The CIS Top 20 Critical Security Controls Solutions have been developed to help address and secure every potential risk in an organization’s IT environment. If you’re worried you may have overlooked a key aspect of your cybersecurity, then double-check it against these 20 controls solutions.
When it comes to protecting against the ongoing, evolving cybersecurity threats in play today, managing cybersecurity is, understandably, a tall order.
In order for you to effectively fill the role of an IT company, you would need…
To start, managing your cybersecurity means you need to take a holistic approach, incorporating and considering every aspect of a truly secure environment.
How can you go about that?
With the right technology (such as SIEM) and the right best practices (such as the CIS Top 20 Critical Security Controls Solutions) …
Security information and event management (SIEM) technology provide a secure cloud service that provides 24/7 security and operation monitoring to oversee a given business’ security needs.
A SIEM solution offers a monitoring service, with adaptive threat protection that identifies active cyber attacks and takes action in real-time to protect your business.
By integrating intelligence from global threat monitoring feeds, this solution responds to network-based zero-day exploit attempts, drive-by downloads, and advanced malware that routinely bypass conventional firewall and antivirus technologies.
Further features of most SIEM products include:
Sounds good, right?
However, as discussed above, there is a key issue with SIEM implementation – it’s not enough on its own. You need to combine it with the right best practices…
Developed by leading cybersecurity experts, the CIS Top 20 Critical Security Controls Solutions
are a set of best practices designed to help organizations protect themselves against the
current range of cybercrime threats.
The 20 Controls are as follows:
1. Inventory And Control Of Hardware Assets
A key aspect of cybersecurity is knowing what hardware is connected to your network, and what shouldn’t be. If you maintain an accurate inventory of authorized and unauthorized devices on your network, you’re better prepared to identify when something connects that shouldn’t have.
2. Inventory Of Critical Software Assets
This goes hand in hand with control #1. Just as you need to know what type of hardware is connected to your network, you also need to know what software is in use, what permissions it has, and if they come with any identified vulnerabilities.
3. Continuous Vulnerability Management
The key to this control is understanding that cybersecurity is never at rest. There is no technology, no training program for staff members, and no set of static best practices that will protect you from now until the end of time.
Day by day, cybercriminals are working to update their methodology, identify new vulnerabilities in the technology you use and the way you use it. That’s why it’s vital for you to stay up to date on how cybercrime tactics are changing and what you can do to stay secure.
4. Controlled Use of Administrative Privilege
The fact is that misuse of privilege is often one of the most common ways for cybercriminals to penetrate a network. Either by tricking a user with administrative privileges to download and run malware, or by elevating privileges on a compromised non-admin account, hackers regularly make use of this highly common unsafe business practice.
5. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
You know you shouldn’t trust default security settings, right? Just because a program is generally considered to follow standard security practices, that doesn’t mean that it’s as secure as it should be “out of the box”.
Why aren’t default hardware and software security configurations enough?
Because greater security often means less convenience – albeit, in small ways. Regardless, when it comes to most products, the priority is usually to enhance the user experience, rather than to configure the best security settings possible.
Here’s an example – when it comes to Wi-Fi connectivity settings, would you prioritize security or convenience? On one hand, it’s much more convenient to users if the device in question is configured to automatically connect to open and available Wi-Fi hot spots. But as you should know, that’s not a very secure practice.
It’s examples like these that show why it’s your responsibility to double-check default configurations and make the necessary changes if you actually want to maintain a higher level of security.
6. Maintenance, Monitoring, and Analysis of Audit Logs
One of the most importance aspect of cybersecurity management is the careful use of the logging system, which will allow you to record nearly any type of event that occurs so you can keep a detailed account of how your systems are performing, as well as manipulate the logs to retrieve the information that you require for a given task.
