SlideShare a Scribd company logo

SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4

Lisa Niles
Lisa Niles

This document discusses Continuous Vulnerability Assessment and Remediation, which is Control 4 from the CIS Top 20 Critical Security Controls. It emphasizes the importance of continuously scanning systems for vulnerabilities, prioritizing remediation of the most critical issues, and ensuring vulnerabilities are addressed in a timely manner through patching or other methods. The document provides an overview of the key aspects of Control 4 and offers suggestions for tools that can be used to implement continuous scanning and vulnerability management.

Technology
1 of 52
Download to read offline
CIS Top 20 #4 Continuous Vulnerability Assessment & Remediation
CIS Top 20 Critical Security Controls • Organizations must know at all times: – Which vulnerabilities are present in their IT assets – The level of risk each one carries – Remediation of affected IT assets
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • This week, we’re focusing on CIS Control 4: Continuous Vulnerability Assessment and Remediation. • More specifically: “Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.”
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • Stay informed • Putting it together • Its all about reducing risk
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls Why is CIS Control 4 critical? • Organizations that do not scan for vulnerabilities and proactively address discovered flaws face significant likelihood of having their computer systems compromised
CIS Top 20 Critical Security Controls How to Get Started Step 1. Gap Assessment. 2. Implementation Roadmap 3. Implement the First Phase of Controls 4. Integrate Controls into Operations 5. Report and Manage Progress
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • CSC 4.1 Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis • CSC 4.1 Procedure: Scan entire network daily using SCAP(Security Content Automation Protocol) scanner • The organization: – IT department to run SCAP scan weekly (Monday mornings) – IT department will review SCAN logs for completeness – Metrics: – IT department will report in new vulnerabilities – The IT department will audit SIEM logs daily
CIS Top 20 Critical Security Controls • No one solution will prevent all attacks, vulnerability assessment is a matter of foundational security practice
CIS Top 20 Critical Security Controls • Identified vulnerabilities or misconfigurations, patches (or updates) must be applied to all affected • Where possible, automate patch management. Basic preventive hygiene practices that will significantly enhance your security posture.
CIS Top 20 Critical Security Controls • Routinely check system logs to verify that vulnerabilities have been addressed and identify any scanning problems • By comparing logs over time, you can see look for patterns and ensure that any scanning activity taking place • Since automated patching tools may not detect or install all patches, you can compare system logs against patches listed on vendor websites to ensure you’ve got the latest security updates.
CIS Top 20 Critical Security Controls 4.1 Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis and deliver prioritized lists of the most critical vulnerabilities to each responsible system administrator along with risk scores that compare the effectiveness of system administrators and departments in reducing risk. Use a SCAP-validated vulnerability scanner that looks for both code-based vulnerabilities (such as those described by Common Vulnerabilities and Exposures entries) and configuration-based vulnerabilities (as enumerated by the Common Configuration Enumeration Project). 4.2 Correlate event logs with information from vulnerability scans to fulfill two goals. First, personnel should verify that the activity of the regular vulnerability scanning tools is itself logged. Second, personnel should be able to correlate attack detection events with prior vulnerability scanning results to determine whether the given exploit was used against a target known to be vulnerable. 4.3 Perform vulnerability scanning in authenticated mode either with agents running locally on each end system to analyze the security configuration or with remote scanners that are given administrative rights on the system being tested. Use a dedicated account for authenticated vulnerability scans, which should not be used for any other administrative activities and should be tied to specific machines at specific IP addresses. Ensure that only authorized employees have access to the vulnerability management user interface and that roles are applied to each user. 4.4 Subscribe to vulnerability intelligence services in order to stay aware of emerging exposures, and use the information gained from this subscription to update the organization’s vulnerability scanning activities on at least a monthly basis. Alternatively, ensure that the vulnerability scanning tools you use are regularly updated with all relevant important security vulnerabilities. 4.5 Deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. Patches should be applied to all systems, even systems that are properly air gapped. 4.6 Monitor logs associated with any scanning activity and associated administrator accounts to ensure that this activity is limited to the timeframes of legitimate scans. 4.7 Compare the results from back-to-back vulnerability scans to verify that vulnerabilities were addressed either by patching, implementing a compensating control, or documenting and accepting a reasonable business risk. Such acceptance of business risks for existing vulnerabilities should be periodically reviewed to determine if newer compensating controls or subsequent patches can address vulnerabilities that were previously accepted, or if conditions have changed, increasing the risk. 4.8 Establish a process to risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets (example, DMZ servers, internal network servers, desktops, laptops). Apply patches for the riskiest vulnerabilities first. A phased rollout can be used to minimize the impact to the organization. Establish expected patching timelines based on the risk rating level.
