Configuration based Security

Cyber security best practices have moved from focusing mainly on firewalls, intrusion detection and anti-virus programs to detailed configuration controls on host machines (desktops, laptops, tablets, phones, servers and VMs). This effort has been led in the U.S. by NIST and the Center for Internet Security (CIS). The CIS supports a concise set of twenty security controls which were developed and continuously updated by a very experienced group of government and private industry security practitioners.

In addition to automatically monitoring the NIST technical controls, Belarc’s products support all of the CIS TOP 5 Controls.

A number of studies show that implementation of the First 5 CIS Controls provides an effective defense against the most common cyber attacks (~85% of attacks). In an effort to help organizations implement the First 5 CIS Controls, the objective of each is described next.


Why use the CIS-controls?

Many organizations facing the current cybersecurity environment are overwhelmed
by what we call the “Fog of More”—a constant stream of new information and problems. They are challenged by competing expert opinions, a noisy and fast-changing marketplace of potential solutions, and unclear or overwhelming regulatory and compliance requirements.

The CIS Controls are developed by a global expert community based on their first-hand experience of the threat environment to identify the most high-value practices to secure networks. Their in-depth understanding of the current threat landscape drives the priority order and focus of the CIS Controls. Further, CIS routinely incorporates feedback from the user community and ensures the best practices are vendor-neutral.

Relationship to Compliance Frameworks

The CIS Controls align with top compliance frameworks such as NIST, PCI, ISO, HIPAA, COBIT and others. Downloaded more than 65,000 times across the globe, most CIS Controls adopters use more than one framework to improve their security. CIS does not compete with any other framework; rather, we strive to offer users tools and work aids to simplify their security journey. In fact, many CIS adopters tell us they use the CIS Controls as the implementation guide to the NIST Cybersecurity Framework (CSF).

Belarc’s  Recommendations?

At Belarc we try to keep things simple, so here’s our recommendation on how best to implement cyber security: Establish a process to implement and regularly monitor the Center for Internet Security (CIS) Foundational Controls. We like the CIS controls because they are based on lessons learned from actual attacks and breaches and are created by people from multiple industries and government, including the NSA and DHS, who have deep knowledge of all aspects of cyber security.

The First 5 CIS Controls

  • CIS Control 1 – Inventory of Authorized and Unauthorized Devices.

  • CIS Control 2 – Inventory of Authorized and Unauthorized Software.

  • CIS Control 3 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers.

  • CIS Control 4 – Continuous Vulnerability Assessment and Remediation.

  • CIS Control 5 – Controlled Use of Administrative Privileges.

After reviewing and implementing the First 5 CIS Controls, you can move on and implement the comprehensive list of all 20 CIS Controls and sub-controls.

How Can Belarc Help?

Belarc’s system automatically creates an up to date central repository with detailed hardware, software and security configuration data. It does this on a near continuous basis and scales to enterprises of any size.

  • Complete listing of all hardware including desktops, laptops, servers, virtual machines, tablets and phones. Configuration details include make, model, serial number, BIOS or UEFI, operating system, group policies applied, USB storage device usage, encryption status, and more. (CSC 1)

  • Complete listing of all installed software including versions and last time used. Ability to automatically compare installed software with standard images or approved software. Flags unused software as candidates to be removed. (CSC 2)

  • Comparison of configurations to the US Government Configuration Baselines (USGCB). (CSC 3)

  • Automatic vulnerability assessment based on published vulnerabilities from Microsoft, Adobe, Oracle Java and Apple. (CSC 4)

  • Detailed information on both local and domain user logins by host and privileges, and the ability to automatically track user account changes such as elevated privileges. (CSC 5)

White Paper

Implementation Guide

White Paper

BelSecure: Continuous Monitoring for Cyber Hygiene.

Try BelManage plus the BelSecure module for free on your own hosted demo server.

Try BelSecure Now!