Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
CIS Critical Security Controls v6
CIS - 1.1 Unauthorized Devices on Network
Total: 234,388
Company: 224,362
Unknown: 10,026
Ownership
Current: 196,162
No Data: 28,399
Currency Status
96%4%
CIS - 3.3 Assets Not Up-to-Date on Patching
Current: 193,376
No Data: 27,768
Present: 44
Currency Status
Has Missing Patches: 13,...
No Data: 76,173
No Missing Patches: 28,...
Patching State
CIS - 2.3 Software Whitelisting Software Installed on Business Systems
Current: 15,852
Overdue: 1,125
No Data: 5,375
Currency Status
71%
4%
5%
24%
56%
32%
12%
CIS - 4.1 Recently Scanned by Vulnerability Scanner
13%
87%
Firewall O�: 2,492
Firewall On: 50,886
Currency Status
CIS - 9.1 Host-Based Firewall Enabled on AssetsCIS - 8.2 Detected Instances of Malicious Code
95%
CIS - 8.1 Enabled and Up-to-Date Antivirus
13%
87%
5%
Worst Infection > Antivirus Status > Operating Sysytem Total Assets
(Severity 7) Trackware 261
243
239
237
234
234
232
231
(Severity 8) Dialer
(Severity 9) Remote Access
(Severity 12) Client Compliancy
(Severity 1) Non-Viral Malicious
(Severity 5) Hack Tool
(Severity 13) Generic Load Point
(Severity 3) Antivirus Heuristcs
Support for theSANS Top 20 Critical Security Controls
In response to the increasing number of cyber-attacks globally, the Center for Internet Security (CIS)developed a framework of cybersecurity recommendations for organizations commonly referred to asthe “SANS Top 20”. These recommendations include specific actions to prevent the most pervasive anddangerous cyber-attacks that attempt to infiltrate your environment and compromise your data.Recognized across the IT Security field as one of the foundations for a modern and responsive securityprogram, the SANS Top 20 list has been successfully leveraged by many organizations as the blueprintfor protecting their business and customer data. By addressing 17 of the 20 CIS Critical Security Controls, the NorthStar Platform aggregates,normalizes, digests, and assembles IT security and operations data into interconnected SuperLists thatgive you a complete, unbiased view of the current state of your IT environment. Once the SuperLists arepopulated, our visualization engine creates comprehensive dashboards and reports that providedynamic, interactive, and understandable views into your environment regardless of the securityproducts you have deployed.
516 N. Ogden Ave Suite 115Chicago, IL 60642
Give us a call312.421.3270
Send us an email:[email protected]
For more info, visit us at:www.conventus.com
CSC 1:Inventory ofAuthorized andUnauthorizedDevices
CRITICAL SECURITYCONTROL
NORTHSTAR ASSET, EXPOSURE AND PRIVILEGETRACKING FUNCTIONS
CRITICAL SECURITYCONTROL
CSC 11:Secure Configurationsfor NetworkDevices such asFirewalls, Routers,and Switches
Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks• Consolidation of ANY data point into a single,exportable SuperList• Integration of DHCP logs into IP Address SuperList
----------------------------------------------------------
CSC 2:Inventory ofAuthorized andUnauthorizedSoftware
CSC 12:Boundary Defense
Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks
Asset Tracking:• IT Tools Coverage: Asset SuperList, verification,configuration checksPrivileges Tracking:• Verification of assets that are reporting are:1) accurately inventoried 2) forced authentication
CSC 6:Maintenance,Monitoring, andAnalysis of AuditLogs
CSC 16:Account Monitoringand Control
Exposure Tracking:• Configuration check on synchronized time sources toensure timestamps in logs are consistent
Privileges Tracking:• Validate which SIEM / logging solutions are trackingin real-time• Audit access to password files• Track and capture password length
CSC 9:Limitation andControl of NetworkPorts, Protocols,and Services
CSC 19:Incident Responseand Management
Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, and perform configuration checks
CSC 7:Email and WebBrowser Protections
CSC 17:Security SkillsAssessment andAppropriate Trainingto Fill Gaps
Asset Tracking:• Ensure that only fully supported web browsers and emailclients are allowed to execute in the organization
CSC 3:SecureConfigurationsfor Hardware andSoftware on MobileDevices, Laptops,Workstations,and Servers
CSC 13:Data Protection
Exposure Tracking:• Consolidated view of gaps from vulnerabilityand configuration scanner data• Build out list of “gold image” machines ensuringstandard builds are “meet basic requirements”Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks
Asset Tracking:• IT Tools Coverage: SuperList compilation,asset validation, identify coverage gaps, performconfiguration checks
CSC 4:ContinuousVulnerabilityAssessment andRemediation
CSC 14:Controlled AccessBased on theNeed to Know
Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checksExposure Tracking:• Deliver the prioritized list to the risk administrators byincorporating asset criticality - vulnerability scanners do notPrivileges Tracking:• Validation of access to vulnerability user interface
Asset Tracking:• IT Tools Coverage: Asset SuperList, verification,configuration checks• Identify systems to assist with proper tagging andlocation of the critical data within a DLP system
CSC 5:Controlled Useof AdministrativePrivileges
CSC 15:Wireless AccessControl
Privileges Tracking:• Validation of where privileged access has been assigned• When used in conjunction with Asset Tracking, can validateIT admin machines are used only for intended purposeExposure Tracking:• Verification of multifactor authentication for alladministrative access, including domain administrative access• Verification of long password use if multi-factorauthentication is not supported
Asset Tracking:• IT Tools Coverage: SuperList compilation,asset validation, identify coverage gaps, performconfiguration checks
----------------------------------------------------------
----------------------------------------------------------
CSC 8:Malware Defenses
CSC 18:ApplicationSoftware Security
Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks
Privileges Tracking:• Validate access to each IT environmentAsset Tracking:• Validation through software SuperList
CSC 10:Data RecoveryCapability
CSC 20:Penetration Tests andRed Team Exercises
Asset Tracking:• Take backup feed, and get an asset list from it,verify it against Asset SuperList to find gaps
Access Tracking:• Validation user and system accounts used for pentesting are used and controlled properly
NORTHSTAR ASSET, EXPOSURE AND PRIVILEGETRACKING FUNCTIONS