4 min
CIS Controls
The CIS Critical Security Controls Explained - Control 6: Maintenance, Monitoring and Analysis of Audit Logs
In your organizational environment, Audit Logs are your best friend. Seriously.
This is the sixth blog of the series based on the CIS Critical Security Controls
[https://www.rapid7.com/fundamentals/cis-critical-security-controls/]. I'll be
taking you through Control 6: Maintenance, Monitoring and Analysis of Audit
Logs, in helping you to understand the need to nurture this friendship and how
it can bring your information security program to a higher level of maturity
while helping gain visibilit
7 min
CIS Controls
The CIS Critical Security Controls Series
What are the CIS Critical Security Controls?
The Center for Internet Security (CIS) Top 20 Critical Security Controls
[https://www.rapid7.com/solutions/compliance/critical-controls/] (previously
known as the SANS Top 20 Critical Security Controls), is an industry-leading way
to answer your key security question: “How can I be prepared to stop known
attacks?” The controls transform best-in-class threat data into prioritized and
actionable ways to protect your organization from today's most common
6 min
CIS Controls
The CIS Critical Security Controls Explained - Control 4: Controlled Use of Administrative Privilege
The ultimate goal of an information security program
[https://www.rapid7.com/fundamentals/security-program-basics/] is to reduce
risk. Often, hidden risks run amok in organizations that just aren't thinking
about risk in the right way. Control 4 of the CIS Critical Security Controls
[https://rapid7.com/solutions/compliance/critical-controls/] can be contentious,
can cause bad feelings, and is sometimes hated by system administrators and
users alike. It is, however, one of the controls that can h
5 min
CIS Controls
The CIS Critical Security Controls Explained - Control 3: Continuous Vulnerability Management
Welcome to the third blog post on the CIS Critical Security Controls
[https://rapid7.com/solutions/compliance/critical-controls/]! This week, I will
be walking you through the third Critical Control: Continuous Vulnerability
Management. Specifically, we will be looking at why vulnerability management
[https://rapid7.com/solutions/vulnerability-management/] and remediation is
important for your overall security maturity, what the control consists of, and
how to implement it.
Organizations operat
5 min
CIS Controls
The CIS Critical Security Controls Explained - Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Stop No. 5 on our tour of the CIS Critical Security Controls
[https://www.rapid7.com/solutions/compliance/critical-controls/] (previously
known as the SANS Top 20 Critical Security Controls) deals with Secure
Configuration for Hardware and Software on Mobile Devices, Laptops,
Workstations, and Servers. This is great timing with the announcement of the
death of SHA1. (Pro tip: don't use SHA1
[https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/]
3 min
CIS Controls
The CIS Critical Security Controls Explained - Control 1: Inventory and Control of Hardware Assets
The Rapid7 Security Advisory Service relies heavily on the CIS top 20 critical
controls as a framework for security program analysis because they are
universally applicable to information security and IT governance. Correct
implementation of all 20 of the critical controls greatly reduces security risk,
lowers operational costs, and significantly improves any organization's
defensive posture. The 20 critical controls are divided into Basic,
Foundational, and Organizational families, and each con
4 min
CIS Controls
The CIS Critical Security Controls Explained - Control 2: Inventory and Control of Software Assets
As I mentioned in our last post, the 20 critical controls
[https://www.rapid7.com/solutions/compliance/critical-controls/] are divided
into Basic, Foundational, and Organizational families in order to simplify
analysis and implementation. This also allows partial implementation of the
controls by security program developers who aren't building a program from
scratch, but want to apply all 20 of the controls. The first two controls of the
Center for Internet Security's (CIS) Critical Controls are
5 min
CIS Controls
Using CIS Controls To Stop Your Network From Falling in With the Wrong Crowd
Earlier this month Kyle Flaherty wrote a post
[https://www.rapid7.com/blog/post/2016/10/06/rapid7-on-top-in-sans-critical-security-controls/]
on the Rapid7 Community Blog about how Rapid7 came out on top for coverage of
the Center for Internet Security (CIS) Top 20 Security Controls
[https://www.cisecurity.org/controls]. In light of recent DDoS events I'd like
to take a little time to discuss at a high level what the controls are, how they
would help, and what organizations can do to improve th
3 min
Awards
Rapid7 On Top in SANS Top 20 Critical Security Controls
Being great is, well… great, right? But as we all know it doesn't happen in a
vacuum, it's an equation:
Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships
Coincidentally (or not), these items make up three of the five core values we
strive towards here at Rapid7 – the other two play a role as well in
‘Disciplined Risk Taking' and ‘Continuous Learning', but we all know blog posts
need three things, it's some sort of Internet rule. Now, let's be honest, public
displ
2 min
CIS Controls
Use DHCP Discovery to Implement Critical Security Control 1
The number one critical security control from the Center for Internet Security
recommends actively managing all hardware devices on the network:
CSC 1: Inventory of Authorized and Unauthorized Devices
Actively manage (inventory, track, and correct) all hardware devices on the
network so that only authorized devices are given access, and unauthorized and
unmanaged devices are found and prevented from gaining access.
http://www.cisecurity.org/critical-controls.cfm
Here a some of the reasons y