SANS Top 20 Controls Compliance
Prioritize your organization's critical security controls for effectiveness against real world threats
In today's constantly evolving threat landscape, simply being compliant with regulatory requirements is not enough to mitigate probable attacks and protect critical information. While there's no silver bullet for security, organizations can reduce chances of compromise by moving from a check-the-box, compliance-driven approach to a risk-based approach that focuses on real world effectiveness. The SANS Top 20 Critical Security Controls (CSC) were developed to address this need and to help organizations focus security efforts to have the greatest impact in improving their risk posture.
Rapid7 solutions can help you align to the SANS Top 20 Controls by:
Use Nexpose to take inventory of your assets, devices, and software, and then scan your entire IT infrastructure for vulnerabilities, misconfigurations, and controls. Assess your RealRisk™ across both physical and virtual environments, and prioritize security issues for remediation.
Nexpose addresses CSC 1-4, 6, 7, 10, 11, 12, 16, 20
Free Nexpose Download
Use Metasploit to conduct penetration tests on your network using the same methods attackers would use. Audit web application security, find weak and shared passwords across your network, and manage phishing campaigns to measure effectiveness of user security awareness trainings.
Metasploit addresses CSC 6, 9, 10, 12, 19, 20
Free Metasploit Download
Use UserInsight to detect deception-based attacks by monitoring mobile device and cloud services usage, administrative privileges, user account activity, and network traffic to malicious sites. Investigate and respond to incidents quickly by correlating and analyzing data from multiple sources.
UserInsight addresses CSC 3, 7, 12, 13, 14, 16, 17, 18
Free UserInsight Trial
Use ControlsInsight to continuously assess how well controls are deployed and configured across endpoints, including security patches, malware defenses, and password hardening. Create a prioritized action plan and track your progress in improving endpoint security over time.
ControlsInsight addresses CSC 4, 5, 11, 12, 13, 16, 17
Free Controlsinsight Trial