The following list is intended to cover some free cybersecurity tools which can help to reduce costs to your organization, or at the very least, help you evaluate other potential solutions. These tools may be used to fulfill controls outlined by various frameworks and also may help to fulfill questions you receive from prospects and customers. These tools can be used in various ways, so it is imperative that tools are configured correctly in order to ensure that compliance requirements are appropriately met.
Tool | Description | Drata Control | Tags |
Kali Linux | Kali Linux is a free Linux Distro that is designed for penetration testers and other security personnel. It comes loaded with a number of other free tools, some of which are on this list, some of which are not, all designed to really evaluate the security of a network or device in some form. If you are performing security work such as vulnerability scanning in-house, installing Kali Linux on an extra laptop or a VM is a great idea. | DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR), DCF-20 (SOC 2, ISO 27001, HIPAA, PCI), DCF-324 (PCI), DCF-448 (PCI), DCF-449 (PCI), DCF-450 (PCI), DCF-452 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI) | Operating System, Vulnerability Scanning, Security Assessment |
Security Onion | Security Onion is another Linux Distribution designed for security, but from a different perspective. Security Onion is really meant for enterprise level security monitoring, threat hunting, and log management. It comes pre-loaded with tools for monitoring and alerting on log events and it integrates with other tools that might not be included very easily. In addition to running Security Onion as a server, it automatically comes with images to be run on AWS or Azure. | DCF-79 (SOC 2, ISO 27001, HIPAA), DCF-80 (SOC 2, ISO 27001, HIPAA), DCF-442 (PCI) | Operating System, Log Management |
Aircrack-ng | Aircrack-ng is a suite of tools which are great for Wifi security assessments and identifying wireless devices. It is really a penetration testing tool to test the security of Wifi networks, but thanks to its detector functionality, it can also be useful in identifying rogue wireless devices or networks. This is important for frameworks like PCI DSS which require network scanning to detect rogue wireless devices. | DCF-448 (PCI), DCF-449 (PCI), DCF-450 (PCI) | Wifi, Network Security |
Snort | Snort is a Network Intrusion Detection System (NIDS) which can also act as a Network Intrusion Prevention System (NIPS). While the syntax of Snort rules can be a bit confusing initially, the power and configurability of Snort actually makes it more powerful than some commercial tools. | DCF-91 (SOC 2, ISO 27001, HIPAA, PCI), DCF-477 (PCI) | Intrusion Detection System, Intrusion Prevention System |
Zeek | Zeek is a tool which is actually designed as a “Network Security Monitor” and provides real-time visibility into network traffic. However, it can also be configured to run as a Network Intrusion Detection System. Zeek is a fantastic tool for users who want to gain more insight into what’s happening on their network. | DCF-91 (SOC 2, ISO 27001, HIPAA, PCI), DCF-477 (PCI) | Intrusion Detection System, Network Monitoring |
Suricata | Suricata is another Network Intrusion Detection and Intrusion Prevention System. Suricata has some benefits over Snort, such as support for multi-threading. In addition to those types of features, it is rule-based, like Snort, and offers compatibility with Snort rules. This lets you leverage the strength of both communities and any rules the Snort or Suricata communities have developed which you might be able to use. | DCF-91 (SOC 2, ISO 27001, HIPAA, PCI), DCF-477 (PCI) | Intrusion Detection System, Intrusion Prevention System |
OSSEC | OSSEC is a slightly different tool than the ones listed above. It is a Host-based Intrusion Detection System. This means that it can only perform monitoring on a single device, but it is an excellent tool for your more critical devices. | DCF-91 (SOC 2, ISO 27001, HIPAA, PCI), DCF-477 (PCI) | Host-based Intrusion Detection System |
NMAP | NMAP is an incredibly well-known tool which is used to scan networks. It maps out the hosts on a network and any information it can discover about them by sending network packets to hosts and checking their responses to identify things like which Operating Systems are running, which ports are open, etc. NMAP is a great tool for checking network readability, profiling your network to see what ports are really open, and also performing some level of basic scanning. | DCF-20 (SOC 2, ISO 27001, HIPAA, PCI), DCF-452 (PCI) | Network Scanning |
