With the increasing number of data breaches each year, it is crucial for every organization to ensure that they have all necessary security controls in place to keep their data secure.
Although many organizations have a variety of tools and best practices to secure infrastructure against interruptions, many do not know what they should focus on first and are not sure which security measures will have the most significant impact.
In this context, the SANS Institute, together with the Center for Internet Security (CIS), and in collaboration with other organizations, developed the 20 Critical Security Controls (CSC) to help all organizations by providing them a starting point and guidance to protect their organizations from security breaches.
But do you know what CIS is and what the CIS 20 Critical Security Controls are?
CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. CIS Controls and CIS Benchmarks are the worldwide standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities.
The Center for Internet Security (CIS) was formed in October 2000. Its mission is to “Identify, develop, validate, promote, and sustain best practice solutions for cyber defense and build and lead communities to enable an environment of trust in cyberspace.”
The complete list of CIS Critical Security Controls, version 6.1 is a set of 20 controls designed to help organizations and protect their systems and data from cyber-attacks. It can also be a practical and comprehensive guide for organizations that do not have an internal built-in security program.
Below is the list of CIS 20 Critical Security Controls and how Cautela Labs services can help to meet each Security Control:
- Inventory of Authorized and Unauthorized Devices
Organizations must actively manage all the hardware devices on the network so that only authorized devices are given access, and unauthorized devices can be quickly identified and disconnected before they inflict any harm.
Cautela Labs expert security team helps to implement network security best practices to reduce threats to critical business assets, and continuously monitor network and protect devices from attacks.
- Inventory of Authorized and Unauthorized Software
Organizations must actively manage all software on the network, so only authorized software is installed. Security measures like application whitelisting can enable organizations to find unauthorized software before it has been installed quickly.
Attackers look for vulnerable versions of software that can be remotely exploited. Cautela Labs offers a managed vulnerability assessment service that entails scanning all web applications and other network-resident software to detect threats, assess their risk and devise a remediation plan to mitigate them quickly.
- Secure Configurations for Hardware and Software
Companies need to establish, implement and manage the security configuration of laptops, servers, and workstations. Companies must follow strict configuration management and enforce change control processes to prevent attackers from exploiting vulnerable services and settings.
Cautela Labs provides the default configuration of operating systems and applications for ease of deployment and use a thorough test of applications to uncover vulnerabilities. Cautela Labs application security services identify security gaps and provide recommendations to remediate risks.
- Continuous Vulnerability Assessment and Remediation
Organizations need to continuously acquire, assess, and act on new information (example, software updates, patches, security advisories, and threat bulletins) to identify and remediate vulnerabilities and to minimize the window of opportunity for attackers.
Cautela Labs offers a managed vulnerability assessment service that entails scanning services which help to scan all web applications, databases, networks, operating systems, and other network-resident software to detect threats, assess their risk, and create a remediation plan to mitigate them quickly.
- Controlled Use of Administrative Privileges
This control requires companies to use automated tools to monitor user behavior and keep track of how administrative privileges are assigned and used to prevent unauthorized access to critical systems and information.
Cautela Labs provides full change management solution including audit log detailing for all changes in privileges and keep track of how administrative rights are assigned and used to prevent unauthorized access to critical systems.
- Maintenance, Monitoring, and Analysis of Audit Logs
Organizations need to collect, manage, and analyze event logs to detect aberrant activities and investigate security incidents.
Cautela Labs expert security team performs Log Management to improve security. It helps to provide real–time correlation and analysis of security and network events to enable an enhanced security response.
- Email and Web Browser Protections
Organizations need to ensure that only supported web browsers and email systems are used in the organization to minimize attack surface.
Cautela Labs Web Application Firewall (WAF) Management service provides real-time monitoring of all inbound and outbound application traffic, including encrypted traffic threats are screened and inspected resulting in blocking of inappropriate or malicious application traffic.
- Malware Defenses
Organizations need to make sure they control the installation and execution of malicious code at multiple points in the enterprise. This control recommends using automated tools to monitor workstations continuously, servers and mobile devices with anti-virus, anti-spyware, personal firewalls, and host-based IPS functionality.
Modern malware can be fast-moving and fast-changing, and it can enter through any number of points. Therefore, Cautela Labs team helps to provide real-time security event responses to known and emerging threats.