CIS Top 20 Critical Security Controls • 4-1 Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis and deliver prioritized lists of the most critical vulnerabilities to each responsible system administrator along with risk scores that compare the effectiveness of system administrators and departments in reducing risk. • Free Tools • CIS Cis-Cat - Our friends at CIS • AlienVault OSSIM - OpenSource fairly comprehensive • OpenVAS - Comes in AlienVault, but if you JUST need a vulnerability scanner, this is it. • Rapid 7 Rapid 7 IoT Seeker seek Iot devices and check for default passwords • Commercial Tools • Nessus - Industry known and trusted scanner. • Nexpose - Rapid7 Vulnerability scanner
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • 4-2 Correlate event logs with information from vulnerability scans to fulfill two goals. First, personnel should verify that the activity of the regular vulnerability scanning tools themselves is logged. Second, personnel should be able to correlate attack detection events with earlier vulnerability scanning results to determine whether the given exploit was used against a target known to be vulnerable. • Free Tools • AlienVault OSSIM - again • OpenVAS - Comes in AlienVault, but if you JUST need a vulnerability scanner, this is it. • Commercial Tools • Nessus - Industry known and trusted scanner. • Nexpose - Rapid7 Vulnerability scanner • Qualys - Qualys Vulnerability scanner
CIS Top 20 Critical Security Controls • 4-3 - Perform vulnerability scanning in authenticated mode either with agents running locally on each end system to analyze the security configuration or with remote scanners that are given administrative rights on the system being tested. • Free Tools • AlienVault OSSIM - What can't it do??? • OpenVAS - Comes in AlienVault, but if you JUST need a vulnerability scanner, this is it. • Commercial Tools • Nessus - Industry known and trusted scanner. • Nexpose - Rapid7 Vulnerability scanner • Qualys - Qualys Vulnerability scanner
CIS Top 20 Critical Security Controls • 4-4 - Subscribe to vulnerability intelligence services in order to stay aware of emerging exposures, and use the information gained from this subscription to update the organization's vulnerability scanning activities on at least a monthly basis. • Free Tools • You must get these tools from each vendor you use. Usually these would be mailing lists, RSS feeds, etc.. A few I subscribe to: • https://isc.sans.edu/newssummary.html • http://sectools.org/ • CVE - Common Vulnerability and Exposures subject to National Vulnerability Database • OpenSSL - Stay up to date for the next Heart Bleed • https://www.us-cert.gov/ncas/current-activity, (Alerts & tips), • http://www2.mitre.org/work/sepo/toolkits/risk/ • OWASP – Vulnerabilities. Rating and more • Vendors: Trendmicro, FireEye
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • 4-5 - Deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. • Free Tools • Ninite - While not free, it is DIRT CHEEP. But only patches 3rd party applications listed on its website. • Microsoft System Center Configuration Manager SCCM patch management capabilities have been a de facto standard for enterprise IT shops for many years. • Commercial Tools • Solarwinds - SolarWinds Patch Management Suite for scanning, patching, management, LEM • Tenable - suite of course with VM, inventory, configuration settings • LanGuard - most platforms
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • 4-6 - Carefully monitor logs associated with any scanning activity and associated administrator accounts to ensure that all scanning activity and associated access via the privileged account is limited to the timeframes of legitimate scans. Free Tools • Netwrix - AD Change Reporter Free • Scripted - on github • GPO - Only enables logging, you still need to alert • Commercial Tools • Solarwinds - Part of LEM suite • Splunk also offers commercial versions of their free tool above. • Rapid7 part of complete suite.
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • 4-7 - Compare the results from back-to-back vulnerability scans to verify that vulnerabilities were addressed either by patching, implementing a compensating control, or documenting and accepting a reasonable business risk. – This is more of a process than a tool. • 4-8- Establish a process to risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets (example, DMZ servers, internal network servers, desktops, laptops).
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • Vulnerability Factors: Goal is to estimate the likelihood of the particular vulnerability being discovered and exploited. • Ease of discovery How easy is it for this group of threat agents to discover this vulnerability? • Ease of exploit How easy is it for this group of threat agents to actually exploit this vulnerability? • Awareness How well known is this vulnerability to this group of threat agents? • Intrusion detection How likely is an exploit to be detected?
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls
CIS Top 20 Critical Security Controls • Center for Internet Security (CIS): https://www.cisecurity.org/ • NIST Cyber Security Framework (CSF): http://www.nist.gov/cyberframework/ • CIS Critical Security Controls (CSC): https://www.cisecurity.org/critical-controls.cfm • Auditscripts resources (provided by James Tarala, CSC Editor): https://www.auditscripts.com/free-resources/critical-security-controls/ • STIG https://iase.disa.mil/stigs/Pages/index.aspx
CIS Top 20 Critical Security Controls • SynerComm’s IT Summit • April 9-10th • Lambeau Field, Green Bay, WI • Validate Your IT Strategy • FREE!! • Register: www.events.synercomm.com
CIS Top 20 Critical Security Controls Thank you for Attending. Hope you can join us for the Complete CIS Top 20 CSC Tuesday March 20th CIC CSC #5 Controlled Use of Administrative Privileges

