The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared a factsheet providing details on free tools and guidance for securing digital assets after switching to the cloud from on-premises environments.
The newly released factsheet helps network defenders, incident response analysts, and cybersecurity professionals mitigate the risk of information theft and exposure, as well as data encryption and extortion attacks.
It aims to assist in the crucial tasks of identifying, detecting, and mitigating known vulnerabilities and cyber threats encountered while managing cloud-based or hybrid environments.
The highlighted tools complement the built-in tools provided by cloud service providers and help reinforce the resilience of network infrastructures, strengthen security measures, promptly identify malicious compromises, meticulously map potential threat vectors, and effectively pinpoint malicious activity in the aftermath of a breach.
"Cloud service platforms and cloud service providers (CSPs) have developed built-in security capabilities for organizations to enhance security capabilities while operating in cloud environments," CISA said.
"Organizations are encouraged to use the built-in security features from CSPs and to take advantage of free CISA- and partner-developed tools/applications to fill security gaps and complement existing security features."
The list of free tools highlighted in today's factsheet and developed by CISA in collaboration with partners include:
- Cybersecurity Evaluation Tool (CSET): assists organizations in evaluating their enterprise and asset cybersecurity posture
- SCuBAGear (Secure Cloud Business Applications Gear): helps compare configs against CISA M365 baseline recommendations
- Untitled Goose Tool: helps detect signs of malicious activity in Microsoft cloud environments
- Decider: helps generate MITRE ATT&CK mapping reports
- Memory Forensic on Cloud (Japan CERT): builds memory forensic environment on Amazon Web Services (AWS)
While not all-encompassing, these tools can help detect malicious activity, bolster resilience against damaging cyberattacks, and assist with remediation and investigation efforts.
Today's announcement is part of an ongoing effort to protect critical infrastructure from cyber threats by providing organizations with timely warnings and essential guidance.
For instance, starting January 2023, CISA has taken proactive measures to alert critical infrastructure entities about Internet-exposed systems on their networks that are vulnerable to ransomware attacks.
"Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community," CISA said at the time.
The cybersecurity agency also launched the Joint Cyber Defense Collaborative (JCDC) in August 2021, a partnership aimed at safeguarding U.S. critical infrastructure from ransomware and other cyber threats.
Furthermore, in August 2021, CISA released comprehensive guidelines designed to assist at-risk private sector organizations and government entities in preventing data breaches stemming from ransomware attacks.
Comments
UseCommonSense - 10 months ago
If you trust the government to protect your assets, you are the problem with your security.