Ensuring you can sort and read the logs collected by your system will allow you to gain actionable and understandable intel about any and all security events that occur. Ideally, your SIEM solution will collect logs from the following parts of your network and infrastructure:
7. Email And Web Browser Protections
Email is perhaps the most ubiquitous technology used in the business world today – possibly even more so than the phone. It’s instantaneous, can deliver important files, and doesn’t require the immediate attention that a phone call does.
However, just as it is popular with consumers around the world, it is just as popular a method for hackers trying to do damage to unsuspecting businesses.
Similarly, your staff uses a web browser to access online applications, perform Google searched, and a range of other tasks every day. It needs a similar level of security as well.
8. Malware Defenses
Malware remains among the top cyber threats that businesses face today. As malware types like ransomware continue to become more prevalent, it’s more important than ever for businesses of all sizes to be aware of what threats are out there, and which specific threats they need to be the most concerned about.
Each of these cybercriminal tactics has the potential to do immense damage to your internal processes and your company’s reputation. The job of these types of software is to spot, block, and isolate intrusive, malicious applications so they can’t do damage to your data and legitimate software.
9. Limitation and Control of Ports, Protocols, and Services
It’s critical that you effectively manage all the ports, protocols and services on devices that are connected to your network. If you don’t, each and every one of them could be a viable means of access for cybercriminals.
If you have detailed, real-time data on what is running on your network, and are careful to close off any unnecessary means of communication, you can drastically reduce your risk of penetration.
10. Data Recovery Capabilities
Data loss is often the result of poor digital security; without the right defenses, cybercriminals can easily infect an IT system with ransomware or other types of malware and compromise company data.
You may have heard that the right antimalware solution will minimize the chance of data loss, but what about human error?
The fact is that data loss due to user-based exploits and human error — whether it’s an overwritten file or an accidentally deleted folder –and more frequent and often just as dangerous as most other forms of cybercrime, and no matter how effective your antimalware solution is, it won’t protect you from yourself.
11. Secure Configurations for Network Devices
This control covers devices such as firewalls, routers, and switches. As key aspects of your network (and the defense of your network), these devices need to be configured properly to make sure optimal security.
As explored above, the default configurations of such devices may not be sufficient. It’s up to you to make sure they are made secure.
12. Boundary Defense
This control is built on a foundation of network segmentation and control of the flow of data within your organization. Using firewalls and proxies, you can cut off unnecessary connections between different parts of your network that, if left open, provide easy access from one to another for cybercriminals.
13. Data Protection
Data protection begins and ends with the consideration of managerial controls. That is, what type of data you have, how it is classified or categorized, and what can or cannot be done with said data – by anyone in the organization, including its leaders.
This is why you need a data inventory, which will help with understanding the nature of your environment and the systems therein, as well as how to define effective data retention policies.
14. Controlled Access Based On The Need to Know
Again, this control examines how different parts of your infrastructure are accessible by one another. The fact is that cybercriminals often gain access to sensitive data by first breaking into a much less critical part of the network. If those two parts were properly segmented via a DMZ, firewall, etc., they wouldn’t be able to.
15. Wireless Access Control
Wi-Fi is a necessary part of doing business. Your staff cannot go without it, so it becomes your responsibility to make sure it’s secured, simple as that.
16. Account Monitoring and Control
This is one of the more basic controls on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work.
You need to have a carefully implemented process to track the lifecycle of accounts on your network.
17. Implement A Security Awareness and Training Program
Organizations are often at risk based on the weakest links in their cybersecurity – poorly trained employees. That’s why continuous training with a variety of different methodologies is necessary in order to have employees be knowledgeable and aware.
Security awareness training helps users to recognize and avoid being victimized by phishing emails and scam websites. They learn how to handle security incidents when they occur. If users are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
18. Application Software Security
Depending on how many different programs you use for your operations, and how specialized they are, they could pose a risk to your systems based on unidentified vulnerabilities or lack of support. As with so many other controls on this list, this is all about making sure that you have a clear, high-level view of what is in use, and the state it is in.
