Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Similar documents
Devising a Server Protection Strategy with Trend Micro

Devising a Server Protection Strategy with Trend Micro

SANS Top 20 Critical Controls for Effective Cyber Defense

Top 20 Critical Security Controls

Critical Controls for Cyber Security.

Trend Micro. Advanced Security Built for the Cloud

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

PCI DSS 3.0 Compliance

How To Protect Your Cloud From Attack

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Critical Security Controls

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cloud and Data Center Security

Windows Server 2003 End of Support. What does it mean? What are my options?

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

THE TOP 4 CONTROLS.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

FISMA / NIST REVISION 3 COMPLIANCE

The Protection Mission a constant endeavor

Safeguarding the cloud with IBM Dynamic Cloud Security

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Trend Micro Cloud Security for Citrix CloudPlatform

Netzwerkvirtualisierung? Aber mit Sicherheit!

Looking at the SANS 20 Critical Security Controls

NEC Managed Security Services

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

VDI Security for Better Protection and Performance

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

The Cloud App Visibility Blindspot

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

End-user Security Analytics Strengthens Protection with ArcSight

Jumpstarting Your Security Awareness Program

Security Management. Keeping the IT Security Administrator Busy

OVERVIEW. Enterprise Security Solutions

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Total Cloud Protection

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Securing and protecting the organization s most sensitive data

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

External Supplier Control Requirements

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

Virtual Patching: a Proven Cost Savings Strategy

Best Practices for Security and Compliance with Amazon Web Services. A Trend Micro White Paper I April 2013

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Protecting Your Organisation from Targeted Cyber Intrusion

Enterprise Security Solutions

PCI Compliance for Cloud Applications

Proven LANDesk Solutions

How To Integrate Hosted Security With Office 365 And Microsoft Mail Flow Security With Microsoft Security (Hes)

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

INCIDENT RESPONSE CHECKLIST

How To Secure Your System From Cyber Attacks

Breaking down silos of protection: An integrated approach to managing application security

State of Oregon. State of Oregon 1

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Preemptive security solutions for healthcare

IBM Security QRadar Vulnerability Manager

20 Critical Security Controls

Meeting the Challenges of Virtualization Security

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Deep Security Vulnerability Protection Summary

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

How To Implement Data Loss Prevention

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

IBM Endpoint Manager for Core Protection

Ecom Infotech. Page 1 of 6

ForeScout CounterACT. Continuous Monitoring and Mitigation

I D C A N A L Y S T C O N N E C T I O N

CloudCheck Compliance Certification Program

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Continuous Network Monitoring

How To Protect A Virtual Desktop From Attack

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

Cybersecurity and internal audit. August 15, 2014

Assessing the Effectiveness of a Cybersecurity Program

GFI White Paper PCI-DSS compliance and GFI Software products

Attachment A. Identification of Risks/Cybersecurity Governance

How To Buy Nitro Security

Effective End-to-End Cloud Security

IT Security & Compliance. On Time. On Budget. On Demand.

Securing OS Legacy Systems Alexander Rau

The Education Fellowship Finance Centralisation IT Security Strategy

Managing Cloud Computing Risk

IBM QRadar Security Intelligence April 2013

Guideline on Auditing and Log Management

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Transcription:

A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical Security Controls» Addressing the SANS Top 20 Critical Controls can be a daunting task. With a comprehensive range of security controls, Trend Micro Deep Security can help organizations streamline the security of servers across hybrid cloud deployments

