Implementing CIS Hardening Framework with SanerNow Platform
Introduction
In this fast-paced digital realm, keeping cyberattacks at bay is a task. It’s a necessity now that every organization should abide by a set of best practices to keep them safe from hackers and stay compliant.
One such compliance benchmark is the Center for Internet Security (CIS). CIS benchmarks are the best practices that can be followed by organizations to improve their cybersecurity posture and maintain a secure IT environment.
To attain unique security goals, CIS assigns profile levels to each of its security benchmarks:
Level 1
This level is implemented to lower the attack surface without hindering business operations.
Level 2
This level is considered “defense in depth”; it’s usually implemented in a network where security is paramount. It is complicated to implement this in an organization due to adverse effects if not applied appropriately.
STIG Level
Security Technical Implementation Guide (STIG) is a set of guidelines released by Defense information systems agency (DISA). STIGs are generally written to meet US government requirements and organizations can achieve them through CIS benchmark.
18 CIS Controls
Saner X CIS Benchmark
Saner Platform helps organizations accomplish the CIS benchmark effortlessly. Here are things Saner can provide:
Inventory and Control of Enterprise Assets
- Establish and Maintain Detailed Enterprise Asset Inventory: Establish and maintain a detailed, accurate, and up-to-date asset inventory. Ensure this contains machine name, operating system type, hardware address and enterprise asset owner. Its necessary you review and update the inventory on frequent basis.
- Address Unauthorized Assets: There might be a few assets that would have been removed from the organization. Check if there is a process that would detect all these unauthorized assets and protect against loopholes for cyberattacks.
- Utilize an Active Discovery Tool: Utilize an asset discovery tool that will actively search for any new assets added or assets that are removed from the IT infrastructure on a daily basis.
Inventory and Control of Software Assets
- Establish and Maintain a Software Inventory: Maintain a detailed inventory of software assets that are present in organizational network and document them with title, publisher, initial install/use date, and business purpose for each entry. Ensure this inventory is reviewed and updated frequently.
- Ensure Authorized Software is Currently Supported: Only authorized software should be designated in your inventory of IT infrastructure. If there is software that is not unauthorized make sure they have exceptional documents and mitigation controls with them.
- Address Unauthorized Software: As mentioned, ensure unauthorized software is either removed from use on enterprise assets or receives a documented exception.
- Utilize Automated Software Inventory Tools: Use automated software tools for the process of IT inventory management.
- Allowlist Authorized Software, Libraries, and Scripts: Use technical controls or features from the tools to allow authorized software, libraries, and scripts only.
Secure Configuration of Enterprise Assets and Software
- Establish and Maintain a Secure Configuration Process for Network Infrastructure: Establish and maintain a secure configuration process for enterprise assets, software, and network devices. Have documentation and review them frequently.
- Configure Automatic Session Locking on Enterprise Assets: Configure automatic session locking on enterprise assets after a defined period of inactivity.
- Implement and Manage a Firewall on Servers and End-User Devices: Implement and manage a firewall or port-filtering tool on end-user devices, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
- Securely Manage Enterprise Assets and Software: Securely manage enterprise assets and software. Always access administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS).
- Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts.
- Uninstall or Disable Unnecessary Services on Enterprise Assets and Software: Uninstall or disable unnecessary services on enterprise assets and software such as an unused file sharing service or more.
- Configure Trusted DNS Servers on Enterprise Assets: Configure trusted DNS servers on enterprise assets. Example implementations include configuring assets to use enterprise-controlled DNS servers and/or reputable externally accessible DNS servers.
- Enforce Automatic Device Lockout on Portable End-User Devices: Enforce automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices, where supported.
Continuous Vulnerability Management
- Establish and Maintain a Vulnerability Management Process: Establish a vulnerability management process to all of organization IT infrastructure. Implement them in a continuous manner and review them frequently.
- Establish and Maintain a Remediation Process: Always have a remediation process in place in case a critical/zero-day vulnerability is detected and would need immediate attention.
- Perform Automated Operating System/Application Patch Management: Perform operating system updates and application updates on enterprise assets through automated patch management.
- Perform Automated Vulnerability Scans of Internal and External Enterprise Assets: Securely manage enterprise assets and software. Always access administrative interfaces over secure network protocols, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS).
- Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through process and remediation tools
Saner’s In depth Coverage of CIS Benchmark
| S.No. | CIS Control | Description | Solution |
|---|---|---|---|
| 1.1 | 1 | Establish and Maintain Detailed Enterprise Asset Inventory | SanerNow gathers detailed asset inventory of hardware and software assets. The realtime asset inventory data ensures all your devices are documented, gathering 1000s of device attributes. The information is categorized and can be queried in realtime. |
| 1.2 | 2 | Address Unauthorized Assets | Perform real-time scans and monitor unauthorized assets, connections, and applications. Applications can be blacklisted or whitelisted. Asset discovery scans cane be scheduled to run periodically and notifications are generated to alert presence of unauthorized assets. |
| 1.3 | 3 | Utilize an Active Discovery Tool | SanerNow integrates with Active Directory (AD) to periodically sync up the asset data from AD. The information is synchronized. |
| 2.1 | 4 | Establish and Maintain a Software Inventory | Detailed inventory of all the software installed on assets alongside version, publisher, hosts and more. |
| 2.2 | 5 | Ensure Authorized Software is Currently Supported | Real-time monitoring of assets to monitor software which are authorized |
| 2.3 | 6 | Address Unauthorized Software | Perform real-time scans and monitor unauthorized software, unauthorized software can be blacklisted. |
| 2.4 | 7 | Utilize Automated Software Inventory Tools | Automated scans and inventory updates of installed software |
| 2.5 | 8 | Allowlist Authorized Software | Whitelist software to allow access to only authorized software. |
| 2.6 | 9 | Allowlist Authorized Libraries | Gain visibility to libraries of all kinds across operating system. Queries can be performed to uncover presence of unauthorized libraries. |
| 2.7 | 10 | Allowlist Authorized Scripts | System wide searches are performed to uncover presence of scripts that are unauthorized. |
| 4.1 | 11 | Establish and Maintain a Secure Configuration Process | System, applications, and database configuration benchmarks scans are performed to assess configuration alignment to industry benchmarks such as CIS, NIST, STIG etc. The identified configuration drifts can also be mitigated to enforce adherance to the policy. |
| 4.2 | 12 | Establish and Maintain a Secure Configuration Process for Network Infrastructure | Network infrastructure configuration benchmarks scans are performed to assess configuration alignment to industry benchmarks such as CIS, NIST, STIG etc. The identified configuration drifts can also be mitigated to enforce adherance to the policy. |
| 4.3 | 13 | Configure Automatic Session Locking on Enterprise Assets | The configuration policies help assess session and account lockout settings and also enforce particular policy settings. |
| 4.4 | 14 | Implement and Manage a Firewall on Servers | Native operating system firewalls configurations are enforced and periodically assessed to ensure firewall configurations are functioning. |
| 4.5 | 15 | Implement and Manage a Firewall on End-User Devices | Native operating system firewalls configurations are enforced and periodically assessed to ensure firewall configurations are functioning. |
| 4.6 | 16 | Securely Manage Enterprise Assets and Software | Security configurations for accessing enterprise assets and software are verified for strong adherance to security practices. |
| 4.7 | 17 | Manage Default Accounts on Enterprise Assets and Software | Visibility to accounts, including system, root, administrator, guest and other default accounts is provided. User policies can be enforced. |
| 4.8 | 18 | Uninstall or Disable Unnecessary Services on Enterprise Assets and Software | Daily visibility to services, and process. Uninstallation or disablement of software, services, process is facilitated. |
| 4.9 | 19 | Configure Trusted DNS Servers on Enterprise Assets | Identify all configured DNS/DHCP servers across the enterprise network. Verify at each device the allowed DNS/DHCP server. |
| 4.10 | 20 | Enforce Automatic Device Lockout on Portable End-User Devices | The configuration policies help assess device lockout settings and also enforce particular policy settings. |
| 5.1 | 21 | Establish and Maintain an Inventory of Accounts | Inventory of all the configured, and logged in users are maintained. |
| 5.2 | 22 | Use Unique Passwords | The configuration policies help assess unique password policy and enforce particular policy settings. |
| 5.3 | 23 | Disable Dormant Accounts | Visibility to accounts, including system, root, administrator, guest and other default accounts is provided. User policies can be enforced. |
| 5.4 | 24 | Restrict Administrator Privileges to Dedicated Administrator Accounts | Visibility to accounts, including system, root, administrator, guest and other default accounts is provided. User policies can be enforced. |
| 5.5 | 25 | Establish and Maintain an Inventory of Service Accounts | Visibility to accounts, including system, root, administrator, guest and other default accounts is provided. User policies can be enforced. |
| 7.1 | 26 | Establish and Maintain a Vulnerability Management Process | Provides a continuous and automated vulnerability management solution covering heterogeneous IT environment. |
| 7.2 | 27 | Establish and Maintain a Remediation Process | Provides a continuous, integrated, and automated patch management solution covering heterogeneous IT environment and applications |
| 7.3 | 28 | Perform Automated Operating System Patch Management | Supports all major OSs such as Windows, Linux, and macOS |
