Latest Free Tools Every Cybersecurity Professional Needs to Know About

Nozomi Networks Inc. has announced Guardian Community Edition, a free tool designed to help security and risk management teams take the first step in expanding their risk lens to include OT and IoT cyber security. Leveraging the technology used in Nozomi Networks’ leading cyber security platform, Guardian Community Edition (Guardian CE) gives users visibility into OT and IoT assets in their environments.

“Organisations across a spectrum of industries are converging IT, OT and IoT efforts to improve business processes, deliver better customer experiences and gain a competitive edge,” said Nozomi Networks Co-founder and Chief Product Office Andrea Carcano. “Cyber security executives and their teams are challenged to gain visibility into these networks. But having visibility is the first step to securing them. We developed Guardian Community Edition to give the community a safe way to begin expanding their security footprint to include OT and IoT assets in their networks.”

Guardian cyber security platform, Guardian CE helps users to:

  • Discover OT and IoT assets in the network
  • Generate and print a visual map of the OT/IoT network
  • See which OT assets are mistakenly connected to the Internet
  • Identify OT/IoT asset configuration issues


Threat validation made easier with AT&T Alien Labs Open Threat Exchange

Many of you will already be aware of the world’s largest open threat repository, the Open Threat Exchange (OTX), started by AlienVault and now encompassed within AT&T Cybersecurity. Most recently, the AT&T Alien Labs and OTX development teams have come up with a new feature that will help make the internet safer for all. Participants can now upload files or URLs for free to be analysed by AT&T Alien Labs systems.

In fact, what would generally be paid for, “premium”, features in other products are 100% free with OTX, including:

  • Users can submit file/URLs for analysis via the portal and API (API usage in other similar products/services is usually limited in the community edition or not even available)
  • Unlimited number of submissions
  • Submissions can be private
  • Automatically compiles resulting indicators of compromise (IoCs) to a “pulse” that can be shared with either a community, or a private group
  • The analysis delivers additional threat context for more meaningful results


Built with Privacy in Mind, OneLogin’s Shield Protects the Enterprise by Combating Password Reuse

Brute force, credential stuffing and similar password attacks are on the rise, making weak and reused passwords one of the biggest risks in the enterprise. Despite this, nearly two-thirds (65%) of IT professionals don’t check employee credentials against common password lists. Enterprises are otherwise defenceless against employees reusing passwords from personal applications across their corporate applications. When employees’ personal applications are breached, cybercriminals often use these compromised credentials against corporate accounts. Shield removes the friction of password management and security by making the low effort, high impact functionality available through the browser trusted by the vast majority of internet users: Google Chrome.

Shield by OneLogin is a browser extension offered in both free and enterprise-grade plans. Shield works with any existing identity provider to deliver three key capabilities:

  • Stop Insecure Password Practices: prevents users from the high-risk practice of using identical or commonly used and insecure passwords across any website, including personal and corporate applications
  • Prevent Corporate Identity Misuse: identifies individuals using corporate accounts for personal applications, an insecure practice given the risk of third-party application compromise and ability of cybercriminals to use third-party apps as an entry point for data breach
  • Defend Against Phishing: flags websites that have a high probability of fraud, and notoriously attempt to trick users into entering their credentials


Complimentary tool aimed to inform security professionals of vulnerabilities in MFA,
authored by KnowBe4’s Roger Grimes

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is offering a new complimentary tool called the Multi-Factor Authentication Security Assessment (MASA), which provides security professionals with advice on implementing a multi-factor authentication (MFA) strategy, as well as practical advice on how to defend against MFA hacks.

According to Deloitte’s Addressing Cyber Threats: Multi-Factor Authentication for Privileged User Accounts report, 48% of cybersecurity breaches are not preventable by strong multi-factor authentication, leaving the MFA open to be hacked.

MASA is a survey-based tool that security professionals use by answering relevant technology questions about how their MFA solution works. MASA then uses those answers to determine that individual’s specific risks. The tool generates a summary report that highlights the individual risks that the particular MFA solution has, along with best practice information and recommendations on how to better defend the environment.

“Implementing MFA is usually a security improvement over single-factor authentication, however, like any security solution, it’s still hackable,” said Roger Grimes, data-driven defense evangelist, KnowBe4. “This new tool is intended to assist organisations in their overall security program analysis by revealing how MFA can be maliciously hacked in a number of ways. By providing security professionals with this information, we hope to better inform them of the decisions they make when it comes to security.”