In the latest release of Aura Asset Intelligence, we introduced the new CIS Controls Report, which provides continuous measurement of several key CIS Controls that are critical to protecting your organization from cyber attack. This post dives into this feature in more detail.
About the CIS Controls
The Center for Internet Security (CIS) Controls, commonly also referred to as the CIS Critical Controls, are a prioritized set of actions to protect your organization and data from known cyber attack vectors. The controls are commonly used by organizations to help strengthen information security posture. There are 20 controls in total, consisting of 6 basic controls, 10 foundational controls and 4 organizational controls. More information on these controls can be found here: https://www.cisecurity.org/controls/cis-controls-list/
Aura’s CIS Controls Report
The new CIS Controls Report in Aura Asset Intelligence harnesses all the rich data generated by Aura to measure and report on several key CIS controls, including all of the basic controls. Using the CIS Controls Report in Aura, you can quickly visualise your security posture and instantly measure your company against several key CIS Security controls.
For example, you can use the report quickly identify assets on your network that are unmanaged and/or missing endpoint controls and protections putting those assets at risk of not having critical software updates or malware protection. The report will also help you identify those assets that have never been vulnerability scanned, leading to the possibility that those assets could have unresolved vulnerabilities putting your company at risk. You can use this report throughout the remediation process to demonstrate the strengthening of your security controls, as you ensure the unmanaged assets are now under management and update your vulnerability scanning accordingly.
CIS Controls Report Details
The report is designed so that each panel reports on a specific CIS Control.
- CIS Control 1 – Inventory and Control of Hardware Assets
- Even when using the best asset management tools, companies struggle to identify all the assets on their network and ensure they are managed. This report identifies all the assets discovered on your network and will tell you how many of these are in your company asset management solution (if you have one). This allows you to finally get an accurate understanding of how many assets you actually have on your network, compared with how many are actually managed or controlled.
- CIS Control 2 – Inventory and Control of Software Assets
- Properly managed assets need to have some form of control on them to prevent unauthorised software from running and to control other processes. This report identifies all the discovered mobile, server and workstation assets that were found to have active endpoint control measures in place and those that do not.
- CIS Control 3 – Continuous Vulnerability Management
- Assets are typically scanned to identify any vulnerabilities and these vulnerabilities remediated accordingly. However, how do you know if all your assets are being scanned? This report identifies all of the server and workstation assets that have been discovered on your network and reports on how many of them have been scanned within the past 7 and 30 days to help identify any gaps in scanning.
- CIS Control 4 – Controlled Use of Administrative Privileges
- Aura discovers all of the identities (i.e. users) actively being used on the assets that it has discovered. Administrative users usually have more privileges and access than regular users, so being able to know that those identities are being used as intended is important. This report leverages unique business logic, to identify the number of administrative user identities that have been discovered.
- CIS Control 5 – Secure Configuration for Hardware and Software
- As well as scanning assets for vulnerabilities and implementing software controls on them, it is important to ensure assets are configured securely and in accordance to any baseline security standards your organization may adopt. This report identifies all the discovered mobile, server and workstation assets that were found to have active configuration management solutions or controls in place and those that do not. By having visibility into those assets that do not you can immediately take corrective action to ensure all assets meet baseline security standards your organization has defined.
- CIS Control 6 – Maintenance, Monitoring and Analysis of Audit Logs
- Audit logs are extremely important in helping an organization detect, understand, or recover from potential attacks. This report identifies the percentage of discovered servers and workstations that were found to be logging their audit logs into your central log collection solution (i.e. Splunk) so that you can ensure your organization has the necessary coverage and visibility with audit logging.
- CIS Control 8 – Malware Defenses
- Malware defenses, such as anti-virus and other endpoint security solutions, are an important part in detecting and remediating malicious software or activity. This report makes it simple to quickly see the discovered servers, workstations and mobile devices that have active malware protection or defenses in place and those that do not enabling precise action to remediate any gaps and reduce the risk of those assets being vulnerable to malware.
As with all reports in Aura, the controls in this report update on a continuous and real-time basis, meaning that any changes are reflected immediately and every time you load the report, you will know you are getting the latest results.
The new CIS Controls Report from Aura Asset Intelligence provides great security insights across your discovered assets and identities. The report allows for instant analysis and its rich reporting helps to get you the answers you need and supports the strengthening of your overall security posture.
For more information about Aura Asset Intelligence, or for a demo, please go to https://AssetIntelligence.app!
© Discovered Intelligence Inc., 2020. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.