CIS Critical Security Controls v6

CIS - 1.1 Unauthorized Devices on Network

Total: 234,388

Company: 224,362

Unknown: 10,026

Ownership

Current: 196,162

No Data: 28,399

Currency Status

96%4%

CIS - 3.3 Assets Not Up-to-Date on Patching

Current: 193,376

No Data: 27,768

Present: 44

Currency Status

Has Missing Patches: 13,...

No Data: 76,173

No Missing Patches: 28,...

Patching State

CIS - 2.3 Software Whitelisting Software Installed on Business Systems

Current: 15,852

Overdue: 1,125

No Data: 5,375

Currency Status

71%

4%

5%

24%

56%

32%

12%

CIS - 4.1 Recently Scanned by Vulnerability Scanner

13%

87%

Firewall O�: 2,492

Firewall On: 50,886

Currency Status

CIS - 9.1 Host-Based Firewall Enabled on AssetsCIS - 8.2 Detected Instances of Malicious Code

95%

CIS - 8.1 Enabled and Up-to-Date Antivirus

13%

87%

5%

Worst Infection > Antivirus Status > Operating Sysytem Total Assets

(Severity 7) Trackware 261

243

239

237

234

234

232

231

(Severity 8) Dialer

(Severity 9) Remote Access

(Severity 12) Client Compliancy

(Severity 1) Non-Viral Malicious

(Severity 5) Hack Tool

(Severity 13) Generic Load Point

(Severity 3) Antivirus Heuristcs

Support for theSANS Top 20 Critical Security Controls

In response to the increasing number of cyber-attacks globally, the Center for Internet Security (CIS)developed a framework of cybersecurity recommendations for organizations commonly referred to asthe “SANS Top 20”. These recommendations include specific actions to prevent the most pervasive anddangerous cyber-attacks that attempt to infiltrate your environment and compromise your data.Recognized across the IT Security field as one of the foundations for a modern and responsive securityprogram, the SANS Top 20 list has been successfully leveraged by many organizations as the blueprintfor protecting their business and customer data. By addressing 17 of the 20 CIS Critical Security Controls, the NorthStar Platform aggregates,normalizes, digests, and assembles IT security and operations data into interconnected SuperLists thatgive you a complete, unbiased view of the current state of your IT environment. Once the SuperLists arepopulated, our visualization engine creates comprehensive dashboards and reports that providedynamic, interactive, and understandable views into your environment regardless of the securityproducts you have deployed.

516 N. Ogden Ave Suite 115Chicago, IL 60642

Give us a call312.421.3270

Send us an email:info@conventus.com

For more info, visit us at:www.conventus.com

CSC 1:Inventory ofAuthorized andUnauthorizedDevices

CRITICAL SECURITYCONTROL

NORTHSTAR ASSET, EXPOSURE AND PRIVILEGETRACKING FUNCTIONS

CRITICAL SECURITYCONTROL

CSC 11:Secure Configurationsfor NetworkDevices such asFirewalls, Routers,and Switches

Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks• Consolidation of ANY data point into a single,exportable SuperList• Integration of DHCP logs into IP Address SuperList

----------------------------------------------------------

CSC 2:Inventory ofAuthorized andUnauthorizedSoftware

CSC 12:Boundary Defense

Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks

Asset Tracking:• IT Tools Coverage: Asset SuperList, verification,configuration checksPrivileges Tracking:• Verification of assets that are reporting are:1) accurately inventoried 2) forced authentication

CSC 6:Maintenance,Monitoring, andAnalysis of AuditLogs

CSC 16:Account Monitoringand Control

Exposure Tracking:• Configuration check on synchronized time sources toensure timestamps in logs are consistent

Privileges Tracking:• Validate which SIEM / logging solutions are trackingin real-time• Audit access to password files• Track and capture password length

CSC 9:Limitation andControl of NetworkPorts, Protocols,and Services

CSC 19:Incident Responseand Management

Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, and perform configuration checks

CSC 7:Email and WebBrowser Protections

CSC 17:Security SkillsAssessment andAppropriate Trainingto Fill Gaps

Asset Tracking:• Ensure that only fully supported web browsers and emailclients are allowed to execute in the organization

CSC 3:SecureConfigurationsfor Hardware andSoftware on MobileDevices, Laptops,Workstations,and Servers

CSC 13:Data Protection

Exposure Tracking:• Consolidated view of gaps from vulnerabilityand configuration scanner data• Build out list of “gold image” machines ensuringstandard builds are “meet basic requirements”Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks

Asset Tracking:• IT Tools Coverage: SuperList compilation,asset validation, identify coverage gaps, performconfiguration checks

CSC 4:ContinuousVulnerabilityAssessment andRemediation

CSC 14:Controlled AccessBased on theNeed to Know

Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checksExposure Tracking:• Deliver the prioritized list to the risk administrators byincorporating asset criticality - vulnerability scanners do notPrivileges Tracking:• Validation of access to vulnerability user interface

Asset Tracking:• IT Tools Coverage: Asset SuperList, verification,configuration checks• Identify systems to assist with proper tagging andlocation of the critical data within a DLP system

CSC 5:Controlled Useof AdministrativePrivileges

CSC 15:Wireless AccessControl

Privileges Tracking:• Validation of where privileged access has been assigned• When used in conjunction with Asset Tracking, can validateIT admin machines are used only for intended purposeExposure Tracking:• Verification of multifactor authentication for alladministrative access, including domain administrative access• Verification of long password use if multi-factorauthentication is not supported

Asset Tracking:• IT Tools Coverage: SuperList compilation,asset validation, identify coverage gaps, performconfiguration checks

----------------------------------------------------------

----------------------------------------------------------

CSC 8:Malware Defenses

CSC 18:ApplicationSoftware Security

Asset Tracking:• IT Tools Coverage: SuperList compilation, asset validation,identify coverage gaps, perform configuration checks

Privileges Tracking:• Validate access to each IT environmentAsset Tracking:• Validation through software SuperList

CSC 10:Data RecoveryCapability

CSC 20:Penetration Tests andRed Team Exercises

Asset Tracking:• Take backup feed, and get an asset list from it,verify it against Asset SuperList to find gaps

Access Tracking:• Validation user and system accounts used for pentesting are used and controlled properly

NORTHSTAR ASSET, EXPOSURE AND PRIVILEGETRACKING FUNCTIONS