We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride.
CISA is a non-regulatory government agency dedicated to protecting U.S. and global infrastructure and organizations against malicious hackers and their malware (and other types of threats).
Led by the very knowledgeable and ever-eclectic Director, Jen Easterly, CISA has become a leading authority in showing the way to better cyber resiliency. Its major initiatives include: fighting ransomware, Secure By Design coding, vulnerability bulletins, threat warnings, infrastructure security, K-12 education, and encouraging multi-factor authentication (MFA) use.
One of CISA’s most beloved services is the Known Exploited Vulnerability Catalog where CISA lists all software and firmware vulnerabilities used by real-world malicious actors to attack real-world targets. You can subscribe to get instant notices about what attackers are using to successfully compromise organizations and defend accordingly.
CISA is easily the most impactful and useful cybersecurity agency in the U.S., and it has close partnerships with other similar organizations around the world. If you have not yet checked out CISA and how they can help your organization, you should.
CISA Free Tools
As part of CISA’s service, they highlight free tools and services from other vendors. KnowBe4 is pleased to announce that two of our most popular tools are listed on CISA’s resources and tools website. The tools are:
Domain Doppelgänger
Domain Doppelgänger allows any organization to look for potential malicious “evil twin” domains that hackers use for impersonation attacks. Many organizations are not even aware of what unauthorized domains may be out there pretending to be their legitimate organization to potential victims. Below is an example of the results from Domain Doppelgänger for knowbe4.com:
Domain Doppelgänger can be used to reveal potential impersonated domains, which organizations can then use to get them taken down and removed.
The Weak Password Test is a free tool to help IT administrators know which users have passwords that are easily guessed or susceptible to brute force attacks, allowing them to take action toward protecting their organization.
Weak Password Test checks the Microsoft Active Directory (AD) for several types of weak password-related threats and generates a report of users with weak passwords. Among checks, Weak Password Test searches for:
- Weak Passwords
- Shared Passwords
- Empty Passwords
- Clear Text Passwords
- Passwords Not Required
- Passwords That Never Expire
- Passwords with LANManager (LM) hashes
- Passwords Using Weak Encryption
- Passwords Missing Kerberos Pre-Authentication
For privacy, all analysis and review are conducted in the user’s environment. No data leaves the user’s environment. The data pulled from AD is encrypted during the test and all information obtained during the test is saved in local memory, not to disk. Weak Password Test does not display the passwords of any user accounts.
Here is an example result from our Weak Password Test:
KnowBe4 has over a dozen popular free tools and services, which you can check out here.
We are proud to have some of KnowBe4’s most popular tools listed on CISA’s website. We encourage all organizations to check out and use CISA’s amazing resources and to follow CISA’s guidance. Any organization doing so will be far better protected against cybersecurity threats. Do not miss using one of the best resources available to cyber defenders.