INTRODUCTION In the face of increasing reports of data losses, intellectual property theft, credit card breaches, and threats to user privacy, organizations today are faced with a great deal of pressure to ensure that their corporate and user data remains secure. They are also obligated to address compliance with a wide range of industry regulations and laws, making it challenging to understand how best to approach the problem. Finally, with the advent of widespread cloud usage and the shifting to a shared security responsibility model for cloud workloads, organizations are forced to apply security in new ways that often don t fit with traditional approaches. CRITICAL CONTROLS FOR EFFECTIVE CYBER DEFENSE $400 M The estimated financial loss from 700 million compromised records ------------------- 2,122 Confirmed data breaches across 61 countries Source: Verizon 2015 Data Breach Investigations Report the Center for Internet Security s Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization s environment constitutes a lack of reasonable security. California Attorney General, California Dept. of Justice, California Data Breach Report, Feb. 2016 In order to help, the SANS Institute, working in concert with the Center for Internet Security (CIS), has created a comprehensive security framework the Critical Security Controls (CSC) for Effective Cyber Defense (often referred to as the SANS Top 20) 1 that provides organizations with a prioritized, highly focused set of actions that are implementable, usable, scalable, and compliant with global industry & government security requirements. These recommended security controls also serve as the foundation for many regulations & compliance frameworks, including NIST 800-53, PCI DSS 3.1, ISO 27002, CSA, HIPAA, and many others 2. There are several reasons that businesses, regulatory bodies and governments have embraced the Top 20 CSC as the foundation for security strategies and frameworks: Implementation of the controls can reduce the potential impact of known high risk attacks as well as attacks expected in the future. The controls are comprehensive and address the most important areas of concern. The controls were generated by experts in both the federal government and private industry. The controls are well written, approachable and make common security requirements easy to understand and implement. HOW TREND MICRO DEEP SECURITY CAN HELP As organizations implement a security framework like the SANS Top 20 Critical Security Controls to address their needs, Trend Micro Deep Security can play a significant role in addressing many of the critical requirements. Delivered from the market leader in server security 3, Deep Security is a 1 The CIS Critical Security Controls for Effective Cyber Defense Version 6.0. October 2015 2 Mapping to the CIS Critical Security Controls. January 2016 3 IDC, Worldwide Endpoint Security Market Shares: Success of Midsize Vendors, #US40546915, Figure 5, Dec 2015 Page 2 of 7 Trend Micro Whitepaper

comprehensive platform for security that can address server security across physical, virtual, cloud & hybrid environments. Available as software, service, or via the AWS and Azure marketplaces, it can help organizations streamline the purchasing and implementation of the essential security elements recommended by the CIS. Trend Micro Deep Security is a host-based security control platform that secures millions of servers across thousands of customers around the world. It includes a comprehensive set of security controls for protecting servers, including: Network security enabling virtual patching through Intrusion Detection & Protection (IDS/IPS) and a host-based firewall Anti-malware with Web reputation to protect vulnerable systems from the latest in threats System security through integrity monitoring & log inspection, enabling the discovery of unplanned or malicious changes to registry and key system files, as well as discovering anomalies in critical log files. With these controls, Deep Security can help organizations: Defend against network and application threats, leveraging proven host-based network security controls like Intrusion Detection & Protection Protect against vulnerabilities, instantly shielding vulnerable applications and servers with a virtual patch until a workload can be patched or updated Keep malware of workloads, ensuring that servers and applications are protected. Identify suspicious changes on servers, including flagging things like registry settings, system folders, and application files that shouldn t change when they do. Accelerate compliance with key frameworks like the SANS/CIS Critical Security Controls, as well as key regulations like PCI and HIPAA, delivering multiple security controls, central control, and easy reporting in a single product. At a summary level, Deep Security can help with 14 of 20 of the Top 20 Critical Security Controls: Page 3 of 7 Trend Micro Whitepaper

MAPPING THE TOP 20 CRITICAL SECURITY CONTROLS This table below provides a high-level mapping of Deep Security s security controls to the SANS/CIS Top 20 Critical Security Controls, and also provides commentary on where cloud service providers (CSPs) like AWS, Microsoft Azure, and others have a roll to play. CIS CRITICAL SECURITY CONTROL 1. Inventory of Authorized & Unauthorized Devices: Actively manage (inventory, track & correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized & unmanaged devices are found and prevented from gaining access. Will typically be able to generate asset lists via an API Source control Restrict access to APIs Automated server discovery across physical, virtual, & cloud 2. Inventory of Authorized & Unauthorized Software: Actively manage (inventory, track & correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized & unmanaged software is found and prevented from installation or execution. Source control Integrity monitoring 3. Secure Configurations for Hardware & Software on Mobile Devices, Laptops, Workstations, & Servers: Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. Change control of the IaaS layer Source control Integrity monitoring 4. Continuous Vulnerability Assessment & Remediation: Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, & minimize the window of opportunity for attackers. Routing tables Scans as part of deployment Strong patch management Page 4 of 7 Trend Micro Whitepaper Addressing the TOP 20 Critical Security Controls for Effective Cyber Defense

