Free Cybersecurity Tools for IT Security Pros
Introduction
Cybersecurity is important for all organizations, but may not always be considered a priority. This can be a challenge for IT staff who lack security resources or the funding to obtain them. To assist defenders of small sized organizations, I have curated a list of free tools and services that can potentially fill security control gaps when expensive systems are infeasible.
When it comes to security on a budget, a defender needs to be creative and resourceful.
Free Tools by Category
I chose tools for specific security controls that are 100% free to use, and offer the most robust features for their category. Some of the tools listed below can span multiple categories.
The following list is not meant to be an endorsement of any product or vendor. It is simply meant to inspire taking a creative approach to risk reduction for the defender on a budget. It focuses on defense, and does not include tools typically used by red teams for penetration testing and forensics. I will update the list as I come across additional tools that fit the criteria.
Anti-Malware / Endpoint Protection
There are a few free anti-malware tools out there. Some are more conducive to home users than organizations, but even they might prove effective in small enough environments. There are two I have found that align well with small organizations.
Microsoft Defender - This comes installed with Windows as of Windows 10. If there is no other anti-malware, ensure that this is enabled on all Windows workstations.
ClamAV - This is a free, open-source solution maintained by Cisco’s Talos Intelligence Group. It is available for Windows, macOS, Unix and Docker.
DNS / Web-Filtering
This is a tricky category for free tools. There are DNS providers that offer free filtering services, but may lack appropriate monitoring and logging capabilities. There are browser extensions, but they may be difficult to control company-wide, and again will lack monitoring and logging. I found two DNS services that might work well for small organizations.
OpenDNS Home - This is a free service provided by Cisco designed for home and small businesses that offers DNS as well as customizable, category-based content filtering to protect against malicious domains, and sites the company may wish to block such as social media. This is useful for company-wide DNS filtering, but does not provide any advanced features.
NextDNS -This is another DNS provider that offers a free tier similar to Cisco’s OpenDNS, but offers advanced features for monitoring and logging. It is also backed by threat intelligence feeds that are constantly updated. However, the downside is that there is a cap of 300,000 queries per month for the free tier.
Email Protection
This is another difficult category for free tools. ClamAV can be integrated with email servers to scan for malicious attachments in emails, but does not provide filtering services for spam and phishing. For non-profits, Microsoft 365 and Google Workspace both provide free email security services. Otherwise, I was only able to uncover one free system that protects any organization against all common email threats such as spam, phishing, and malware.
SpamAssassin - This is a free, open-source solution that protects against all major email threats. The downside is that it requires some technical expertise to install and manage. It runs natively on *nix systems, and can run on Windows utilizing special environments like Cygwin. It integrates with many email systems, including Exchange.
Patch Management
There are a few free tools available for patch management. I found two that are especially well-suited for small organizations.
Windows Server Update Service - This is a free service built into Windows Servers that allows IT admins to deploy Windows software updates to networked Windows workstations and servers. It can also be extended with WSUS Package Publisher to deploy 3rd-party applications.
ManageEngine Patch Manager Plus Free Edition - ManageEngine offers many tools for IT system management and support. One of its offerings is Patch Manager Plus, which comes in several tiers including a free version for up to 20 workstations and 5 servers. It supports Windows, Mac and Linux.
User Awareness Training
This is an easy category for free tools. The tricky part is ensuring compliance, as many of the free resources do not offer any advanced features for deploying, monitoring, testing and tracking. There are free, open-source Learning Management Systems (LMSs) that can assist with this, such as Moodle and Chamilo, but I have not yet vetted these for system requirements. For additional insights, see my previous article on gamifying the process. Here are just a few other free options.
CanIPhish - This is a free service with interactive quizzes and animated videos, with a focus on gamification and engagement. It contains tracking and deployment capabilities.
Amazon’s Free Cybersecurity Awareness Training - This is a free service from Amazon that consists of 15 minutes worth of content including an array of topics such as secure communication, data classification, phishing physical security, social engineering, data privacy third-party/application security, laptop standards, data protection, and acceptable use. The site also provides packages that can integrate with an LMS.
Intrusion Detection and Prevention
This category is less difficult than I anticipated to find free tools. There are many options, however they might require some technical expertise to install, deploy, monitor and manage.
