their security capabilities. Toward that goal, CISA offers free cybersecurity products and services.
Five Free Offerings From CISA
CISA’s Cyber Hygiene Vulnerability Scanning Services is available by emailing: [email protected]. Scanning will start within three days, and you’ll begin receiving reports within two weeks, according to CISA. Once initiated, this service is mostly automated and requires little direct interaction.
The Cybersecurity Evaluation Tool (CSET) provides organizations with a structured and repeatable approach to assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.
CISA offers a checklist for implementing cybersecurity measures. The document outlines four goals for your organization:
- Reducing the likelihood of a damaging cyber incident
- Detecting malicious activity quickly
- Responding effectively to confirmed incidents
- Maximizing resilience
CISA’s Known Exploited Vulnerabilities (KEV) Catalog enables organizations to identify known software security flaws. The KEV Catalog lets you search for software your organization uses, and if it’s found, update it to the most recent version in accordance with the vendor’s instructions.
The Malcolm Network Traffic Analysis Tool Suite is comprised of several widely used open source tools, making it an attractive alternative to security solutions requiring paid licenses, CISA said. The tool accepts network traffic data in the form of full packet capture (PCAP) files and Zeek logs.
Visibility into network communications is provided through two interfaces:
- OpenSearch Dashboards — a data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols
- Arkime — a tool for finding and identifying the network sessions comprising suspected security incidents
More About Malcolm
All communications with Malcolm, both from the user interface and from remote log forwarders, are secured with industry standard encryption protocols, CISA said. Malcolm operates as a cluster of Docker containers — isolated sandboxes that each serve a dedicated function of the system.
Although all of the open source tools that make up Malcolm are already available and in general use, Malcolm provides a framework of interconnectivity to make it greater than the sum of its parts. There are many other network traffic analysis solutions available, ranging from complete Linux distributions like Security Onion to licensed products like Splunk Enterprise Security.
However, the creators of Malcolm feel it's easy deployment and robust combination of tools fill a void in the network security space that will make network traffic analysis accessible to many in both the public and private sectors as well as individual enthusiasts, CISA said.