CIS CRITICAL SECURITY CONTROL 5. Controlled Use of Administrative Privileges: The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications. 6. Maintenance, Monitoring, & Analysis of Audit Logs: Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. 7. Email and Web Browser Protections: Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers & email systems. 8. Malware Defenses: Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, & corrective action. IAM (Identity & Access Management) Granular policy support Storage Logging at the IaaS level Netflow logs Principle of least privilege Regular review of access Centralized logging SIEM (Deep Security supports the leaders, including HP ArcSight, IBM QRadar, and Splunk) Regular endpoint patching Anti-malware protection Web reputation services Anti-malware scans File integrity monitoring Web reputation services 9. Limitation and Control of Network Ports, Protocols, and Services: Manage (track/control/ correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers. Application control Secure OS configuration Firewall 10. Data Recovery Capability: The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it. 11. Secure Configurations for Network Devices: Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process. Snapshots for workloads Snapshots for databases Simple high availability They implement & enforce: Configuration of network fabric Separation of virtual private clouds Regular automated snapshots Test restoration Route tables Page 5 of 7 Trend Micro Whitepaper

CIS CRITICAL SECURITY CONTROL 12. Boundary Defense: Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data. 13. Data Protection: The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information. 14. Controlled Access Base on the Need to Know: The processes and tools used to track/control/prevent/correct secure access to critical assets according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification. Routing tables IAM (Identity & Access Management) Routing tables Good network design Firewall Strict access control (Enabling lateral movement detection) Good network design Asset management Firewall 15. Wireless Access Control: The processes and tools used to track/control/prevent/correct the security use of wireless local area networks (LANS), access points, and wireless client systems. Not applicable Not applicable 16. Account Monitoring & Control: Actively manage the life cycle of system and application accounts their creation, use, dormancy, deletion in order to minimize opportunities for attackers to leverage them. IAM (Identity & Access Management) No shared accounts 17. Security Skills Assessment & Appropriate Training to Fill Gaps: For all functional roles in the organization, identify the specific knowledge, skills, and abilities needed to support defense of the enterprise. 18. Application Software Security: Manage the security life cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses. Not applicable A culture of security that spans all functions A business strategy that is secure by design Robust SDLC (virtual patching) Page 6 of 7 Trend Micro Whitepaper

CIS CRITICAL SECURITY CONTROL 19. Incident Response Management: Protect the organization s information, as well as its reputation, by developing and implementing and incident response infrastructure for quickly discovering an attack and then effectively containing the damage, eradicating the attacker s presence, and restoring the integrity of the network and systems. 20. Penetration Tests & Red Team Exercises: Test the overall strength of an organization s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker. Clear, easy-to-follow process Simple communications flow Repeatable procedures Organizations should provide: Scope of engagement Permission from CSP Find out more about how Trend Micro Deep Security can help you more effectively and efficiently implement the SANS Top 20 Critical Security Controls for an effective cyber defense on our web site at www.trendmicro.com/hybridcloud. Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through corporate and value-added resellers and service providers worldwide. For additional information and evaluation copies of Trend Micro products and services, visit our Web site at www.trendmicro.com. TREND MICRO INC. U.S. toll free: +1 800.228.5651 phone: +1 408.257.1500 fax: +1408.257.2003 2016 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and Smart Protection Network are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is subject to change without notice. [WP01_CIS_Top10_160228US] Page 7 of 7 Trend Micro Whitepaper

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information