In 1960, Hollywood released two popular films that had numbers in their titles: Ocean’s Eleven and The Magnificent Seven.
But unless you’re a hardcore movie geek, you’d be hard-pressed to name the 12 actors who played Danny Ocean and his 11 accomplices who robbed five different Las Vegas casinos on New Year’s Eve. For most people, only Frank Sinatra as Ocean and his Rat Pack pals Dean Martin, Sammy Davis, Jr., Peter Lawford, and Joey Bishop come to mind.
And what about the actors in The Magnificent Seven—or The Dirty Dozen that was released in 1967? The point is, the larger the crowd, the foggier the focus.
Which is why I’m a fan of the SANS “First Five” IT security controls discussed in the John Pescatore-authored SANS white paper that you can download below.
The 20 CIS Controls
In Pescatore’s paper, “Improving Application and Privilege Management: Critical Security Controls Update,” he talks about Version 6.0 of the Center for Internet Security’s (CIS) Critical Security Controls. It’s a prioritized list of 20 controls that, “when implemented well, have proved effective in blocking most advanced target threats and supporting faster detection and resolution of those that do get through initial defenses.”
Here are the 20 controls, updated roughly every 18 months through an open, community-driven effort:
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Continuous Vulnerability Assessment and Remediation
- Controlled Use of Administrative Privileges
- Maintenance, Monitoring, and Analysis of Audit Logs
- Email and Web Browser Protections
- Malware Defenses
- Limitation and Control of Network Ports, Protocols, and Services
- Data Recovery Capability
- Secure Configurations for Network Devices Such as Firewalls, Routers, and Switches
- Boundary Defense
- Data Protection
- Controlled Access Based on the Need to Know
- Wireless Access Control
- Account Monitoring and Control
- Security Skills Assessment and Appropriate Training to Fill Gaps
- Application Software Security
- Incident Response and Management
- Penetration Tests and Red Team Exercises
Pescatore says the net result of Version 6.0 was to increase the emphasis on a few control areas that have shown to be immediately effective against real-world attacks. He adds that “a subset of the highest priority controls within the CIS Controls provides ‘quick wins,’ with immediate risk reduction against advanced target threats.”
The SANS “First Five”—the “Rat Pack” with the Highest Payback
In the context of “quick wins”, Pescatore says SANS has listed five controls as providing the highest payback in reducing risk from advanced targeted attacks:
- Software whitelisting
- Secure standard configurations
- Application security patching
- System security patching
- Minimization of administrative privileges
If you’re looking to prioritize your implementation of security controls, the SANS “First Five” refines the focus for the highest payback.
And while the CIS Controls can help you protect assets and mitigate the risk of attack via known vulnerabilities, the Controls can also impact business efficiencies if not properly implemented and managed by IT. That’s where LANDESK, Shavlik and AppSense solutions can help.
Take software whitelisting for example. Automatic discovery in LANDESK Management Suite and LANDESK Security Suite leverages file execution, the MSI files database, and other techniques to identify software assets. This automatic discovery supplies a comprehensive list of all software assets on every device and provides extensive usage information about those assets.
In addition to traditional whitelisting and support for digital signatures, AppSense Trusted Ownership only allows the execution of applications introduced by trusted administrators to reduce the administrative overhead associated with traditional whitelisting. What’s more, LANDESK whitelisting can block or allow applications based on sources of trust, including reputation, file attributes, locations, etc.