CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment.
Cloud service platforms and cloud service providers (CSPs) have developed built-in security capabilities for organizations to enhance security capabilities while operating in cloud environments. Organizations are encouraged to use the built-in security features from CSPs and to take advantage of free CISA- and partner-developed tools/applications to fill security gaps and complement existing security features. Publicly available PowerShell tools exist to all network defenders for investigation and aid of an organization’s security posture, including:
- Cybersecurity Evaluation Tool (CSET),
- Secure Cloud Business Applications (SCuBA) Gear,
- Untitled Goose Tool,
- Decider, and
- Memory Forensic on Cloud (Japan CERT).
Note: These tools are highlighted and explained to assist with on-site investigation and remediation in cloud environments but are not all-encompassing and are provided for informational purposes only. CISA does not endorse any commercial product or service, including any subjects of analysis.
CISA encourages network defenders to take the measures above and consult the Free Tools for Cloud Environments factsheet to reduce the likelihood of a damaging cyber incident, detect malicious activity, respond to confirmed incidents, and strengthen resilience.