Recommended

SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
Lisa Niles
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
Lisa Niles
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1
Lisa Niles
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
Lisa Niles
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
EnclaveSecurity
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
EnclaveSecurity
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
Hafid CHEBRAOUI
 

Recommended

SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #2
Lisa Niles
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
Lisa Niles
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #1
Lisa Niles
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #5
Lisa Niles
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
EnclaveSecurity
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
EnclaveSecurity
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
Hafid CHEBRAOUI
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
Edgar Alejandro Villegas
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Dominique Dessy
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controls
EnclaveSecurity
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
John M. Willis
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
John Gilligan
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
EnclaveSecurity
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
EnclaveSecurity
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
EnclaveSecurity
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
Tahir Abbas
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
John Gilligan
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCFuad Khan
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
Black Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 

More Related Content

What's hot

SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
Edgar Alejandro Villegas
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Dominique Dessy
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controls
EnclaveSecurity
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
John M. Willis
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
John Gilligan
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
EnclaveSecurity
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
EnclaveSecurity
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
EnclaveSecurity
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
Tahir Abbas
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
John Gilligan
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
AlienVault
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCFuad Khan
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 

What's hot (20)

SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controls
 
Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...Extending the 20 critical security controls to gap assessments and security m...
Extending the 20 critical security controls to gap assessments and security m...
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...20 Critical Controls for Effective Cyber Defense (A must read for security pr...
20 Critical Controls for Effective Cyber Defense (A must read for security pr...
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOC
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Soc
SocSoc
Soc
 

Similar to SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4

PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
Black Duck by Synopsys
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
Black Duck by Synopsys
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
Cyber security professional services- Detox techno
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
Jim Piechocki
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
TikdiPatel
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
Dedi Dwianto
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...Risk Analysis Consultants, s.r.o.
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
rbrockway
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
GermanERuizCorrales
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
Black Duck by Synopsys
 
201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystepAllan Crowe PCIP
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
Cam Fulton
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
Bluechip Gulf IT Services
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
Thiagu Haldurai
 
What to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration TestWhat to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration Test
ShyamMishra72
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
Ryan Faircloth
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-SessionRyan Faircloth
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
ARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management Platform
Tieu Luu
 

Similar to SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4 (20)

PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?PCI and Vulnerability Assessments - What’s Missing?
PCI and Vulnerability Assessments - What’s Missing?
 
