The Center for Internet Security’s (CIS) Critical Security Controls was established by cybersecurity practitioners in coordination with governments, companies, and institutions such as SANS. This effort was done in order to establish a common framework to help organizations tackle the implementation of good cyber security hygiene and controls. So, what are the CIS Critical Security Controls?
Many organizations must balance regulations and threats within their compute stack and have been overwhelmed by the multitude of “guidelines” on how to appropriately implement cybersecurity. This is where the CIS controls began its approach. Let’s take a moment to review the CIS Critical Security Controls as well as how ConsoleWorks can help you meet elements within the Controls.
In today’s environment of advanced, persistent threats and zero-day exploits you need to be mindful of your current security posture and what residual risk remains due to potential gaps in your protections framework.
What are the CIS Critical Security Controls?
Formerly known as the “SANS Critical Security Controls” or “SANS Top 20,” which consisted originally of 20 controls, the name has changed to CIS Critical Security Controls (CIS Controls).
Its latest version, version 8, has combined and consolidated CIS controls by activities, rather than by device types. These changes were implemented to align better with risk mitigation methodologies. Due to the dynamic nature of today’s threats and the shaping of successful risk mitigation measures, the CIS Controls will continue to adapt.
Now let’s review how ConsoleWorks helps you in meeting your security needs as you implement your CIS Controls framework. Before we begin, you can review the complete CIS Critical Security Controls v8 at this link for your reference.
Applying CIS Critical Security Controls
First, we would like to also mention for those embarking on implementing the CIS Controls, it is a good practice to look at how your Cyber Security Frameworks can also solve for meeting any regulations your organization may be subject to. The CIS Controls will map to many regulations and help you implement controls to enforce and meet compliance objectives such as: NERC CIP, HIPAA, NIST 800, PCI and more.
The CIS Critical Security Controls are robust. You’ll find that they cover many elements of your cyber security needs and by following these controls you will be armed with the tools necessary to establish an enterprise cyber security framework.
How ConsoleWorks Meets Security Control Needs
If you’re not familiar with the CIS Controls, they are sequential and are designed that way on purpose. Keeping this in mind, we’ll start with CIS Controls 1 and 2 and take a look at how ConsoleWorks can help you implement these.
CIS Controls 1 and 2: Inventory and Control of Enterprise and Software Assets
“Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or remediate.”
Using ConsoleWorks as the centralized repository for your assets’ hardware and software information, you can use the Baseline Configuration Management (BCM) module to control any changes or events related to this inventory.
ConsoleWorks’ Baseline Configuration Management tells the complete story of who, what, where and when changes were made to your established baseline inventory of every piece of hardware and software registered within the environment. The frequency of inventory interrogation is customizable to meet your impact rating needs within your environment.
The capability to capture all change activities provides additional advanced functionality within the operational theater, such as: incident response, forensic investigation, misoperation prevention, and automated remediation.
CIS Controls 5 and 6: Account Management and Access Control Management
CIS Controls 5 and 6 focus on access and account management. Control 5 states: “Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.” While Control 6 states: “Use processes and tools to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software.”
ConsoleWorks utilizes a robust Role Based Access Control system where the devices within your infrastructure have roles and access controls, along with roles and access controls for your user accounts/identities. The device’s roles and identity roles then must be paired based on least privileged needs. At its core, this ensures a Zero Trust framework.
Additionally, password obfuscation can be achieved where necessary, along with Multi-Factor Authentication. This RBAC functionality is then extended to provide Secure Remote Access by using these roles and identities as ConsoleWorks provides an intermediate system platform to perform a “protocol break” between the user and the end device sessions.
Further controls allow for the organization to leverage ConsoleWorks to even control the user inputs (commands) during an established session on the device. If a user tries to act in a way that is not congruent with their role, ConsoleWorks alerts a supervisor and/or automatically terminates the session. This is completely customizable based on your operational needs.
In the advanced needs of conditional access frameworks, ConsoleWorks interrogates the behaviors of the device and user while monitoring the vulnerability levels of each to make a determination for provisioning access to ensure risks to the environment are minimized. For example, with command controls and conditional access, the user’s access and privileges can be limited to a predefined set of commands they can execute. ConsoleWorks’ Conditional access is based on user identities/credentials threat profiles.
CIS Control 8: Audit Log management
CIS Control 8 focuses on “Collecting, alerting, reviewing, and retaining audit logs of events that could help detect, understand, or recover from an attack.”
ConsoleWorks’ audit, logging, and reporting capabilities are part of its core. This functionality is completely customizable using “Custom Data” parameters and allows you a deep dive into events collected from your environment. Beyond the standard approach of logging, alerting, and reporting, ConsoleWorks goes further to record all user activity, playing back that activity from the keystrokes, the mouse movements, and even the video display (console) activities.
Many companies have difficulty correlating various activities due to the systems’ time stamps not being in synch. ConsoleWorks resolves this by aggregating these logs and using its own time stamp or common clock across the assets, constructing a clear and concise picture. The challenge with other log aggregation systems is that they use the timestamp from the asset itself and only monitor what is happening on the asset.
While those assets may have a clock, the clocks are prone to drifting. A drifting clock results in ambiguous data, leaving you struggling to understand what alert or alarm happened first and knowing how it occurred. ConsoleWorks adds metadata from its own common clock beyond the millisecond, resulting in a clear forensic reconstruction of events between people and assets on your network.
CIS Control 15: Service Provider Management
CIS Control 15 focuses on “developing a process to evaluate service providers who hold sensitive data or are responsible for an enterprise’s critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.”
Being able to manage support vendors when they come in and protecting data and processes is a key strength of the ConsoleWorks platform. We have discussed previously the RBAC capabilities, the logging and alerting, and the secure remote access features of the platform. These are key components to managing third-party access.
ConsoleWorks provides additional SRA capabilities that assist in this area. Session control is key in any environment and many regulations require it for third parties accessing your systems. ConsoleWorks not only allows you to control remote session capabilities, but also allows an internal administrator to be alerted when the remote session is started, to join the session, and to terminate the session based on suspicious behavior.
Improve Your Security with CIS Critical Security Controls
Meeting the 18 controls outlined in the CIS Controls will enhance your security and close gaps that exist in your defenses, better preparing you against today’s threats and mitigating any damage that could be inflicted should a threat break through your defenses.
ConsoleWorks is a platform that helps you meet your controls needs and enables you to enforce the Zero Trust architecture and beyond. Talk to us here if you have any questions about the controls above or how ConsoleWorks can help you.