Reducing Threat Impact With CIS Controls

May 29, 2020

Lane Roush, vice-president of Presales Systems Engineering at Arctic Wolf Networks, discusses CIS roles, controls, and tools in this digital summit session. He opens with a startling statistic: the average total lifecycle of a data breach is 279 days. It takes an average of 206 days to detect a breach, and 73 days to contain it. Lane believes that average can be brought down to hours.

The Center for Internet Security (CIS), founded in 2020, was founded to identify, develop, validate, promote, and sustain best practice solutions for cyber defense. The different areas of focus and programs within the CIS work to crowdsource information for the sake of developing new capabilities for security. The CIS has identified key security controls which Lane buckets into basic, foundational, and organizational.

Within Lane’s client base, he observes that most of his customers are utilizing perimeter and prevention tools; endpoint prevention and firewalls; email security; and recovery plans. While that’s a great start, the goal of an organization should be to continuously allocate resources and capabilities to increase security controls.

Before covering the top six controls, Lane suggests getting a pen test done in order to prioritize which controls get put in and in what order. Additionally, a pen test is a great way to validate the money spend and makes sure an organization is getting the biggest bang for its buck. Next, Lane covers six of the 20 top CIS controls.

CIS Control 1 & 2

The first control is inventory and control of hardware assets. The second of inventory and control of software assets. These controls involve actively managing all hardware and software on the network so that only authorized software and hardware are installed and can execute, and that all unauthorized and unmanaged software and hardware are found and prevented from installation or execution.  

Lane gives an example of a time that an organization was able to track down a detected trick bot to an unowned asset and breaks down the discovery and mitigation process. He also discusses what tools could have been implemented to prevent such a breach.

CIS Control 3

Control three is continuous vulnerability management. An organization must continuously acquire, assess, prioritize, and act on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.

Lane sympathizes with the difficulty of control three due to the massive amount of touchpoints before emphasizing the importance of a holistic vulnerability management program to help mitigate and reduce the attack surface.

CIS Control 4

Control four is the controlled use of administrative privileges. This entails using processes and tools to track, control, prevent, and correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications.

This entails changing default passwords on deployed devices, using multi-factor authentication for administrative access, setting up alerts, and more.

CIS Control 5

Control five is securing configuration for hardware and software. This control involves establishing, implementing, and actively managing the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process to prevent attackers to prevent attackers from exploiting vulnerable services and settings.

Lane explains Arctic Wolf’s secure config baselining that they map into the CIS hardening standards. He describes the baselining as a set of “golden images.”

CIS Control 6

Control six is the maintenance, monitoring, and analysis of audit logs. Collecting, managing, and analyzing audit logs of events helps future detection and recovery from attacks.

They can uncover gaps in security logging and analysis that open up opportunities for bad actors. The basic control covers a variety of areas, such as best practices for leveraging a SIEM for a consolidated view and action points, as well as advising how often to review reports for anomalies.

Final Notes

Lane wraps up by walking through Arctic Wolf’s services and how they enhance the CIS protocol. Arctic Wolf goes below the surface, making sure people, process, work together seamlessly to keep organizations safe.

Before answering audience questions, Lane reminds listeners, “It's not about being perfect. It's about making sure that you're closing that gap and getting better over time.”

To hear a detailed description and examples of the six controls and to learn more about what Arctic Wolf can do for you, please go to the Cyber Security Digital Summit page, register, and then follow the link sent to your inbox.

Read the original article and additional information at Cyber Security Hub