Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Similar documents
K12 Cybersecurity Roadmap

CyberSecurity: Top 20 Controls

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Cyber Protections: First Step, Risk Assessment

TIPS FOR AUDITING CYBERSECURITY

How to Develop Key Performance Indicators for Security

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

How Breaches Really Happen

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Automating the Top 20 CIS Critical Security Controls

WHO AM I? Been working in IT Security since 1992

Ingram Micro Cyber Security Portfolio

Cybersecurity Today Avoid Becoming a News Headline

Tips for Passing an Audit or Assessment

Designing and Building a Cybersecurity Program

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Putting the 20 Critical Controls into Action: Real World Use Cases. Lawrence Wilson, UMass, CSO Wolfgang Kandek, Qualys, CTO

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Back to Basics: Basic CIS Controls

NEN The Education Network

Mitigation Controls on. 13-Dec-16 1

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

ISE North America Leadership Summit and Awards

CISO as Change Agent: Getting to Yes

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

VIVOTEK. Security Hardening Guide

Cyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks

Critical Hygiene for Preventing Major Breaches

Les joies et les peines de la transformation numérique

CompTIA Cybersecurity Analyst+

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Building Secure Systems

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cybersecurity Test and Evaluation Achievable and Defensible Architectures

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Building Resilience in a Digital Enterprise

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Personal Physical Security

CYBERSECURITY MATURITY ASSESSMENT

Avoiding an Information Security Mismanagement Program through Fundamentals. Bill Curtis, SynerComm

Tech TV Series. Lisa Niles CISSP, Chief Solution Architect

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Tripwire State of Cyber Hygiene Report

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Aligning with the Critical Security Controls to Achieve Quick Security Wins

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

Blue Team Handbook: Incident Response Edition

align security instill confidence

Providing Cybersecurity Inventory, Compliance Tracking, and C2 in a Heterogeneous Tool Environment

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

The CIS Critical Security Controls are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Privacy Implications Guide. for. the CIS Critical Security Controls (Version 6)

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

Click to edit Master title style. DIY vs. Managed SIEM

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Understanding IT Audit and Risk Management

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Cyber Hygiene: A Baseline Set of Practices

Indicate whether the statement is true or false.

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Exposing The Misuse of The Foundation of Online Security

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

ETSI TR V1.1.1 ( )

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

CIT 480: Securing Computer Systems. Putting It All Together

CND Exam Blueprint v2.0

Security Metrics and Their Importance

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

ISACA Arizona May 2016 Chapter Meeting

Security Hygiene. Be in a defensible position. Be cyber resilient. November 8 th, 2017

10 FOCUS AREAS FOR BREACH PREVENTION

Cybersecurity The Evolving Landscape

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

How to manage evolving threats on evolving ICT assets across Enterprise

the SWIFT Customer Security

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Transcription:

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense Christian Espinosa Alpine Security christian.espinosa@alpinesecurity.com

Background Christian Espinosa christian.espinosa@alpinesecurity.com Entrepreneur, Penetration Tester, Security Researcher, Incident Response, Survival Instructor for Bear Grylls Projects: Commercial Aircraft Penetration Testing, Healthcare Pen Testing, Abu Dhabi Forensic Work, Enterprise Security Analysis Ed: BSGE, MBA Certs: CISSP, CCSP, CISA, CRISC, CPT, CSSA, CEPT, CEH, CREA, ECI, LPT Patents: Systems and Methods for a Simulated Network Traffic Generator. US 2009/0319248 A1. December 24, 2009. Systems and Methods for Network Monitoring and Analysis of a Simulated Network. US 20009/0319249 A1. December 24, 2009. Systems and Methods for a Simulated Network Attack Generator. US 2009/0320137 A1. December 24, 2009. Interests: Ironman Triathlon, Mountaineering, Travel, Security, Things that Involve a Waiver

Overview Are we Winning? Why the Center for Internet Security Critical Security Controls (CIS CSC) CIS CSC Tenets Top 20 Top 5 Deep Dive Tips

Are We Winning?