Nikto | Nikto is a well-known tool for performing web application vulnerability scans. Nikto performs this by scanning web servers and has support for over 1200 different web server versions. Nikto is a good tool for finding potential misconfigurations and also runs with as little “noise” as possible to not disrupt web server activities. It can additionally be extended with plugins which can automatically perform patching for some outdated versions of web servers. | DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR), DCF-324 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI) | Web Application Vulnerability Scanning |
OpenVAS/Greenbone Vulnerability Scanner | OpenVAS, or the Greenbone Vulnerability Scanner, is an open source vulnerability scanner that was actually created from a fork of the Nessus/Tenable Vulnerability Scanner. By using OpenVAS, you are using the same original base code as Nessus. It is a fantastic vulnerability scanner that can perform both internal and external scans as well as authenticated or unauthenticated scans. OpenVAS is also known for specifically providing excellent documentation for the vulnerabilities it identifies. One thing to note though, is that since OpenVAS is completely free, it does require a large amount of configuration to get running, however, once it has been configured, it is an incredibly useful tool and viable alternative to paid vulnerability scanners. | DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR), DCF-324 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI) | Vulnerability Scanning |
OWASP ZAP | OWASP’s ZAP tool is a web application proxy/scanner. As the name suggests, it is maintained by the OWASP organization who are noted for their “Top 10” vulnerability lists which are common vulnerabilities that every web application should be checked for. But ZAP is a great web application scanner that can also be used as a penetration testing tool. ZAP can produce reports detailing which vulnerabilities were identified within a web application. Overall it is an easy to use tool which can produce actionable reports to assist in maintaining the security of your web application. | DCF-18 (SOC 2, ISO 27001, HIPAA, GDPR), DCF-324 (PCI), DCF-455 (PCI), DCF-456 (PCI), DCF-461 (PCI), DCF-462 (PCI) | Web application Vulnerability Scanning |
Avast | Avast is a free antivirus tool which supports both Windows and MacOS. Avast is one of the world’s most popular antivirus products, and while it does have paid versions which support additional features, Avast’s free offering is still a great tool to install on workstations to protect them from viruses/malware. | DCF-50 (SOC 2, ISO 27001, HIPAA, PCI), DCF-291 (PCI), DCF-293 (PCI), DCF-294 (PCI), DCF-295 (PCI), DCF-296 (PCI) | Antivirus/Antimalware |
BitDefender | BitDefender is another great, free antivirus tool, however, BitDefender’s free edition only supports Windows workstations. BitDefender also has paid editions, however, the free version is a great piece of software for Windows only environments. | DCF-50 (SOC 2, ISO 27001, HIPAA, PCI), DCF-291 (PCI), DCF-293 (PCI), DCF-294 (PCI), DCF-295 (PCI), DCF-296 (PCI) | Antivirus/Antimalware |
ClamAV | ClamAV is a completely free antivirus tool. It supports Linux, MacOS, and Windows. While it might not have as many features as some other offerings, it is a viable antivirus tool, especially if you want to stay on one antivirus tool across any workstation in an environment that runs Windows, MacOS, and Linux distros. | DCF-50 (SOC 2, ISO 27001, HIPAA, PCI), DCF-291 (PCI), DCF-293 (PCI), DCF-294 (PCI), DCF-295 (PCI), DCF-296 (PCI) | Antivirus/Antimalware |
BitWarden | BitWarden is a completely free and open source password manager that supports Linux, MacOS, and Windows Operating Systems. BitWarden is an excellent choice for password management rather than creating and memorizing passwords for each account at your organization. BitWarden does have additional, paid versions, but the free/personal edition is perfectly fine to use. | DCF-49 (SOC 2, ISO 27001, HIPAA) | Password Manager |
Code Scanning | Code scanning is a difficult category of tool to recommend because tools are generally language or tech stack specific. With that in mind though, there is this list from OWASP: https://owasp.org/www-community/Source_Code_Analysis_Tools
Which lists both free and paid code scanning tools. If your organization needs a code scanning tool, our recommendation is to examine this list for tools that match your tech stack. | DCF-155 (SOC 2, ISO 27001) | Code scanning |