Last updated at Mon, 21 Aug 2017 16:58:53 GMT
During the development of ControlsInsight, we selected the first set of controls based on input from Rapid7 experts with extensive experience in attacker methodology (like HD Moore and our co-founders Tas Giakouminakis and Chad Loder) combined with industry best practices for risk mitigation. One of the best practices we used was the SANS 20 Critical Security Controls, which helps organization focus efforts on security controls that would have the greatest impact in improving risk posture against real-world threats. According to the US State Department, organizations can achieve more than 94% risk reduction through the rigorous automation and measurement of the Top 20 Controls. ControlsInsight takes a similar approach to security - the solution prioritizes controls deployment based on effectiveness at defending against threats, giving you an action plan to address the most significant risks across your organization.
With ControlsInsight, you can automatically monitor the following critical security controls:
| SANS Top 20 Controls | ControlsInsight | Why This Control is Critical | |
|---|---|---|---|
| 3-2 | Implement automated patching tools and processes |
|
Cybercriminals often use known exploits to hack into systems that have not been patched. According to the Verizon 2013 Data Breach Investigations Report, 75% of attacks are opportunistic, meaning the victim was targeted because they exhibited a weakness the attacker knew how to exploit. |
| 5-1 | Continuously monitor for active, up-to-date anti-malware protection |
|
While anti-virus software has its limitations, it can help defend against threats by attempting to detect malware and block its execution. |
| 5-2 | Verify that each system has received its malware signature update |
|
"Trust but verify" - it's important to check that the latest malware signature has been successfully deployed and applied to each system. |
| 5-3 | Configure workstations so that they will not auto-run content from USB thumb drives |
|
Attackers have been known to infect networks by dropping USB thumb drives containing malicious code on-site for unwitting users to pick up. |
| 5-5 | Scan and block all e-mail attachments including e-mail and web content filtering |
|
Email phishing is a common method used by attackers to gain access to a network, who employ clever tactics to trick users into clicking on attachments. |
| 5-7 | Deploy features and toolkits such as DEP and EMET |
|
These mitigation features prevent malicious code execution and limits the potential damage from both existing exploits and future zero-day exploits. |
| 11-2 | Apply host-based firewalls or port filtering tools on end systems |
|
Workstation firewalls configured to deny traffic by default unless explicitly allowed can protect against malicious or unauthorized network traffic. |
| 12-3 | Configure all administrative passwords to be complex |
|
According to the Verizon 2013 Data Breach Investigations Report, 76% of network intrusions exploit weak or stolen credentials. |
| 12-4 | Configure all administrative-level accounts to require regular password changes |
|
See 12-3 |
| 12-9 | Administrative accounts should never be shared |
|
Ensuring unique passwords limits the impact if a single set of credentials are compromised by stopping attackers from propagating across the network. |
| 12-10 | Configure OS so that passwords cannot be re-used within a certain timeframe |
|
See 12-3 |
| 13-1 | Deny communications with known malicious IP addresses |
|
Attackers focus on exploiting systems that they can reach across the Internet, including devices that pull content from the Internet through network boundaries. |
To learn more about the SANS Top 20 Controls and how you can use them to build an effective security program, watch the joint webcast by Rapid7 and SANS here: Take Control! 7 Steps to Prioritize Your Security Program
