Tenable’s Critical Cyber Controls for Secure Systems

With an ever changing dynamic IT landscape, it is critical you transform your information security strategy to be continuously responsive to the pressing demands of your business and today’s security risk. But it can be challenging to know where to start when developing and evolving your security program.

How can you know if you are taking the right steps and if you are doing enough to protect your assets and business?

Do you know where to look for guidance?

Security has had to reinvent itself to protect organizations worldwide from the inevitable breach or attack that will occur as businesses become more digital. To make this transformation, you need to draw from a variety of consortiums, standards and best-practices that have been published. Many leading organizations look to these cybersecurity standards against which to measure their information security practices, such as:

Tenable security experts examined these and other standards and distilled the recommendations into 5 core controls which make it easy to draw from the industry’s best practices.

• The 20 Critical Security Controls from the SANS Institute and the Council on CyberSecurity
• The NIST Cybersecurity Framework
• The National Campaign for Cyber Hygiene from the Center for Internet Security and the Council on CyberSecurity
• The PCI Data Security Standard

All of these standards are well thought out, but sometimes reading and understanding the standards can be overwhelming. The good news is that these standards all share common elements and themes, and adopting any standard will help ensure that you mitigate the most vulnerable parts of your security controls.

Tenable’s Critical Cyber Controls

To help you formulate an effective security policy, our Tenable security experts examined these and other standards and distilled the recommendations into 5 core controls which make it easy to draw from the industry’s best practices. By adopting the Tenable Critical Cyber Controls, you will highlight the strengths and weaknesses of your organization so you can take action to prevent malicious activity:

1. Track your authorized inventory of hardware and software: Discovery of all assets is a critical first step, including identification of all authorized or unauthorized hardware and software, transient devices and applications, unknown endpoints, BYOD devices, network devices, platforms, operating systems, virtual systems, cloud applications and services. The optimum solution should include a combination of automated discovery technologies running in near real time.

2. Continuously remove vulnerabilities and misconfigurations: To remove all vulnerabilities, you must implement a regular continuous monitoring program. Procedures should include three areas:

   • Applying software, hardware, and cloud service patches to remove vulnerabilities
   • Applying configuration changes to limit malicious exploits
   • Applying additional host or network based security monitoring

   Tenable recommends that you organize your technologies by business function and asset. Each asset should be assessed and patched on an agreed upon schedule with a repeatable process.

3. Deploy a secure network: Network security should be a daily practice. For each asset, one or several mitigating technologies can be deployed to prevent or detect malicious activity. For example, host based technologies include anti-virus, application white-listing and system monitoring; network based technologies include activity monitoring, intrusion prevention and access control; auditing cloud-based technologies can be done with APIs, threat subscriptions and network monitoring or endpoint system monitoring.

4. Give users access to only what they need: All users should have a demonstrated business need to access specific systems and data. Limit and control administrative privileges, avoid using default accounts, enforce strong password creation, and log all accesses. Tenable recommends that you implement multiple technologies to determine active user accounts, such as authentication logging and network protocol analysis.

5. Search for malware and intruders: You must actively monitor your systems for anomaly detection and exploitation. It is frankly unrealistic to expect your systems to be 100% incident free. Attackers acquire new technologies every day; you have to stay one step ahead of them by proactively managing your systems with near real time continuous scanning for viruses, malware, exploits and inside threats. Each of the previous 4 controls make your search for malicious activity easier and create several audit trails to be used in a forensic analysis.

Take charge of cybersecurity; strive to implement these five critical controls for a healthy network.

Take charge with continuous network monitoring

Are you doing all this now? And even if you are, do you monitor the effectiveness of these IT controls to assure that you’re in a known, good state continuously? If you see gaps in your information security program, adopting a truly continuous network monitoring strategy is the best way to mitigate enterprise risk. A continuous network monitoring solution like SecurityCenter Continuous View™ allows organizations to leverage automation and to easily detect if you are performing these basic security controls.

Take charge of cybersecurity; strive to implement these five critical controls for a healthy network.

This blog entry was updated on March 16, 2015.