Types of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdfTypes of Vulnerability Scanning An in depth investigation.pdf
Types of Vulnerability Scanning An in depth investigation.pdf
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
 
201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep201512 - Vulnerability Management -PCI Best Practices - stepbystep
201512 - Vulnerability Management -PCI Best Practices - stepbystep
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
The uncool-security-hygiene
The uncool-security-hygieneThe uncool-security-hygiene
The uncool-security-hygiene
 
What to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration TestWhat to Expect During a Vulnerability Assessment and Penetration Test
What to Expect During a Vulnerability Assessment and Penetration Test
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
ARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management PlatformARES Next-Gen Risk Management Platform
ARES Next-Gen Risk Management Platform
 

Recently uploaded

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

SynerComm's Tech TV series CIS Top 20 Critical Security Controls #4

  • 1. CIS Top 20 #4 Continuous Vulnerability Assessment & Remediation
  • 2. CIS Top 20 Critical Security Controls • Organizations must know at all times: – Which vulnerabilities are present in their IT assets – The level of risk each one carries – Remediation of affected IT assets
  • 3. CIS Top 20 Critical Security Controls
  • 4. CIS Top 20 Critical Security Controls • This week, we’re focusing on CIS Control 4: Continuous Vulnerability Assessment and Remediation. • More specifically: “Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.”
  • 5. CIS Top 20 Critical Security Controls
  • 6. CIS Top 20 Critical Security Controls
  • 7. CIS Top 20 Critical Security Controls
  • 8. CIS Top 20 Critical Security Controls
  • 9. CIS Top 20 Critical Security Controls
  • 10. CIS Top 20 Critical Security Controls • Stay informed • Putting it together • Its all about reducing risk
  • 11. CIS Top 20 Critical Security Controls
  • 12. CIS Top 20 Critical Security Controls Why is CIS Control 4 critical? • Organizations that do not scan for vulnerabilities and proactively address discovered flaws face significant likelihood of having their computer systems compromised
  • 13. CIS Top 20 Critical Security Controls How to Get Started Step 1. Gap Assessment. 2. Implementation Roadmap 3. Implement the First Phase of Controls 4. Integrate Controls into Operations 5. Report and Manage Progress
  • 14. CIS Top 20 Critical Security Controls
  • 15. CIS Top 20 Critical Security Controls • CSC 4.1 Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis • CSC 4.1 Procedure: Scan entire network daily using SCAP(Security Content Automation Protocol) scanner • The organization: – IT department to run SCAP scan weekly (Monday mornings) – IT department will review SCAN logs for completeness – Metrics: – IT department will report in new vulnerabilities – The IT department will audit SIEM logs daily
  • 16. CIS Top 20 Critical Security Controls • No one solution will prevent all attacks, vulnerability assessment is a matter of foundational security practice
  • 17. CIS Top 20 Critical Security Controls • Identified vulnerabilities or misconfigurations, patches (or updates) must be applied to all affected • Where possible, automate patch management. Basic preventive hygiene practices that will significantly enhance your security posture.
  • 18. CIS Top 20 Critical Security Controls • Routinely check system logs to verify that vulnerabilities have been addressed and identify any scanning problems • By comparing logs over time, you can see look for patterns and ensure that any scanning activity taking place • Since automated patching tools may not detect or install all patches, you can compare system logs against patches listed on vendor websites to ensure you’ve got the latest security updates.
