Thursday, December 5, 2024
HomeCloudCISA Released Free Cloud Security Tools to Secure Cloud Data

CISA Released Free Cloud Security Tools to Secure Cloud Data

Published on

SIEM as a Service

The Cybersecurity & Infrastructure Security Agency (CISA) has released a list of free tools for organizations to secure themselves in cloud environments.

The post from CISA stated that these tools will help incident response analysts and network defenders to mitigate, identify and detect threats, known vulnerabilities, and anomalies in the cloud or hybrid environments.

Threat actors have traditionally targeted internal servers during an attack. However, the rapid growth of cloud migration has attracted several threat actors to target cloud environments as the attack vector is massive when it comes to the cloud.

- Advertisement - SIEM as a Service

The tools provided by CISA will aid organizations that lack the necessary tools to defend against cloud threats. These tools can help in protecting their cloud resources from information theft, data theft, and information exposure.

Tools + Pre-built Security features

CISA also mentioned that organizations should use the security features provided by the Cloud Service Providers and combine them with the free tools suggested by the CISA for protecting against these threats. The tools provided by the CISA are,

  • The Cybersecurity Evaluation Tool (CSET) (CISA)
  • SCuBAGear (CISA)
  • The Untitled Goose Tool (CISA)
  • Decider (CISA)
  • Memory Forensic on Cloud (JPCERT/CC)

The Cyber Security Evaluation Tool (CSET)

This tool was developed by the CISA that uses industry-recognized standards, frameworks, and recommendations to assist organizations in their cybersecurity posture evaluation. The tool asks multiple questions about system components, architecture, and operational policies and procedures.

This information is then used to generate a report that provides a complete insight into the strengths and weaknesses of the organizations including the recommendations to fix them. The CSET version 11.5 includes Cross-Sector Cyber Performance Goals (CPG) which was developed by the CISA and the NIST (National Institute of Standards and Technology).

CPG can provide best practices and guidance that all organizations should follow. This tool can help against common and impactful TTPs. 

SCuBAGear M365 Secure Configuration Baseline Assessment Tool

SCuBAGear is a tool that was a part of the SCuBA (Secure Cloud Business Applications) project that was initiated in response to the Supply Chain compromise of SolarWinds Orion Software. SCuBA is an automated script that compares the Federal Civilian Executive Branch (FECB) against M365 Secure configurations of the CISA.

In collaboration with SCuBAGear, CISA created multiple documents that can guide cloud security that can help all organizations. Three documents were created as part of this tool,

  • SCuBA Technical Reference Architecture (TRA) – Provides essential components for hardening cloud security. The scope of TRA adds cloud business applications (for SaaS models) and the security services used to secure and monitor them.
  • Hybrid Identity Solutions Architecture – Provides best approaches for addressing identity management in a Cloud environment.
  • M365 security configuration baseline (SCB) – provides basic security configurations for Microsoft Defender 365, OneDrive, AAD, Exchange Online etc.

This tool provides an HTML report highlighting policy deviations described in the M365 SCB guides.

Untitled Goose Tool

This tool was developed alongside Sandia National Laboratories which can help network defenders identify malicious activities in Microsoft Azure, AAD, and M365. It can also help query, export, and investigate audit logs.

This tool is extremely useful for organizations that do not ingest these kinds of logs into their Security Incident and Event Management (SIEM) tool. It was developed as an alternative to PowerShell tools since they did not have data collection capacity for Azure, AAD, and M365.

Network Defenders can use this tool to,

  • Cloud artifacts extraction from AAD, Azure, and M365
  • Perform time bounding of the Unified Audit Logs (UAL)
  • Extra data within time bound
  • Collect data using the capability of time bounding for MDE(Microsoft Defender Endpoint) data

Decider Tool

This tool can help incident response analysts to map malicious activities with the MITRE ATT&CK framework. It also provides an easier approach to their techniques and provides guidance for mapping the activities accordingly.

Just like CSET, this tool also asks several questions to provide relevant user queries for determining the best possible identification method. With this information, the users can now,

  • Export ATT&CK Navigator heatmaps
  • Publish Threat Intelligence reports 
  • Identify and execute mitigation procedures
  • Prevent Exploitation

The CISA has also provided a link on how to use the Decider tool.

Memory Forensic on Cloud (JPCERT/CC)

It was developed for building and analyzing the Windows Memory Image on AWS using Volatility 3. Furthermore, Memory Forensics is required when it comes to the newly trending LOTL (Living-Off-the-Land) attacks which are otherwise called fileless malware.

A memory image analysis can help during incident response engagements that usually require high-specification machines, time, and resources to prepare a sufficient environment.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Shut Down Phishing Attacks -Detection & Prevention Checklist

In today's interconnected world, where digital communication and transactions dominate, phishing attacks have become...

Why the MITRE ATT&CK Evaluation Is Essential for Security Leaders

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed...