What are CIS controls and why are they important?

| By: Kevin Prince

The Center for Internet Security (CIS) critical security controls (initially developed by the SANS Institute and known as SANS Critical Controls) are a list of recommended high-priority and highly effective defensive actions. These actions are the starting point for any business, enterprise, and company looking to improve their cybersecurity, and are viewed as “must-do, do-first” actions. 

A primary benefit of CIS controls is that they prioritize and focus on a smaller number of activities, compared to broader control frameworks, with a high return on investment. The controls have been vetted within an extensive community of government and industry practitioners. These actions are fundamental to organizations, whether they are large or small, and by implementing such sets of controls, organizations can reduce the chances of a significant cyberattack. 

So, how do these actions work, and how is StratoZen reaching out to businesses who may be lacking in such actions? Keep reading to reveal the answers to these crucial questions. 

Types of CIS Controls 

There are 20 critical controls for effective cybersecurity and defense. However, businesses can prevent about 85% of attacks by using just the first five controls; adopting all 20 controls can help prevent up to 97% of cyberattacks. Of course, it’s up to organizations to implement these controls, and while the basics will do, you shouldn’t disregard the other two categories of controls. 

Here is an overview of the different CIS controls and how StratoZen uses each one to aid organizations in achieving proper cybersecurity: 

Basic CIS controls 

1. Inventory and Control of Hardware Assets: Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.

StratoZen’s built-in CMDB maintains a list of discovered devices, including in-depth discovery down to serial numbers, software versions, and interfaces. StratoZen can track and alert on hardware changes as they happen. 

2. Inventory and Control of Software Assets: Actively manage (inventory, track, and correct) all software within the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.

Similarly, our tools maintain a list of software installed on devices, including software versions and installed patches. Alerting is set up to notify and report when software changes occur, with a clear description of what software as its added or deleted. 

3. Continuous Vulnerability Management: Continuously acquire, assess, and take action on new information in order to identify any vulnerabilities, remediate, and minimize the attacker’s window of opportunity.

StratoZen supports Nessus\Tenable, Qualys, Rapid7, and other vulnerability scanners. This data can be ingested into our platform, and vulnerable machines can be added to a watchlist to increase the sensitivity of alerting for that device. 

4. Controlled Use of Administrative Privileges: The tools and processes used to track, control, prevent, and correct the use, assignment, and configuration of any administrative privileges on computers, applications, and networks.

StratoZen provides both alerting and reporting on use and change of administrative privileges, including special rules to detect Administrative usage off-hours. 

5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers: Establish, implement, and actively manage (track, correct, report on) the security configurations on mobile devices, laptops, servers, and workstations by means of a rigorous configuration management and change control process to prevent attackers from exploiting vulnerable settings and services.

StratoZen’s platform can be used to report on hardware and software versioning and patching as a part of ensuring secure configurations. 

6. Maintenance, Monitoring, and Analysis of Audit Logs: Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from attacks.

StratoZen’s Daily Compliance Review is performed once a day by a trained cybersecurity analyst. We review not only any notifications that have happened over the last 24 hours for accuracy and delivery, but we also investigate low and medium alerts for trends and patterns. 

Foundational CIS controls 

7. Email and Web Browser Protections: Minimize the attack surface and any opportunities for attackers to manipulate human behavior through their interaction(s) with web browsers and email systems.

Our platform supports over a dozen common web and mail security gateway products, as well as Unified Threat Management platforms such as FortiGate with UTM. 

8. Malware Defenses: Control the installation, spread, and the execution of malicious code at multiple points in the enterprises, while optimizing the use of automation to enable rapid updating defense, data gathering, and corrective action.

StratoZen maintains a full set of rules and reports and supports over two dozen EDR products. Along with being able to correlate that data with other events in the platform, we can also mark those particular workstations in a dynamic watchlist for further correlation. 

9. Limitation and Control of Network Ports, Protocols and Services: Manage (track,control,correct) the ongoing operational use of ports, protocols, and services on networked devices to minimize windows of vulnerability available to attackers. 

StratoZen’s rules quickly identify open ports and protocols and alerts on these. In addition, any firewall changes are logged, reported, and can also be set up for automated alerts if desired. 

10. Data Recovery Capabilities: The tools and processes used to properly back up critical information with a proven methodology for a timely recovery.

Our platform can be used to take in event logging from backups and disaster recovery (BDR) systems to ensure you can recover backups in the case of disaster. Notifications can be set for daily events. 

11. Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches: Establish, implement, and actively manage (track, report on, and correct) the security configuration of network infrastructure devices which are using a rigorous configuration management and change control process to prevent attackers from exploiting vulnerable settings and services.

The full configuration for common firewalls, routers, and switches is stored in the platform for review. Alerts and Reports are setup to notify on configuration events.  

12. Boundary Defense: Detect, prevent, and correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

StratoZen’s platform is an integral part of any boundary defense strategy. With the ability to pull in events and logs from dozens of different next-gen firewalls, security gateways, VPN gateways, and WAN accelerators to craft a holistic picture of the boundary. 

13. Data Protection: The tools and processes used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.

StratoZen can report on data leaving and moving within the environment with SIEM agents or Endpoint Security Software. 

14. Controlled Access Based on the Need to Know: The tools and processes used to track, control, prevent, and correct secure access to critical assets (information, resources, and systems) according to the formal determination of which persons, computers, and applications have a need to access these critical assets based on an approval classification.

StratoZen can assist in proving that you are controlling access according to your policies. 

15. Wireless Access Control: The tools and processes used to track, control, prevent, and correct the security use of wireless local area networks (WLANs), access points, and wireless client systems.

StratoZen’s platform supports multiple common wireless access points and alerting and reporting on rogue access points. 

16. Account Monitoring and Control: Actively manage the life cycle of systems and application accounts (creation, use, dormancy, and deletion) to minimize opportunities for attackers to leverage them.

Reports and rules can highlight all accounts and group changes instantly or historically. 

Organizational CIS controls 

17. Implement a Security Awareness and Training Program: For all functions roles in the organization, identify the specific knowledge, skills, and abilities needed to support the defense of the enterprise. Develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.

18. Application Software Security: Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.

While StratoZen’s platform does not perform Application Security testing, the platform can be used to report on what applications are running and what version and patch level are installed. 

19. Incident Response and Management: Protecting the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (plans, defined roles, training, communications, and management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.

StratoZen customized its alerting and remediation guidance to fit into your organizations playbooks and supports orchestrated automatic response and remediation. 

20, Penetration Tests and Red Team Exercises: Test the overall strength of an organization’s defense (technology, process, and the people) by simulating the objectives and actions of an attacker.

StratoZen’s platform can ingest results from vulnerability scanners and can catch Red Teams in action. 

Security controls are a simple yet powerful tool that allows industries to prevent cyberattacks that can be detrimental to their company infrastructure. At StratoZen, we use these controls to create fortifying frameworks designed to stop cybercriminals in their tracks. Get in touch with us today on how we can help your company implements these basic CIS controls and guide you one step closer to cybersecurity success.