Focus on the ‘Rat Pack’ of CIS Critical Security Controls

Protection background. Technology security, encode and decrypt, techno scheme, vector illustrationIn 1960, Hollywood released two popular films that had numbers in their titles: Ocean’s Eleven and The Magnificent Seven.

But unless you’re a hardcore movie geek, you’d be hard-pressed to name the 12 actors who played Danny Ocean and his 11 accomplices who robbed five different Las Vegas casinos on New Year’s Eve. For most people, only Frank Sinatra as Ocean and his Rat Pack pals Dean Martin, Sammy Davis, Jr., Peter Lawford, and Joey Bishop come to mind.

And what about the actors in The Magnificent Seven—or The Dirty Dozen that was released in 1967? The point is, the larger the crowd, the foggier the focus.

Which is why I’m a fan of the SANS “First Five” IT security controls discussed in the John Pescatore-authored SANS white paper that you can download below.

The 20 CIS Controls

In Pescatore’s paper, “Improving Application and Privilege Management: Critical Security Controls Update,” he talks about Version 6.0 of the Center for Internet Security’s (CIS) Critical Security Controls. It’s a prioritized list of 20 controls that, “when implemented well, have proved effective in blocking most advanced target threats and supporting faster detection and resolution of those that do get through initial defenses.”

Here are the 20 controls, updated roughly every 18 months through an open, community-driven effort:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  4. Continuous Vulnerability Assessment and Remediation
  5. Controlled Use of Administrative Privileges
  6. Maintenance, Monitoring, and Analysis of Audit Logs
  7. Email and Web Browser Protections
  8. Malware Defenses
  9. Limitation and Control of Network Ports, Protocols, and Services
  10. Data Recovery Capability
  11. Secure Configurations for Network Devices Such as Firewalls, Routers, and Switches
  12. Boundary Defense
  13. Data Protection
  14. Controlled Access Based on the Need to Know
  15. Wireless Access Control
  16. Account Monitoring and Control
  17. Security Skills Assessment and Appropriate Training to Fill Gaps
  18. Application Software Security
  19. Incident Response and Management
  20. Penetration Tests and Red Team Exercises

Pescatore says the net result of Version 6.0 was to increase the emphasis on a few control areas that have shown to be immediately effective against real-world attacks. He adds that “a subset of the highest priority controls within the CIS Controls provides ‘quick wins,’ with immediate risk reduction against advanced target threats.”

The SANS “First Five”—the “Rat Pack” with the Highest Payback

In the context of “quick wins”, Pescatore says SANS has listed five controls as providing the highest payback in reducing risk from advanced targeted attacks:

  1. Software whitelisting
  2. Secure standard configurations
  3. Application security patching
  4. System security patching
  5. Minimization of administrative privileges

If you’re looking to prioritize your implementation of security controls, the SANS “First Five” refines the focus for the highest payback.

And while the CIS Controls can help you protect assets and mitigate the risk of attack via known vulnerabilities, the Controls can also impact business efficiencies if not properly implemented and managed by IT. That’s where LANDESK, Shavlik and AppSense solutions can help.

Take software whitelisting for example. Automatic discovery in LANDESK Management Suite and LANDESK Security Suite leverages file execution, the MSI files database, and other techniques to identify software assets. This automatic discovery supplies a comprehensive list of all software assets on every device and provides extensive usage information about those assets.

In addition to traditional whitelisting and support for digital signatures, AppSense Trusted Ownership only allows the execution of applications introduced by trusted administrators to reduce the administrative overhead associated with traditional whitelisting. What’s more, LANDESK whitelisting can block or allow applications based on sources of trust, including reputation, file attributes, locations, etc.

SANS_BlogCTA_Banner

On March 14, 2016,  LANDESK acquired AppSense, the leading provider of secure user environment management solutions. Check the AppSense section of the blog for all of our AppSense-related content.