Skip to main content
All CollectionsCompliance
Free Security Tools for Startups
Free Security Tools for Startups
Ethan Heller avatar
Written by Ethan Heller
Updated over a week ago

The following list is intended to cover some free cybersecurity tools which can help to reduce costs to your organization, or at the very least, help you evaluate other potential solutions. These tools may be used to fulfill controls outlined by various frameworks and also may help to fulfill questions you receive from prospects and customers. These tools can be used in various ways, so it is imperative that tools are configured correctly in order to ensure that compliance requirements are appropriately met.

Tool

Description

Drata Control

Tags

Kali Linux

Kali Linux is a free Linux Distro that is designed for penetration testers and other security personnel. It comes loaded with a number of other free tools, some of which are on this list, some of which are not, all designed to really evaluate the security of a network or device in some form. If you are performing security work such as vulnerability scanning in-house, installing Kali Linux on an extra laptop or a VM is a great idea.

DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR),

DCF-20 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-324 (PCI),

DCF-448 (PCI), DCF-449 (PCI), DCF-450 (PCI), DCF-452 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI)

Operating System, Vulnerability Scanning, Security Assessment

Security Onion

Security Onion is another Linux Distribution designed for security, but from a different perspective. Security Onion is really meant for enterprise level security monitoring, threat hunting, and log management. It comes pre-loaded with tools for monitoring and alerting on log events and it integrates with other tools that might not be included very easily. In addition to running Security Onion as a server, it automatically comes with images to be run on AWS or Azure.

DCF-79 (SOC 2, ISO 27001, HIPAA),

DCF-80 (SOC 2, ISO 27001, HIPAA),

DCF-442 (PCI)

Operating System, Log Management

Aircrack-ng

Aircrack-ng is a suite of tools which are great for Wifi security assessments and identifying wireless devices. It is really a penetration testing tool to test the security of Wifi networks, but thanks to its detector functionality, it can also be useful in identifying rogue wireless devices or networks. This is important for frameworks like PCI DSS which require network scanning to detect rogue wireless devices.

DCF-448 (PCI), DCF-449 (PCI), DCF-450 (PCI)

Wifi, Network Security

Snort

Snort is a Network Intrusion Detection System (NIDS) which can also act as a Network Intrusion Prevention System (NIPS). While the syntax of Snort rules can be a bit confusing initially, the power and configurability of Snort actually makes it more powerful than some commercial tools.

DCF-91 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-477 (PCI)

Intrusion Detection System, Intrusion Prevention System

Zeek

Zeek is a tool which is actually designed as a “Network Security Monitor” and provides real-time visibility into network traffic. However, it can also be configured to run as a Network Intrusion Detection System. Zeek is a fantastic tool for users who want to gain more insight into what’s happening on their network.

DCF-91 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-477 (PCI)

Intrusion Detection System, Network Monitoring

Suricata

Suricata is another Network Intrusion Detection and Intrusion Prevention System. Suricata has some benefits over Snort, such as support for multi-threading. In addition to those types of features, it is rule-based, like Snort, and offers compatibility with Snort rules. This lets you leverage the strength of both communities and any rules the Snort or Suricata communities have developed which you might be able to use.

DCF-91 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-477 (PCI)

Intrusion Detection System, Intrusion Prevention System

OSSEC

OSSEC is a slightly different tool than the ones listed above. It is a Host-based Intrusion Detection System. This means that it can only perform monitoring on a single device, but it is an excellent tool for your more critical devices.

DCF-91 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-477 (PCI)

Host-based Intrusion Detection System

NMAP

NMAP is an incredibly well-known tool which is used to scan networks. It maps out the hosts on a network and any information it can discover about them by sending network packets to hosts and checking their responses to identify things like which Operating Systems are running, which ports are open, etc. NMAP is a great tool for checking network readability, profiling your network to see what ports are really open, and also performing some level of basic scanning.

