• United States




10 (more) free security tools worth a look

Jun 24, 20205 mins

Security pros have a lot to juggle, but look in the right places and you can find invaluable assistance for free.

Tools + binary code
Credit: Isarapic / Yudhistirama / Getty Images

Maintaining security is a never-ending business. There’s so much to worry about, from misconfigured software to phishing attacks to a rapidly expanding inventory of devices with their own vulnerabilities and update requirements. We could all use a little help to stay on top of things, as we strive to assess where issues lie, protect data effectively, and test the defenses we have put in place to see how robust they really are.

Fortunately, better security doesn’t have to break the bank. There are many excellent free security tools available that can help you take those first practical steps towards some peace of mind.

Adding to CSO’s roundup of the 24 best free security tools, here are 10 more worth your consideration. Try some out and find what works best for you.

  1. AT&T Alien Labs Open Threat Exchange (OTX)
  2. Sophos XG Firewall Home Edition
  3. Imperva Scuba Database Vulnerability Scanner
  4. LogRhythm NetMon Freemium
  5. KnowBe4 Phish-prone
  6. Qualys Cloud Platform Community Edition
  7. Sophos Intercept X for Mobile
  8. KnowBe4 RanSim
  9. Have I Been Pwned?
  10. Kali Linux

AT&T Alien Labs Open Threat Exchange (OTX)

Powered by a global community of more than 100,000 security professionals, OTX is all about identifying cyberattacks and threats as they emerge. Information is presented that summarizes each threat and informs on how to figure out whether it’s relevant to your organization. This goes beyond which environments are at risk and what is being targeted to look at where attacks originate and the motives behind them. Collaboration through the OTX community can help you validate threats and find strategies for remediation.

Sophos XG Firewall Home Edition

With so many people forced to work from home because of COVID, the advantages of having a dedicated firewall as a first line of defense should be considered a basic need. The Sophos XG firewall provides anti-malware protection, web security and URL filtering, traffic shaping, and VPN support among other things. Free and recommended mostly for home users, it requires a spare PC to be installed on.

The Sophos XG firewall could prove valuable for managing internet bandwidth when working from home. It allows users to prioritize traffic and run multiple ISP connections for greater resiliency. And family traffic can be monitored, time limits set, and web browsing filtered. The VPN feature lets you connect securely to your home computer. Throw scanning into the mix for virus protection and you have a smart firewall for serving home office needs.

Imperva Scuba Database Vulnerability Scanner

To combat vulnerabilities and configuration problems, you first have to uncover them. This simple, free scanning tool enables you to scan enterprise databases to identify any potential issues. Not only does Scuba find potential problems, it also offers recommendations on how you can mitigate any issues that were flagged.

LogRhythm NetMon Freemium

The LogRhythm NetMon Freemium offers real-time network-based threat detection and incident response. You can use it for many things, from identifying data exfiltration hidden in normal traffic to exposing bandwidth hogs to detecting botnets. It’s capable of flagging abnormal traffic patterns and application usage. It can also analyze full packet captures.

KnowBe4 Phish-prone

You’ve been running regular security awareness training, but has it worked? Find out how resistant your staff is to phishing attacks with this phishing attack test. You can sign up and test up to 100 users, customize the attack, and see at a glance how your organization measures up compared to your peers via clear industry benchmarks.

Qualys Cloud Platform Community Edition

Gaining a clear picture of all of your assets, whether physical devices or cloud-based web apps and containers, is a vital first step in assessing your security. Qualys Community Edition works like a map for scanning your IT infrastructure, including web applications, for the latest known vulnerabilities. Results are presented in a customizable dashboard that you can use to generate reports.

Sophos Intercept X for Mobile

Everyone uses their smartphone for work nowadays. This useful app for Android or iOS is designed to continuously monitor phones to rapidly detect potential malware issues and alert IT administrators, so they can fix or revoke access to corporate resources before a breach occurs. Intercept X for Mobile can identify man-in-the-middle attacks, detect jailbreaking or rooting, and flag required updates.

KnowBe4 RanSim

Do you have effective protection in place to safeguard your organization against ransomware or cryptomining attacks? You may think you do, but you don’t really know until your defenses are put to the test. Rather than wait until an actual attack happens, you can use this free tool to run harmless simulations of real ransomware attacks and find out how your network copes and where the weak spots are.

Have I Been Pwned?

Millions of accounts are compromised every year through password hacks. Cybercriminals may sell or post hacked accounts online and this can wreak havoc, enabling scammers to steal identities and run more sophisticated phishing scams that allow them to dig deeper into your organization. Plug an email address into this free tool and find out instantly if any accounts associated with that email have been compromised in a data breach.

Kali Linux

A great place for cybersecurity professionals to start is with this free operating system that comes fully equipped with a wide range of cybersecurity tools. It serves well as a platform for security work, whether you want a comprehensive exploit database or you’re looking to engage in some penetration testing. All of the apps are open source and there are lots of training materials alongside the project to help get you up to speed.


Michelle Drolet is a seasoned security expert with 26 years of experience providing organizations with IT security technology services. Prior to founding Towerwall (formerly Conqwest) in 1993, she founded CDG Technologies, growing the IT consulting business from two to 17 employees in its first year. She then sold it to a public company and remained on board. Discouraged by the direction the parent company was taking, she decided to buy back her company. She re-launched the Framingham-based company as Towerwall. Her clients include Biogen Idec, Middlesex Savings Bank, PerkinElmer, Raytheon, Smith & Wesson, Covenant Healthcare and many mid-size organizations.

A community activist, she has received citations from State Senators Karen Spilka and David Magnani for her community service. Twice she has received a Cyber Citizenship award for community support and participation. She's also involved with the School-to-Career program, an intern and externship program, the Women’s Independent Network, Young Women and Minorities in Science and Technology, and Athena, a girl’s mentorship program.

Michelle is the founder of the Information Security Summit at Mass Bay Community College. Her numerous articles have appeared in Network World, Cloud Computing, Worcester Business Journal, SC Magazine, InfoSecurity,, Web Security Journal and others.

The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author