CISA Publishes Factsheet to Help Businesses Securely Transition to Cloud Environments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a new resource that healthcare organizations can use to guide them through the transition from on-premises to cloud and hybrid environments. The fact sheet provides information on the digital tools that can be used to ensure that critical assets are secured and sensitive data is safeguarded. The fact sheet – Free Tools for Cloud Environments – lists open source tools and methods for identifying, detecting, and mitigating threats, vulnerabilities, and anomalies in both cloud and hybrid environments.
Healthcare organizations are actively targeted by cyber threat actors and attacks on cloud-based resources and services are increasing. Cyber threat actors take advantage of organizations that do not possess the proper resources for defending against cyber threats. Successful attacks on poorly defended cloud resources allow threat actors to steal sensitive data and conduct encryption and extortion attacks.
Cloud service platforms and cloud service providers (CSPs) offer a range of security features to help customers protect their assets when operating in cloud environments. These features should be combined with third-party tools, which can help to strengthen security and plug any security gaps, especially for hybrid cloud environments where the responsibility for securing assets is shared by organizations and their CSPs.
CISA recommends creating a design phase that incorporates secure-by-design concepts and strategies and identifies the required security solutions that meet the organization’s needs. There are several free-to-use security solutions and open source tools that can help network defenders identify and detect threats, assess security posture, and map threat actor behavior to the MITRE ATT&CK framework. The factsheet details several PowerShell tools that network defenders and incident responders can use, including Memory Forensic on Cloud from the JPCERT Cybersecurity Center, CSET’s Cybersecurity Evaluation Tool, and CISA’s SCuBAGear, Decider, and Untitled Goose Tool.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
These tools can be used to evaluate cybersecurity posture, compare configurations against M365 baseline recommendations, detect malicious activity in Microsoft cloud environments, generate MITRE ATT&CK mapping reports, and build memory forensic environments on AWS. While these tools are not all-encompassing nor endorsed by CISA, they can help healthcare organizations significantly improve their security posture as they transition to the cloud.
