SANS Top 20 Controls Compliance

Prioritize your organization's critical security controls for effectiveness against real world threats

In today’s constantly evolving threat landscape, simply being compliant with regulatory requirements is not enough to mitigate probable attacks and protect critical information. While there’s no silver bullet for security, organizations can reduce chances of compromise by moving from a check-the-box, compliance-driven approach to a risk-based approach that focuses on real world effectiveness. The SANS Top 20 Critical Security Controls (CSC) were developed to address this need and to help organizations focus security efforts to have the greatest impact in improving their risk posture.

Rapid7 solutions can help you align to the SANS Top 20 Controls by:

The SANS Top 20 Critical Security Controls: Use Nexpose to take inventory of your assets, devices, and software

Use Nexpose to take inventory of your assets, devices, and software, and then scan your entire IT infrastructure for vulnerabilities, misconfigurations, and controls. Assess your RealRisk™ across both physical and virtual environments, and prioritize security issues for remediation.

Nexpose addresses CSC 1-4, 6, 7, 10, 11, 12, 16, 20

Free Nexpose Download
The SANS Top 20 Critical Security Controls: Use Metasploit to conduct penetration tests on your network

Use Metasploit to conduct penetration tests on your network using the same methods attackers would use. Audit web application security, find weak and shared passwords across your network, and manage phishing campaigns to measure effectiveness of user security awareness trainings.

Metasploit addresses CSC 6, 9, 10, 12, 19, 20

Free Metasploit Download
Use UserInsight to detect deception-based attacks

Use UserInsight to detect deception-based attacks by monitoring mobile device and cloud services usage, administrative privileges, user account activity, and network traffic to malicious sites. Investigate and respond to incidents quickly by correlating and analyzing data from multiple sources.

UserInsight addresses CSC 3, 7, 12, 13, 14, 16, 17, 18

Free UserInsight Trial
Use ControlsInsight to continuously assess how well controls are deployed and configured

Use ControlsInsight to continuously assess how well controls are deployed and configured across endpoints, including security patches, malware defenses, and password hardening. Create a prioritized action plan and track your progress in improving endpoint security over time.

ControlsInsight addresses CSC 4, 5, 11, 12, 13, 16, 17

Free Controlsinsight Trial

SANS Top 20 Controls
Compliance Guide

Learn how Rapid7 can help you apply the SANS Top 20 Controls to your security program

Download Now

7 Steps to Implement SANS
Top 20 Controls

Practical steps for successful implementation in your organization

Download Now