19. Incident Response and Management
An Incident Response Plan provides the plans, procedures, and guidelines for the handling of data breach events at our office(s), or via any of your servers or mobile devices. The plan encompasses procedures on incident response engagement and how the incident response team will communicate with the rest of the organization, with other organizations, with law enforcement and provides guidance on federal and local reporting notifications processes.
This plan is necessary to clarify the roles and responsibilities of your employees so you can quickly mitigate risks, reduce the organization’s attack surface, contain and remediate an attack, and minimize overall potential losses.
There are three main components of an incident response plan: technical, legal, and managerial.
As part of your plan, designate specific, skilled people who are best positioned to cover those functions. Make sure you answer the following questions:
Double-check that your legal, technical, and management experts approve of your incident response plan. And make sure your response team regularly reviews and practices the plan.
20. Penetration Tests And Red Team Exercises
The last control on the list is one of the most important. After all, no matter how carefully you follow the prior 19 controls, you’ll never know how effective they are if you don’t test them.
The penetration test is an authorized attack on your organization’s technology and staff and is one of the best ways to accurately evaluate your security controls. In combination with a red team exercise (in which a full-scope attack simulation is executed to test organizational security), you can double-check each and every aspect of your cybersecurity posture.
Running an effective penetration test and red team exercises all come down to goals. Before undertaking one of the test processes, answer the following questions:
Probably not – that’s why it’s smart to enlist expert support.
After all, every trade has its role in a given industry. Glaziers cut and install the glass, electricians handle the wiring and electrical components, concrete finishers lay the concrete, etc.
You wouldn’t expect one to fulfill the role of another, right?
It just makes sense that when it comes to specialized work, you’d want to hire specialists, trained and certified, to be the ones making use of the tools of their trade. Don’t you think that makes sense for cybersecurity and the implementation these 20 security controls solutions as well?
In a nutshell? Businesses that invest in SIEM may try to handle it on their own – and fail.
As explored above those operating a business likely don’t have the time or knowledge to properly make use of SIEM.
It becomes a wasted investment, and in the end, doesn’t help to enhance security for the business. That’s why SIEM is incomplete without SOC services…
A Security Operations Center (SOC) is a team of people, employing a range of proven processes and using carefully implemented technologies (such as SIEM) which are often centralized, and that – at the very least – gather and analyze user reports and a range of data sources – such as logs — from information systems and cybersecurity controls.
Typically, the main point of a SOC in the business setting is to identify, address and eliminate cybersecurity events that could negatively impact an organization’s information systems or data.
Depending on a number of factors – size, budget, industry, location, etc. — SOCs can vary from organization to organization and are implemented per structural cybersecurity priorities and risk tolerance.
Whereas one business’ SOC will oversee a cybersecurity event from detection to remediation, another may instead focus on supporting and coordinating incident responders and handling incident response communication, which could mean status updates and third-party communication.
The point of outsourced SOC services is that users don’t have to develop and manage as SOC of their own – they can instead get it from an IT company as an outsourced service.
When you don’t have SOC services, you don’t have any of the visibility into your systems, unless you happen to be looking at that server at that same time. For example, you may not be able to notice that your CPU was working much harder than normal, in the event of a cyberattack.
In theory, it’s entirely possible that, if you’ve invested in the right technologies (such as a SIEM solution), and have the right skillset provided by an internal team, you could handle cybersecurity for your business all on your own.
You would oversee your own installations, management, maintenance, and everything else that comes to with operating a secure and robust business IT environment.
But, if we’re being honest, that’s a big if.
For all these reasons, it’s recommended that business owners simply outsource their cybersecurity management tasks to a more capable, more available SOC service and IT company.
Doing so will also guarantee a level of quality and consistency in management and maintenance of your cybersecurity technologies and best practices that likely can’t be achieved by you or someone on your staff trying to manage it all on their own.