Today’s world is one filled with cybersecurity threats and more, with new kinds of malware coming out every single day. While the basics of cybersecurity and cyber hygiene are important for everyone, it’s especially important for an enterprise’s network. A single breach into a large network can cause a huge range of problems, including, in worse case scenarios, the installation of ransomware.
CIS controls outline important steps for network monitoring and how to create and maintain a secure configuration of enterprise assets.
Control 1 is the first step in creating a system that protects the totality of an enterprise’s network. Here’s what you need to know.
What Are CIS Controls?
CIS stands for the Center for Internet Security. CIS is an organization created to help monitor security risks across the entire internet. They create standards for cyber defense that are designed to help businesses, large enterprises, and even individuals better maintain control of hardware assets, software asset, and create systems that detect and prevent cyber attacks before they happen.
The controls themselves are the 18 things you can control in your system to help eliminate cyber vulnerabilities and improve your cyber defense overall.
CIS also offers certifications for businesses and enterprises that meet control specifications, giving both the business, and their clients, some additional peace of mind. CIS Controls and NIST CSF don’t necessarily line up one to one, but both systems and implementation groups can be useful for system security.
Why CIS Control 1 Is Important
CIS Control 1 is inventory and control of enterprise assets. This control is critical because you cannot defend devices, assets, and networks when you don’t know what devices are potentially accessing that network.
This control is the base on which all of your other security efforts are built. Network monitoring, from the computers, mobile devices, and internet of things devices connected to your enterprise’s network is the most basic first step to creating an effective security network.
Here’s how you do it.
Critical Safeguards For CIS Control 1
The steps to meeting CIS control 1 requirements are simple in concept, but can be surprisingly difficult to accomplish. Here’s what you need to do.
1. Create and Maintain Enterprise Asset Inventory
The first step is to create as complete an asset inventory as possible for your enterprise. This should include all of the devices that are continuously accessing your enterprise network, as well as devices that only occasionally connect.
Additionally, non-computing devices that are connected to the network (Internet of things devices) need to be included as a potential point of entry. Every device in employee workstations, mobile devices that move with the owner, laptops that only occasionally connect, etc, should be counted.
2. Establish And Maintain A Process For Handling Unauthorized Assets
Almost any enterprise network is going to have at least a few endpoint devices attempt to access the network that are unauthorized to do so. There are a lot of reasons for that to happen, from devices that would normally be authorized, but have had their authorization lapse, to devices that shouldn’t be connected, momentarily are, to breach attempts.
Even something as simple as a device changing operating systems can lead to an unauthorized asset accessing the system.
Cataloguing, going through the process to authorize or remove a device, and having a plan for how to handle malware defenses in the case of a bad actor accessing the system, all need to be part of this process.
3. Use Active Discovery To Establish Ongoing List Of Assets
Creating a static inventory isn’t going to do a lot of good in a typical enterprise’s network. The list of assets is going to change frequently as devices leave, wear out, get replaced, get upgraded, have a change in service providers, and other differences.
Utilize an active discovery tool to help keep your inventory up to date by actively looking for new devices and adding them to the list. This isn’t a substitute for inventory maintenance, but it can make it easier to keep your inventory up to date.
4. Use a DHCP To Update Enterprise Asset Inventory
Dynamic host configuration protocols can also be used to update asset inventory. Using DHCP long in protocols or IP address management tools to update inventory when a device logs in, weekly or more often, is another way to keep the inventory up to date.
5. Use A Passive Detection and Asset Discovery Tool To Update Asset Inventory
In addition to active detection tools you should use a passive asset discovery tool to identify assets already connected to the enterprise network. Passive asset discovery tools should be used at least once a week.
Common Questions About CIS Control 1
Why Use So Many Different Forms Of Detection And Inventory Management?
Using different asset detection and inventory management tools helps prepare you for CIS control 2, software asset management, and is the most basic line of defense of IT assets should an attack surface.
Is Control 1 Really Critical If Other Aspects Of CIS Control Criteria Are Met?
Yes, because even if every other CIS control is met, your network maintenance is only going to be as effective as it’s coverage. If you have devices and assets missing from your inventory you have no guarantee that your other control efforts protect that equipment.
Common Challenges To CIS Control 1 Implementation:
There are a number of critical challenges to CIS Control 1 implementation, even in this updated and more streamlined version of the protocol. Some of these challenges are inevitable, and your security team should be aware of common weaknesses and system failures that can lead to problems – even if you have perfect implementation.
One of the most common challenges to Control 1 is the fact that not all devices can be accounted for in real time. A combination of unagentable assets, pass through devices, and devices that connect between scans, but not during active scanning, can all present inventory challenges.
The main reason that Control 1 is critical is because you cannot protect assets and devices you don’t know about. You also can’t close potential security breaches that come from an unagentable device or an otherwise uncountable asset.
There is some amount of control you assert, even over end-user devices and hardware assets simply by keeping track of the known devices that aren’t caught in inventory. Comparing inventory over time is a key aspect of asset management, and can help you catch and monitor network devices that might be missed on individual scans.
Having incident response protocols in place both to address unauthorized assets, and to respond to cybersecurity threats in real-time can provide an additional layer of protection. Scans for malware and other basic cybersecurity measures can often give insight into the kinds of network devices and access points were used to breach security systems and design a more effective cyber defense plan for the future.
It’s also important to make sure you’re prioritizing Control 1 as a preventative and management measure, and that you don’t neglect the other CIS controls in pursuit of perfect Control 1 implementation. Continuous vulnerability management involves a lot of different moving parts. Control 1 is the foundation, but it doesn’t do any good in isolation.
Other Critical Security Controls
The Center for Internet Security has 18 CIS Critical Security Controls, including inventory and control of software assets, data protection, penetration testing, and access control management to name just a few.
All 18 of these controls are critical for system security, particularly at the Enterprise level. Cyber defense and the requirements for good cyber hygiene and cyberattack defense are always changing, but getting CIS control certifications is a good way to make sure you’re ahead of the curve and prepared before an attack can cause problems.