Snort - This a free system maintained by Cisco for rule-based network intrusion and prevention that can sniff and block packets. It is capable of deep packet inspection (DPI). It utilizes its own rule language.
Suricata - This is another free, open-source, rule-based, network IDS/IPS with DPI capabilities. It differs from Snort in its multi-threaded architecture, and may be more comprehensive in its protocol coverage. Suricata can use Snort rules, but also has its own rule language.
Open Source Security (OSSEC) - This is a free system for host-based intrusion detection. It is capable of analyzing logs from sources such as firewalls, IDS/IPS, and web servers, and provides file integrity monitoring (FIM), rootkit detection, and active response with real-time alerts. It is compatible with Windows, macOS, and Linux.
Host / Rogue Device Discovery
There are a few excellent free resources for this. Generally, vulnerability scanners will also include this capability. Here are a few of the most commonly used free tools.
Nmap - This is a free standalone application that can scan networks for IP addresses and ports, to identify active hosts and services. It can detect OS and software versions, and is capable of vulnerability assessments. It is also capable of generating visual network maps. Its scans can be automated or run ad-hoc. It can run on Windows, Linux and macOS.
Angry IP Scanner - This is another free standalone application for host and port detection. It is very simple and lightweight, with some filtering features and export options. Its scans can be automated, or run ad-hoc. It can run on Windows, Linux and macOS.
Lansweeper - This is a free tool for IT asset discovery and management. It provides an inventory of devices including details on their hardware and software. It is capable of integrating with tools such as SCCM an Intune, and provides automated network scanning with advanced features such as device recognition and switch port mapping. This is a more robust system than the previous two entries, and requires some technical expertise and a Windows server to run.
Vulnerability Assessment
There are many free tools available for different scenarios. Some are focused on cloud or web apps. For conducting vulnerability scans on a complete network of various devices and technologies, there are two primary free options.
Nessus Essentials
This a full free edition of Nessus Tenable Pro which costs between $4K and $5K per year. It offers limited capabilities compared to the paid version, but may be a good free option for small environments.
OpenVAS
This is another free vulnerability scanner that offers capabilities comparable to paid systems such as Tenable Nessus Pro. It is open-source, and backed by daily updates from an open community. As with the other free, open-source systems in this article, it may require some technical expertise.
External Attack Surface Analysis
This is a difficult category to find specific free tools. Alternatively, a defender could use a tool like Nessus Essentials and run scans from an external location, but special care should be taken when doing so.
CISA’s Cyber Hygiene Services
CISA offers a selection of free resources for organizations, including vulnerability scanning on external asses. These services require enrollment with a regional CISA office. They will provide weekly scan results, and ad-hoc alerts for urgent findings. They also offer in-depth scans on web applications, providing monthly and on-demand reports.
Considerations
Administrative controls should be in place to provide official review and authorization of all vendors and tools before use.
Care should be taken when selecting any resources, especially those claiming to be free. Always use official sites, and vet any tools and vendors thoroughly to avoid scams and malware posing as legitimate tools.
Additionally, legitimate vendors may offer free versions that provide reduced functionality and push users to pay for advanced features, or are actually just free trial versions. Some free software also comes with licensing restrictions, so proper due diligence should be taken to avoid any legal liability.
Defenders should ensure free tools cannot be easily disabled or bypassed by users. Finally, some free tools might offer additional features such as VPN and file encryption services that could potentially violate policy, or allow them to bypass other security controls.
Conclusion
When it comes to defense, thorough planning is key to ensure full coverage. There are hundreds of vendors, tools, systems and services available to cover every aspect of security, and selecting the best option can be challenging. Budgetary constraints can limit the options, but it can also make choosing effective controls more difficult. Hopefully this article has helped fill some gaps, or at least provide some inspiration to find innovative and cost-effective ways to protect environments.
Daily Cuppa
Today’s cup of tea is Organic Vanilla Rooibos provided by Equal Exchange. Organic, and fair-trade. Today with a hefty splash of vanilla oat milk for some extra sweetness and creaminess.
If you found this article useful, or enjoy the site in general, feel free to buy the author a cup of tea.
The author is also available for work.