The Center for Internet Security (CIS) Top 18 Critical Security Controls (previously known as the SANS Top 18 Critical Security Controls), is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today. It was developed by leading security experts from around the world and is refined and validated every year.
As you probably know, simply being compliant is not enough to mitigate probable attacks and protect your critical information. While there's no silver bullet for security, organizations can reduce chances of compromise by moving from a compliance-driven approach to a risk management approach focused on real world effectiveness. Implementing the CIS top 18 critical security controls is a great way protect your organization from some of the most common attacks.
In the 2016 ranking from SANS, Rapid7 was listed as the top solution provider addressing the CIS Top 18 Critical Security Controls. Click each control listed below to learn more about how Rapid7 can help.
-
Control 1: Inventory and Control of Hardware Assets
Rapid7 solutions enable organizations to discover and identify devices as they connect to corporate assets, whether it is via the network, over email services, or through cloud applications.
Rapid7 Global Services will evaluate and document the gaps in your asset discovery process to make recommendations for improving your inventory capabilities.Solutions:
-
Control 2: Inventory and Control of Software Assets
Rapid7 solutions automatically scan systems and catalog the running applications to check them for known vulnerabilities, known malware, and other potential risks.
Rapid7 Global Services will evaluate existing software discovery process, help build a software inventory, and enhance the existing program.Solutions:
-
Control 3: Data Protection
Rapid7 solutions identify passwords and other sensitive data available in plaintext, monitor for exfiltration attempts, and identify the usage of cloud-based file transfer services.
Rapid7 Global Services identify sensitive data, the systems that house it, and the best possible protection schemes to reduce chances of leakage and exfiltration.Solutions:
-
Control 4: Secure Configuration of Enterprise Assets and Software
Rapid7 products scan existing systems and monitor activity across the modern environment to identify misconfigurations and negative outcomes they may have caused.
Rapid7 Global Services documents any existing system gold images, compares to the latest best practices, and recommends technology and procedures to improve.Solutions:
-
Control 5: Account Management
Rapid7 solutions monitor access controls and baseline permitted access to systems in the critical environments to identify any suspicious change in settings or behavior.
Rapid7 Global Services observe system access policies and operational procedures to identify gaps in your security program and lay out a detailed plan to address them with an optimal least privilege model.Solutions:
-
Control 6: Access Control Management
-
Control 7: Continuous Vulnerability Management
Rapid7 solutions enable continuous data collection from all systems through scanning, integrations, and endpoint agents and simplify remediation workflows in the language of the IT team responsible.
Rapid7 Global Services will evaluate existing vulnerability management programs, document the workflow for remediation, and help develop a long-term plan.Solutions:
-
Control 8: Audit Log Management
Rapid7 solutions identify systems, ingest audit logs, and identify the anomalies and events of interest for each organization as they occur.
Rapid7 Global Services tailor to your organization's monitoring by evaluating your incident detection and response program, recommending best practices to enhance auditing and incident response plans, and augment, as necessary, with a fully managed detection and response team.Solutions:
-
Control 9: Email and Web Browser Protections
Rapid7 solutions analyze links received through email, identify filtering services on both endpoints and servers, and test out the effectiveness of all protections.
Rapid7 Global Services observe your security program, identify best practices for defanging email attachments, and recommend tools for protecting users from email and web threats.Solutions:
-
Control 10: Malware Defenses
Rapid7 solutions detect both known malware and unknown suspicious software, in addition to testing evasion techniques for malware defenses.
Rapid7 Global Services evaluate existing processes, roles, and technologies for malware defenses to recommend the best next steps for each organization moving forward.Solutions:
-
Control 11: Data Recovery Capabilities
Rapid7 Global Services tailor to your organization's infrastructure by recommending system backup technology and, most importantly, helping to implement a robust restoration testing process.
Solutions:
-
Control 12: Limitation and Control of Network Ports, Protocols, and Services
Rapid7 solutions track activity across ports and protocols, identify running services, and test host-based firewalls for susceptibility to attack.
Rapid7 Global Services use industry best practices to help implement a realistic model for reducing risks that match each organization’s business with appropriate network controls.Solutions:
-
Control 13: Network Monitoring and Defense
Rapid7 solutions audit system authentication controls, test for weak and shared passwords, and alert on any potential authentication-based attacks or misuse of privileges.
Rapid7 Global Services examine existing authentication log review processes and help to ensure authentication control policies are followed appropriately.Solutions:
-
Control 14: Implement a Security Awareness and Training Program
Rapid7 solutions help organizations assess the security skills of all employees through simulated phishing and social engineering campaigns and the identification of asset misuse and abuse.
Rapid7 Global Services customize security awareness training for your organization and determine if authentication control policies are followed appropriately.
Solutions:
-
Control 15: Wireless Access Control
Rapid7 solutions identify rogue wireless access points and detect unknown devices connecting to the wireless network to reduce threats from this attack vector.
Rapid7 Global Services review existing wireless access points, network access controls, and usage of virtual LANs within each organization to identify any gaps and determine improvements in security.Solutions:
-
Control 16: Application Software Security
Rapid7 solutions scan custom applications, third-party software, and databases to identify vulnerabilities and produce clear remediation recommendations.
Rapid7 Global Services evaluate your organization’s usage of third-party software and software development lifecycle (SDLC) to design the right application security policy for your organization.Solutions:
-
Control 17: Incident Response and Management
Rapid7 solutions test existing incident response capabilities and ease the detection and response process, optionally through technology or a managed service.
Rapid7 Global Services optimize monitoring and incident response processes for each organization in complement to tabletop exercises and other simulated attack scenarios.Solutions:
-
Control 18: Penetration Tests and Red Team Exercises
Rapid7 solutions simplify penetration testing operations and track the results over time to help organizations address issues to help prevent future gaps from arising.
Rapid7 Global Services map out an appropriate penetration testing cadence for each organization in combination with blue team and other related exercises.Solutions:
