In 2008, the Center for Internet Security published a list of 20 controls for protecting a network from cyber attacks. These controls were created by a consortium of cyber defense experts around the world and were based off of understanding an attacker’s life cycle then modeling defensive actions for that. The controls are a relatively short list of high-priority, highly effective defensive actions that provide a priority listing of how every enterprise can improve their cyber defense.
Over time, the security controls have proven that by adopting these individual tactics an organization can prevent cyber attacks. In fact, one study of a previous release found that by adopting just the first five controls, 85 percent of attacks can be thwarted. Because the first five have proven especially important, CIS refers to them as “foundational cyber hygiene” and encourages every organization to implement them. Ignoring them will leave gaping holes in a network's defenses.
CIS Top 5 Security Controls
1. Inventory of Hardware Assets
Each organization needs to actively manage all its hardware devices to ensure only authorized hardware assets have access to the organization's network. The system should be in a position to quickly identify unauthorized hardware devices and lock them out of the system before any damage is done.
Organizations should continuously scan for unauthorized devices because it only takes a split second for a sophisticated attacker to use an unprotected device to access the organization's entire network.
Additionally, organizations that encourage employees to bring their own devices to work should develop a security patch management protocol for the devices. This is because attackers especially target devices that come and go off the enterprise's network.
2. Control of Software Assets
The next thing is to actively manage all software deployed in an organization's network. Organizations should ensure only authorized software is installed. A security management protocol that works is whitelisting all authorized software so that the security team has an easy time identifying unauthorized software.
Hackers usually distribute hostile document files and web pages across trusted browsers to target systems. Once an employee opens such a file, the attacker creates a backdoor bot and uses it to gain access to the network. Sophisticated attackers use zero-day exploitation, which involves taking advantage of unknown vulnerabilities. Organizations should only install software from reputable or known sources.
3. Secure Configuration for Software and Hardware
Establishing, maintaining, and managing security configurations on workstations, laptops, and servers is another important security control. Each organization needs to follow strict configurations to prevent attackers from exploiting vulnerable settings.
Since manufacturers establish Operating System configurations for ease of use, organizations need to beef up security on all hardware assets. Default passwords, for instance, are not strong enough to lock attackers out of the system. The security team should regularly validate and upgrade configurations to ensure the system is un-hackable.
4. Continuous Vulnerability Management
When researchers report a new system vulnerability, attackers also gain access to this information. They then strive to take advantage of the gap between the appearance of new information and remediation. To prevent an attack, organizations need to remediate vulnerabilities as soon as possible.
Security advisories, updates, and patches need to be prioritized to ensure attackers don't have a loophole to use. Businesses and organizations should be proactive by setting aside enough resources to scale remediation across the entire enterprise.
5. Controlled Use of Administrative Privilege
Every organization requires automated tools that can monitor user behavior across the entire enterprise. Misuse of administrative privilege can easily give attackers access to privileged company information. Limiting the use of administrative privilege ensures that attackers are locked out of the system.
Organizations need tools that can track and correct configuration of administrative privilege because an attacker can elevate the privilege of a normal user account by hacking their password. Monitoring the IT environment ensures that threats are routinely identified and dealt with before major damage is done.
It's the little mistakes that account for a huge proportion of data breaches. Keeping track of all the details can be tedious, but it reduces downtime and decreases the risk of data loss. The effort pays for itself.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.