The US Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive factsheet on July 17, 2023, to assist businesses transitioning to cloud environments in ensuring data security and safeguarding critical assets.
Named Free Tools for Cloud Environments, the factsheet offers network defenders and incident response/analysts open-source tools, methods and guidance for identifying, mitigating and detecting cyber threats, vulnerabilities and anomalies while operating in cloud or hybrid environments.
According to the document, cloud service platforms and providers (CSPs) already provide built-in security capabilities to enhance security while operating in cloud environments.
CISA encouraged organizations to leverage these built-in security features and complement them with the free tools provided by the Agency and its partners to fill any security gaps effectively.
The highlighted open-source tools mentioned in the factsheet are the Cybersecurity Evaluation Tool (CSET), SCuBAGear, Untitled Goose Tool, Decider and Memory Forensic on Cloud by Japan CERT.
These tools are designed to support network defenders in investigating and improving an organization's security posture, providing critical assistance in mitigating cyber incidents, detecting malicious activities and enhancing overall resilience.
CISA emphasized that these open-source tools are meant to assist with on-site investigation and remediation in cloud environments but may not cover all aspects.
The Agency highlighted that paid tools and services can complement the open-source offerings, and most CSPs also provide their own platform-specific monitoring and analysis tools.
The factsheet underscores the importance of evaluating an organization's security posture, especially in hybrid cloud operations. It encourages the development of practices that best fit individual organizational needs before adopting cloud services.
Correctly identifying and utilizing open-source tools will aid network defenders in enhancing security, detecting threats and improving incident response capabilities.
The tools' release comes weeks after CISA and the National Security Agency (NSA) jointly released guidelines at the end of June aimed at defending Continuous Integration/Continuous Delivery (CI/CD) environments.