DCF-20 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-452 (PCI)

Network Scanning

Nikto

Nikto is a well-known tool for performing web application vulnerability scans. Nikto performs this by scanning web servers and has support for over 1200 different web server versions. Nikto is a good tool for finding potential misconfigurations and also runs with as little “noise” as possible to not disrupt web server activities. It can additionally be extended with plugins which can automatically perform patching for some outdated versions of web servers.

DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR),

DCF-324 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI)

Web Application Vulnerability Scanning

OpenVAS/Greenbone Vulnerability Scanner

OpenVAS, or the Greenbone Vulnerability Scanner, is an open source vulnerability scanner that was actually created from a fork of the Nessus/Tenable Vulnerability Scanner. By using OpenVAS, you are using the same original base code as Nessus. It is a fantastic vulnerability scanner that can perform both internal and external scans as well as authenticated or unauthenticated scans. OpenVAS is also known for specifically providing excellent documentation for the vulnerabilities it identifies. One thing to note though, is that since OpenVAS is completely free, it does require a large amount of configuration to get running, however, once it has been configured, it is an incredibly useful tool and viable alternative to paid vulnerability scanners.

DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR),

DCF-324 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI)

Vulnerability Scanning

OWASP ZAP

OWASP’s ZAP tool is a web application proxy/scanner. As the name suggests, it is maintained by the OWASP organization who are noted for their “Top 10” vulnerability lists which are common vulnerabilities that every web application should be checked for. But ZAP is a great web application scanner that can also be used as a penetration testing tool. ZAP can produce reports detailing which vulnerabilities were identified within a web application. Overall it is an easy to use tool which can produce actionable reports to assist in maintaining the security of your web application.

DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR),

DCF-324 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI)

Web application Vulnerability Scanning

Avast

Avast is a free antivirus tool which supports both Windows and MacOS. Avast is one of the world’s most popular antivirus products, and while it does have paid versions which support additional features, Avast’s free offering is still a great tool to install on workstations to protect them from viruses/malware.

DCF-50 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-291 (PCI), DCF-293 (PCI), DCF-294 (PCI), DCF-295 (PCI), DCF-296 (PCI)

Antivirus/Antimalware

BitDefender

BitDefender is another great, free antivirus tool, however, BitDefender’s free edition only supports Windows workstations. BitDefender also has paid editions, however, the free version is a great piece of software for Windows only environments.

DCF-50 (SOC 2, ISO 27001, HIPAA, PCI), DCF-291 (PCI), DCF-293 (PCI), DCF-294 (PCI), DCF-295 (PCI), DCF-296 (PCI)

Antivirus/Antimalware

ClamAV

ClamAV is a completely free antivirus tool. It supports Linux, MacOS, and Windows. While it might not have as many features as some other offerings, it is a viable antivirus tool, especially if you want to stay on one antivirus tool across any workstation in an environment that runs Windows, MacOS, and Linux distros.

DCF-50 (SOC 2, ISO 27001, HIPAA, PCI),

DCF-291 (PCI), DCF-293 (PCI), DCF-294 (PCI), DCF-295 (PCI), DCF-296 (PCI)

Antivirus/Antimalware

BitWarden

BitWarden is a completely free and open source password manager that supports Linux, MacOS, and Windows Operating Systems. BitWarden is an excellent choice for password management rather than creating and memorizing passwords for each account at your organization. BitWarden does have additional, paid versions, but the free/personal edition is perfectly fine to use.

DCF-49 (SOC 2, ISO 27001, HIPAA)

Password Manager

Code Scanning

Code scanning is a difficult category of tool to recommend because tools are generally language or tech stack specific. With that in mind though, there is this list from OWASP: https://owasp.org/www-community/Source_Code_Analysis_Tools

Which lists both free and paid code scanning tools. If your organization needs a code scanning tool, our recommendation is to examine this list for tools that match your tech stack.

DCF-155 (SOC 2, ISO 27001)

Code scanning

Did this answer your question?