Product Date Posted

DHS ICS-CERT Cyber Security Evaluation Tool (CSET)

CSET is a free tool that can be used by any organization and has the DoD RMF process built-in to create the network architecture diagram, has a plug-in to import GrassMarlin network discovery and inventory files, and creates a Security Plan. 

May 2018

Belarc Advisor

The tool is a data gathering and analysis tool for IT systems. The tool can be used in the Test and Development Environment to establish the preliminary Functional-Mission Capability Baseline and should be included on the Jump-Kit Rescue CD (if required).

May 2018

MalwareBytes

MalwareBytes is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

May 2018

OSForensics

OSForensics is COTS product (free and purchase versions) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

FireEye Redline

FireEye Redline is COTS product (free) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures.

May 2018

Microsoft SysInternals Suite

The suite of tools can be used by any organization to evaluate OS and system performance and search for malware and isolate process and threads. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Host-Based Scanning System (HBSS) /Assured Compliance Assessment Solution (ACAS) Tools

HBSS and ACAS are components of the DISA Endpoint Security Solutions (ESS) suite which is an integrated set of capabilities that work together to detect, deter, protect, and report on cyber threats across all DOD networks. The FRCS designer, construction and systems integrators will not typically have access to HBSS ACAS; CIO and DISA typically deploy the tools to the new systems being added to the DoD network.

May 2018

Avast

Avast is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

May 2018

QualSys SSL Client and Browser Tool

This free online service performs a deep analysis of the configuration of any SSL/TLS web server on the public Internet, and client browsers. This tool should be used to conduct security audits. 

May 2018

Security Onion

Security Onion is a free Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System.

May 2018

VirusTotal

VT is a free tool that can be used by any organization to analyze suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark Packet Captures (pcaps) are used to analyze network (wired and wireless) traffic.  BACnet and Modbus pcap files can be used in the TDE for training and practice to detect and contain malware. 

May 2018

WhiteScope

WhiteScope is a free service that compares file contents and file hashes with "known good" files from ICS/SCADA installation media. This service is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

May 2018

Nomoreransomware

The website provides general guidance about ransomware  www.nomoreransom.org and a list of decrypted ransomware and intructions on how to recover systems  https://www.nomoreransom.org/en/decryption-tools.html.

June 2018

Glasswire

Glasswire is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful network, firewall, application, alerting and logging tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System.

June 2018