  • 19. CIS Top 20 Critical Security Controls 4.1 Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis and deliver prioritized lists of the most critical vulnerabilities to each responsible system administrator along with risk scores that compare the effectiveness of system administrators and departments in reducing risk. Use a SCAP-validated vulnerability scanner that looks for both code-based vulnerabilities (such as those described by Common Vulnerabilities and Exposures entries) and configuration-based vulnerabilities (as enumerated by the Common Configuration Enumeration Project). 4.2 Correlate event logs with information from vulnerability scans to fulfill two goals. First, personnel should verify that the activity of the regular vulnerability scanning tools is itself logged. Second, personnel should be able to correlate attack detection events with prior vulnerability scanning results to determine whether the given exploit was used against a target known to be vulnerable. 4.3 Perform vulnerability scanning in authenticated mode either with agents running locally on each end system to analyze the security configuration or with remote scanners that are given administrative rights on the system being tested. Use a dedicated account for authenticated vulnerability scans, which should not be used for any other administrative activities and should be tied to specific machines at specific IP addresses. Ensure that only authorized employees have access to the vulnerability management user interface and that roles are applied to each user. 4.4 Subscribe to vulnerability intelligence services in order to stay aware of emerging exposures, and use the information gained from this subscription to update the organization’s vulnerability scanning activities on at least a monthly basis. Alternatively, ensure that the vulnerability scanning tools you use are regularly updated with all relevant important security vulnerabilities. 4.5 Deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. Patches should be applied to all systems, even systems that are properly air gapped. 4.6 Monitor logs associated with any scanning activity and associated administrator accounts to ensure that this activity is limited to the timeframes of legitimate scans. 4.7 Compare the results from back-to-back vulnerability scans to verify that vulnerabilities were addressed either by patching, implementing a compensating control, or documenting and accepting a reasonable business risk. Such acceptance of business risks for existing vulnerabilities should be periodically reviewed to determine if newer compensating controls or subsequent patches can address vulnerabilities that were previously accepted, or if conditions have changed, increasing the risk. 4.8 Establish a process to risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets (example, DMZ servers, internal network servers, desktops, laptops). Apply patches for the riskiest vulnerabilities first. A phased rollout can be used to minimize the impact to the organization. Establish expected patching timelines based on the risk rating level.
  • 20. CIS Top 20 Critical Security Controls • 4-1 Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis and deliver prioritized lists of the most critical vulnerabilities to each responsible system administrator along with risk scores that compare the effectiveness of system administrators and departments in reducing risk. • Free Tools • CIS Cis-Cat - Our friends at CIS • AlienVault OSSIM - OpenSource fairly comprehensive • OpenVAS - Comes in AlienVault, but if you JUST need a vulnerability scanner, this is it. • Rapid 7 Rapid 7 IoT Seeker seek Iot devices and check for default passwords • Commercial Tools • Nessus - Industry known and trusted scanner. • Nexpose - Rapid7 Vulnerability scanner
  • 21. CIS Top 20 Critical Security Controls
  • 22. CIS Top 20 Critical Security Controls
  • 23. CIS Top 20 Critical Security Controls
  • 24. CIS Top 20 Critical Security Controls
  • 25. CIS Top 20 Critical Security Controls
  • 26. CIS Top 20 Critical Security Controls • 4-2 Correlate event logs with information from vulnerability scans to fulfill two goals. First, personnel should verify that the activity of the regular vulnerability scanning tools themselves is logged. Second, personnel should be able to correlate attack detection events with earlier vulnerability scanning results to determine whether the given exploit was used against a target known to be vulnerable. • Free Tools • AlienVault OSSIM - again • OpenVAS - Comes in AlienVault, but if you JUST need a vulnerability scanner, this is it. • Commercial Tools • Nessus - Industry known and trusted scanner. • Nexpose - Rapid7 Vulnerability scanner • Qualys - Qualys Vulnerability scanner
  • 27. CIS Top 20 Critical Security Controls • 4-3 - Perform vulnerability scanning in authenticated mode either with agents running locally on each end system to analyze the security configuration or with remote scanners that are given administrative rights on the system being tested. • Free Tools • AlienVault OSSIM - What can't it do??? • OpenVAS - Comes in AlienVault, but if you JUST need a vulnerability scanner, this is it. • Commercial Tools • Nessus - Industry known and trusted scanner. • Nexpose - Rapid7 Vulnerability scanner • Qualys - Qualys Vulnerability scanner