- Limitation and Control of Network Ports, Protocols, and Services
Organizations must track and manage the use of ports, protocols, and services on network devices to minimize the windows of vulnerability available to attackers.
Cautela Labs Scanning and Assessment services identify the available ports, protocols and services, and deliver finding reports that detail specific findings and provide information needed to begin remediation.
- Data Recovery Capability
Companies need to ensure that critical systems and data are properly backed up on at least a weekly basis. They also need to have a proven methodology for timely data recovery.
Attackers often make changes to data, configurations, and software. Cautela Labs team ensures that critical systems and data are appropriately backed up at regular intervals.
- Secure Configurations for Network Devices
Organizations must establish, implement, and actively manage the security configuration of network infrastructure devices, such as routers, firewalls, and switches.
Cautela Labs team performs network security evaluation and assessment during security audit to identify and help manage the configuration of devices.
- Boundary Defense
Organizations need to detect and correct the flow of information between networks of different trust levels, with a focus on data that could damage security. The best defense is technologies that provide deep visibility and control over data flow across the environment, such as intrusion detection and intrusion prevention systems.
Cautela Labs provides services such as Log Management, Web Application Firewall which help to manage and detect the flow of data between networks to ensure data security.
- Data Protection
Organizations must use appropriate processes and tools to mitigate the risk of data exfiltration and ensure the integrity of sensitive information. Data protection is best achieved through the combination of encryption, integrity protection, and data loss prevention techniques.
Cautela Labs teams perform network security evaluation and assessment during a security audit which helps in confidential data handling and encryption.
- Controlled Access Based on the Need to Know
Organizations need to be able to track, control, and secure access to their critical assets and quickly determine which people, computers or applications have a right to access these assets.
Cautela Labs helps to identify and separate most critical assets from less sensitive data, to make sure only required users have access to sensitive data, and all other users have restricted access to sensitive data.
- Wireless Access Control
Organizations need to have processes and tools in place to track and control the use of wireless local area networks (LANs), access points and wireless client systems. They need to conduct network vulnerability scanning tools and ensure that all wireless devices connected to the network match an authorized configuration and security profile.
Cautela Labs vulnerability assessment and Log Management services help to track, control, prevent, and correct the security use of wireless local area networks (LANs), access points, and the wireless client.
- Account Monitoring and Control
It is critical for organizations to actively manage the lifecycle of user accounts (creation, use, and deletion) to minimize opportunities for attackers to leverage them. All system accounts need to be regularly reviewed, and accounts of former contractors and employees should be disabled as soon as the person leaves the company.
Attackers frequently exploit inactive user accounts to gain legitimate access to an organization’s systems and data, which makes detection of the attack more difficult. Cautela Labs Log Management service provides real-time correlation and analysis of any changes in user accounts.
- Security Skills Assessment and Appropriate Training to Fill Gaps
Organizations should identify the specific knowledge and skills they need to strengthen security. This requires developing and executing a plan to identify gaps and fix them through policy, planning, and training programs.
Cautela Labs expert security team can help the organization identify the specific knowledge, skills, and abilities needed to support the defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy and training.
- Application Software Security
Organizations must manage the security lifecycle of all software they use to detect and correct security weaknesses. They must regularly check that they use only the most current versions of each application and that all relevant patches are installed promptly.
- Incident Response and Management
Organizations need to develop and implement proper incident response, which includes plans, defined roles, training, management oversight, and other measures that will help them discover attacks and contain damage more effectively.
- Penetration Tests and Red Team Exercises
The final control requires organizations to assess the overall strength of their defenses (the technology, the processes, and the people) by conducting regular external and internal penetration tests. This will enable them to identify vulnerabilities and attack vectors that can be used to exploit systems.
Cautela Labs team helps to perform penetration testing which includes network penetration testing and application security testing, as well as controls and processes around the networks and applications. And it occurs from both sides of the network, from outside the network and from inside the network. At the conclusion of testing, Cautela Labs delivers finding reports that detail specific findings and provide the information needed to begin remediation.
Getting value from the CIS Critical Security Controls does not necessarily mean implementing all 20 controls at once. The implementation of security controls requires a complete strategy, time, resources, and money. Only a few organizations have the budget, human resources, and time needed to implement the entire set of controls at the same timeCautela Labs solutions and services are intended to help all organizations meet all CIS 20 Security Control points and reduce the burden on the organization’s existing security team.