12 Free, Ready-to-Use Security Tools
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt45ecfcb3b5538a28/64f0d56e3fae845fbc51f7e3/Slide1CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
It's nearly mid-October, which means we're well into National Cybersecurity Awareness Month. This 15th annual public awareness campaign serves as yet another opportunity for security vendors to show their wares and get people who don't always take cybersecurity seriously to take a closer look.
Free security tools are one way to get them on that path, offering some real depth that can help companies analyze their exposure and start formulating a more detailed cybersecurity plan.
Stu Sjouwerman, CEO of KnowBe4, says that the highly regarded "2018 Verizon Data Breach Investigations Report" once again found the vast majority of breaches are caused by phishing emails and pretexting. His company – one of eight we highlight – offers a free tool to determine which email addresses and domain names might be exposed on the Dark Web. Other offerings take aim at different social attacks, as well as get companies into the basics of deep packet analysis, help them look for flaws in SAP code, and offer a step-by-step approach to developing their own security awareness program.
Wombat Security, a division of Proofpoint, offers two free security tools. The first, wombatsecurity.com/heroes, was developed for companies just starting out with security awareness training. Level 1 features two one-minute videos on the basics of phishing and SMS phishing (smishing), followed by more detailed examples of phishing emails. Level 2 focuses on the basics of ransomware, and Level 3 offers tips ahead of this year's online holiday shopping season, as well as pointers on business email compromises.
The second tool, Best Behavior Bingo, was developed for companies with a higher level of awareness. The Bingo board starts with phishing and identity theft basics. From there, players can drill down into other topics, such as security tips for Internet of Things devices and adding two-factor authentication to email, social media, and financial accounts.
KnowBe4 has an extensive list of free security tools on its website, where security pros will find a dropdown list of nine free tools. Some of the highlights include the Phishing Security Test, which lets companies run a simulated phishing test for up to 100 users. Within 24 hours, companies will receive a PDF with their phish-prone percentage and charts to share with management. Companies may also want to try the Domain Doppleganger, an option that KnowBe4 made available about two weeks ago. Participants will also receive a PDF within 24 hours of all their look-alike domains. In addition, don't miss the Ransomware Simulator. This tool simulates 13 ransomware infections and one cryptomining infection and will point out vulnerable workstations.
Active Risk Monitoring (ARM), from ERP Maestro, analyzes all existing insider threats within a company's SAP environment and issues monthly updates on the company's risk profile. Setting up ARM takes less than an hour; users download the desktop application and connect their SAP systems to ARM. ERP Maestro points out that 75% of today's cyberthreats are the result of insider threats. However, gaining visibility into internal access risks manually can be time-consuming and inaccurate. ARM offers a way to automate the process and offers a way for companies to see where insiders may have improper account access.
Anomali offers STAXX as a free client that lets users access any STIX/TAXII-compatible threat intelligence feed. STAXX supports STIX 1.0 and 2.0 standards, which are common languages for conveying data about threat intelligence. It also comes preconfigured with Anomali Limo, a suite of free, out-of-the-box threat feeds, as well as an online portal for exploring indicators of compromise (IOCs). Think of STAXX as a fairly quick and easy way to get started with threat intelligence.
The Neuralys platform offers a centralized dashboard for visualizing a company's vulnerability trends, security zoning for the prioritization of risk management tasks, and mitigation tracking for monitoring responses across a team's security operations. It was designed from the ground up to complement existing security tools. Neuralys can import/upload risks or vulnerabilities from existing security toolsets or penetration tests in seconds by using its native Nessus parser or the universal CSV importer. The free version, Forever Free, includes up to 20 assets, one security zone (external, internal, or endpoint), and collaboration capabilities for up to five users.
Onapsis offers two free tools: Bizploit, an open source ERP penetration testing framework, and the Onapsis Integrity Analyzer for SAP. Bizploit helps infosec pros with the discovery, exploration, vulnerability assessment, and exploitation phases of specialized SAP penetration testing. The Integrity Analyzer for SAP was developed to help SAP customers protect their systems from unauthorized modifications of ABAP programs; ABAP is the most common language used to develop SAP applications. If undetected, these modifications can be used to inject backdoors and rootkits in an SAP system, which would let attackers manipulate critical business processes, steal sensitive information remotely, and deploy advanced threats against business-critical applications.
Detexian has created a B2B SaaS product for small and midsize businesses that offers 24/7 threat detection. The product uses artificial intelligence to automate the tedious task of scanning log data for issues, presenting threats to security teams, and proposing actions in response to the alerts. System administrators rarely have time for this, yet it can be an effective way to identify attacks early, significantly reducing costs. Log data is also the best way to understand what happened before, during, and after an incident. Users can start with the free tool.
Detexian has created a B2B SaaS product for small and midsize businesses that offers 24/7 threat detection. The product uses artificial intelligence to automate the tedious task of scanning log data for issues, presenting threats to security teams, and proposing actions in response to the alerts. System administrators rarely have time for this, yet it can be an effective way to identify attacks early, significantly reducing costs. Log data is also the best way to understand what happened before, during, and after an incident. Users can start with the free tool.
It's nearly mid-October, which means we're well into National Cybersecurity Awareness Month. This 15th annual public awareness campaign serves as yet another opportunity for security vendors to show their wares and get people who don't always take cybersecurity seriously to take a closer look.
Free security tools are one way to get them on that path, offering some real depth that can help companies analyze their exposure and start formulating a more detailed cybersecurity plan.
Stu Sjouwerman, CEO of KnowBe4, says that the highly regarded "2018 Verizon Data Breach Investigations Report" once again found the vast majority of breaches are caused by phishing emails and pretexting. His company – one of eight we highlight – offers a free tool to determine which email addresses and domain names might be exposed on the Dark Web. Other offerings take aim at different social attacks, as well as get companies into the basics of deep packet analysis, help them look for flaws in SAP code, and offer a step-by-step approach to developing their own security awareness program.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024