CRITICAL CONTROLS COMPLIANCE SOLUTIONS

PRIORITZE SECURITY CONTROLS FOR EFFECTIVENESS AGAINST REAL WORLD THREATS

In today's constantly evolving threat landscape, simply being compliant is not enough to mitigate probable attacks and protect critical information. While there's no silver bullet for security, organizations can reduce chances of compromise by moving from a compliance-driven approach to a risk management approach focused on real world effectiveness.

The Top 20 Critical Security Controls were originally developed by the SANS Institute, now maintained by the Council on CyberSecurity, to address the need for a risk–based approach to security. The Critical Controls are prioritized to help organizations focus security efforts to have the greatest impact in improving their risk posture.

U.S. State Department achieved an 88% reduction in vulnerability–based risks by implementing the Critical Controls.
Council on CyberSecurity

Critical Controls Compliance Guide

Learn how Rapid7 solutions can help you implement the Top 20 Critical Security Controls across your organization.

Download now

HOW RAPID7 CAN HELP

Know your network and identify weak points

Know your network and identify weak points

Use Nexpose to take inventory of your devices and software across physical, virtual, cloud, and mobile environments. Continuously assess your entire network for vulnerabilities, insecure configurations, and missing controls. Prioritize risks for remediation based on malware and exploit exposure, and asset criticality.

Nexpose can help with Controls 1–7, 10–13, 16, 17, 20.

Test effectiveness of your security controls

Test effectiveness of your security controls

Use Metasploit to simulate real-world attacks against your network defences, verify the effectiveness of security controls, and simulate scalable phishing campaigns. Closed-loop integration with Nexpose enables you to validate the exploitability of vulnerabilities in Metasploit and automatically prioritize for remediation in Nexpose.

Metasploit can help with Controls 6, 9, 12, 13, 15, 19, 20.

Monitor privileged accounts and detect compromise

Monitor privileged accounts and detect compromise

UserInsight monitors privileged users across the network, endpoints, and cloud services, and alerts on new admin accounts, account privilege escalation, and suspicious behavior. UserInsight also collects logs, correlates events by user, and analyzes for anomalies and unusual activity with low false positives.

UserInsight can help with Controls 1–6, 12–19.

Assess web applications for vulnerabilities

Assess web applications for vulnerabilities

Poorly coded applications can provide an easy path for attackers to gain access to critical systems and information. Dynamically scan your web, mobile and cloud applications for vulnerabilities with AppSpider. Automatically generate reports to quickly see gaps against best practices such as OWASP and prioritize for remediation.

AppSpider can help with Control 6.

Evaluate current state against the Critical Controls

Evaluate current state against the Critical Controls

You can't fix what you can't see. Rapid7's Strategic Services team can perform a full assessment of your security program to identify gaps between your current state of controls and best practices, then provide guidance on implementing missing controls based on your organization's risk appetite and business objectives.

Rapid7 Services can help with Controls 7, 9, 18, 20.