  • 28. CIS Top 20 Critical Security Controls • 4-4 - Subscribe to vulnerability intelligence services in order to stay aware of emerging exposures, and use the information gained from this subscription to update the organization's vulnerability scanning activities on at least a monthly basis. • Free Tools • You must get these tools from each vendor you use. Usually these would be mailing lists, RSS feeds, etc.. A few I subscribe to: • https://isc.sans.edu/newssummary.html • http://sectools.org/ • CVE - Common Vulnerability and Exposures subject to National Vulnerability Database • OpenSSL - Stay up to date for the next Heart Bleed • https://www.us-cert.gov/ncas/current-activity, (Alerts & tips), • http://www2.mitre.org/work/sepo/toolkits/risk/ • OWASP – Vulnerabilities. Rating and more • Vendors: Trendmicro, FireEye
  • 29. CIS Top 20 Critical Security Controls
  • 30. CIS Top 20 Critical Security Controls
  • 31. CIS Top 20 Critical Security Controls
  • 32. CIS Top 20 Critical Security Controls
  • 33. CIS Top 20 Critical Security Controls • 4-5 - Deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. • Free Tools • Ninite - While not free, it is DIRT CHEEP. But only patches 3rd party applications listed on its website. • Microsoft System Center Configuration Manager SCCM patch management capabilities have been a de facto standard for enterprise IT shops for many years. • Commercial Tools • Solarwinds - SolarWinds Patch Management Suite for scanning, patching, management, LEM • Tenable - suite of course with VM, inventory, configuration settings • LanGuard - most platforms
  • 34. CIS Top 20 Critical Security Controls
  • 35. CIS Top 20 Critical Security Controls
  • 36. CIS Top 20 Critical Security Controls
  • 37. CIS Top 20 Critical Security Controls • 4-6 - Carefully monitor logs associated with any scanning activity and associated administrator accounts to ensure that all scanning activity and associated access via the privileged account is limited to the timeframes of legitimate scans. Free Tools • Netwrix - AD Change Reporter Free • Scripted - on github • GPO - Only enables logging, you still need to alert • Commercial Tools • Solarwinds - Part of LEM suite • Splunk also offers commercial versions of their free tool above. • Rapid7 part of complete suite.
  • 38. CIS Top 20 Critical Security Controls
  • 39. CIS Top 20 Critical Security Controls
  • 40. CIS Top 20 Critical Security Controls
  • 41. CIS Top 20 Critical Security Controls
  • 42. CIS Top 20 Critical Security Controls • 4-7 - Compare the results from back-to-back vulnerability scans to verify that vulnerabilities were addressed either by patching, implementing a compensating control, or documenting and accepting a reasonable business risk. – This is more of a process than a tool. • 4-8- Establish a process to risk-rate vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets (example, DMZ servers, internal network servers, desktops, laptops).
  • 43. CIS Top 20 Critical Security Controls
  • 44. CIS Top 20 Critical Security Controls
  • 45. CIS Top 20 Critical Security Controls
  • 46. CIS Top 20 Critical Security Controls • Vulnerability Factors: Goal is to estimate the likelihood of the particular vulnerability being discovered and exploited. • Ease of discovery How easy is it for this group of threat agents to discover this vulnerability? • Ease of exploit How easy is it for this group of threat agents to actually exploit this vulnerability? • Awareness How well known is this vulnerability to this group of threat agents? • Intrusion detection How likely is an exploit to be detected?
  • 47. CIS Top 20 Critical Security Controls
  • 48. CIS Top 20 Critical Security Controls
  • 49. CIS Top 20 Critical Security Controls
  • 50. CIS Top 20 Critical Security Controls • Center for Internet Security (CIS): https://www.cisecurity.org/ • NIST Cyber Security Framework (CSF): http://www.nist.gov/cyberframework/ • CIS Critical Security Controls (CSC): https://www.cisecurity.org/critical-controls.cfm • Auditscripts resources (provided by James Tarala, CSC Editor): https://www.auditscripts.com/free-resources/critical-security-controls/ • STIG https://iase.disa.mil/stigs/Pages/index.aspx
  • 51. CIS Top 20 Critical Security Controls • SynerComm’s IT Summit • April 9-10th • Lambeau Field, Green Bay, WI • Validate Your IT Strategy • FREE!! • Register: www.events.synercomm.com
  • 52. CIS Top 20 Critical Security Controls Thank you for Attending. Hope you can join us for the Complete CIS Top 20 CSC Tuesday March 20th CIC CSC #5 Controlled Use of Administrative Privileges