| 7.4 | 29 | Perform Automated Application Patch Management | Instantly fix 550+ third-party applications |
| 7.5 | 30 | Perform Automated Vulnerability Scans of Internal Enterprise Assets | Continuous and automated internal vulnerability scanning is performed |
| 7.6 | 31 | Perform Automated Vulnerability Scans of externally exposed | Continuous and automated external vulnerability scanning is performed |
| 7.7 | 32 | Remediate Detected Vulnerabilities | Instantly remediate with integrated patch management |
| 8.4 | 33 | Standardize Time Synchronization | Automatic time synchronization with standard NTP servers |
| 10.1 | 34 | Deploy and Maintain Anti-Malware Software | Deploy Anti-malware software and ensure continuous compliance of the deployed Anti-malware software. |
| 10.2 | 35 | Configure Automatic Anti-Malware Signature Updates | Configure Anti-malware software and ensure continuous compliance of the deployed Anti-malware software. |
| 10.3 | 36 | Disable Autorun and AutoPlay for Removable Media | The configuration policies help assess AutoRun and AutoPlay policy of removable media. The policy is also enforced to adhere to enterprise IT security guidelines |
| 10.4 | 37 | Configure Automatic Anti-Malware Scanning of Removable Media | Configure Anti-malware software and ensure continuous compliance of the deployed Anti-malware software. |
| 10.5 | 38 | Enable Anti-Exploitation Features | Configure Anti-malware software and ensure continuous compliance of the deployed Anti-malware software. |
| 10.6 | 39 | Centrally Manage Anti-Malware Software | Configure Anti-malware software and ensure continuous compliance of the deployed Anti-malware software. |
| 10.7 | 40 | User Behaviour-Based Anti-Malware Software | Configure Anti-malware software and ensure continuous compliance of the deployed Anti-malware software. |
How can you achieve CIS Compliance with Saner?
Achieving and maintaining compliance with CIS or other regulatory policies is made seamless with the Saner. Once SanerNow is integrated into your organization, you can streamline the process with just a few straightforward steps.
Here’s a step-by-step overview of how to accomplish it:
Step 1: The Saner Asset Exposure tool helps you to have a detailed view of all the assets that are present in your IT infrastructure.
Step 2: You can blacklist or whitelist the applications with just a click of a button on the asset exposure dashboard, the asset listing feature.
Step 3: Saner security controls give you a wide range of features such as system tune-up, application block or unblock, software deployment, and more.
Step 4: Saner Vulnerability Management scans throughout the IT infrastructure and it gives you the vulnerabilities, misconfigurations, anomalies and more. Saner also has a separate posture anomaly dashboard, where you get information about anomalies detected, anomaly density, and categorization based on group, family, and devices.
Step 5: From Saner compliance management module dashboard, click on the benchmarks section. You will be prompted with a list of compliance that can be customized based on company requirements.
Step 6: If the benchmarks are not already defined, click on the create new benchmark button and choose the compliance you are looking for, incase the compliance is not present you can customize them through general compliance.
Step 7: Once the customizations are complete, you can apply the benchmarks by giving a benchmark name and assigning to which group you’d like to enforce the rules to.
Step 8: Once the customization is completed, Saner agent will scan your infrastructure and provides you with the list of misconfigurations in compliance.
Saner doesn’t only help in detecting the compliance deviation but also can help you in remediating them. So, let’s see how Saner helps in remediating these misconfigurations
How to fix compliance deviation in Saner?
Step 1: Once you open the compliance management dashboard, you will find an option for fixing misconfiguration. This section shows the misconfiguration detected and if there are any available patches.
Step 2: Upon choosing the required asset, click on " Apply selected configuration you will be prompted with a window where you can customize it based on your requirements.
Automating the CIS Compliance
Compliance should not be treated as a one-time effort. To consistently maintain CIS compliance, SanerNow offers the capability to automate the entire process, ensuring that any new misconfigurations or configuration drifts are promptly identified and remediated.
Step 1: To automate the CIS or any compliance benchmark, go to automation section and choose the assets which you would want to automate.
Step 2: By clicking on the automation rule, you will be prompted with the list of settings that you can configure. Once done setting up click on create automation rule and the whole process will be automated.
Conclusion
CIS (Center for Internet Security) compliance significantly enhances your organization’s cybersecurity posture, empowering you to proactively protect cyberattacks. Additionally, it simplifies the scalability of your security measures and lowers the risk of non-compliance.
While attaining CIS compliance can be a complex and time-consuming endeavor, Saner Continuous Vulnerability and Exposure Management streamlines and automates the process, ensuring a smoother and more efficient journey towards compliance. This not only helps in achieving and maintaining compliance but also plays a crucial role in fortifying your defenses against cyber threats.