Unfortunate Facts Most compromises are based on known problems that have known solutions 85+% of incidents managed by the US-CERT come down to the same 5 basic defenses Most attacks should have been blocked at the perimeter Very few attackers use stealth techniques Very few defenders have automated workflow

Source: Mandiant M-Trends 2015

Source: Mandiant M-Trends 2015

Which should we do first? Penetration Test vs Asset Inventory

Which should we do first? (20) Penetration Test vs (1) Asset Inventory

Which should we do first? Data Loss Prevention (DLP) vs Audit Log Maintenance

Which should we do first? (13) Data Loss Prevention (DLP) vs (6) Audit Log Maintenance

Why CIS CSC?

Risk-Based What are we trying to protect? How much should we spend? Risk is function of threat (offense), vulnerability (defense), probability, and, consequence What can be controlled?

Priority-Based

Not Compliance-Based

Community-Based

Dynamic Updated as attacks evolve and lessons are learned from breaches Changes from v5.1 to 6:

Affordable

Reality-Based

Simple

CSC Five Tenets

Offense Informs Defense

Prioritization

Metrics

Continuous Diagnostics and Mitigation (CDM)

Automation

Top 20 Controls

CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrator Privileges CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs CSC 7: Email and Web Browser Protections CSC 8: Malware Defenses CSC 9: Limitation and Control of Network Ports, Protocols, and Services CSC 10: Data Recovery Capability CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches CSC 12: Boundary Defense CSC 13: Data Protection CSC 14: Controlled Access Based on the Need to Know CSC 15: Wireless Access Control CSC 16: Account Monitoring and Control CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps CSC 18: Application Software Security CSC 19: Incident Response and Management CSC 20: Penetration Tests and Red Team Exercises

Top 5 Controls Deep Dive

Top 5 Foundational Cyber Hygiene (FCH) Prevents/stops 85-90% attacks CSC 1: Inventory of Authorized and Unauthorized Devices CSC 2: Inventory of Authorized and Unauthorized Software CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrator Privileges

Know authorized & unauthorized devices Know authorized & unauthorized software You can t defend what you don t know

Control Basics Categories System Network Application Layout Why is the Control Critical? Procedures and Tools Entity Relationship Diagram

CSC 1: Inventory of Authorized and Unauthorized Devices Why? Unpatched Systems, Unchecked Networks, BYOD

CSC 1: Inventory of Authorized and Unauthorized Devices Procedures and Tools Active scanning Passive scanning DHCP 802.1x

CSC 2: Inventory of Authorized and Unauthorized Software Why? Attackers look for vulnerable software, malware installation, etc.

CSC 2: Inventory of Authorized and Unauthorized Software Procedures and Tools Application Whitelisting Application Blacklisting

CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Why? Default configuration designed for use, not security. Security Decay.

CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Procedures and Tools: Security Baselines CIS Benchmarks NIST National Checklist

CSC 4: Continuous Vulnerability Assessment and Remediation Why? Attackers exploit vulnerable systems.

CSC 4: Continuous Vulnerability Assessment and Remediation Procedures and Tools Vulnerability Scanning Tools

CSC 5: Controlled Use of Administrator Privileges Why? One of the primary means attackers spread through an enterprise.

CSC 5: Controlled Use of Administrator Privileges Procedures and Tools Use Built-in OS Features (runas, sudo, strong passwords, etc.)

Tips Take inventory and/or use existing tools or free tools to start. CSC 1: Nmap, DHCP, 802.1x, Wireshark CSC 2: Windows SRP, GPOs CSC 3: CIS Security Benchmarks, DISA STIGs https://benchmarks.cisecurity.org/ http://iase.disa.mil/stigs/pages/index.aspx CSC 4: OpenVAS, Nmap CSC 5: Runas, sudo

Contact Info Christian Espinosa christian.espinosa@alpinesecurity.com www.alpinesecurity.com CIS CSC: https://www.cisecurity.org/critical-controls.cfm

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback