CIS Controls – PAM X 8 Secundary Controls
In our last article on the topic, we defined cyber-security risk as the likelihood of losses in a given project or organization to occur as a result of using interconnected systems. Gartner believes that by 2020, 100% of large companies will be required to report annually to senior management on technology and cyber-security risks. In addition, cyber-security risk rating services will become prerequisites in new and existing business relationships, and part of the due diligence standard required for suppliers and service providers.
To help identify and mitigate cyber risks, market organizations have created a series of policies and procedures based on best practices in Information Security that enable companies to find answers on how to prevent incidents and what actions – proactive and reactive – are necessary to protect the environment from cyber threats.
As we have already mentioned, one of these organizations from the Information Security market is Center for Internet Security (CIS), which launched version 7.1 of the 20 Critical Security Controls in April 2019. These controls involve aspects for organizations to implement a mature Information Security program so that they can adequately protect their data and infrastructure from cyber risks. One such aspect is the protection of privileged accounts and their access to different systems and devices. The set of technologies and practices that monitor and manage privileged access to critical systems is called Privileged Access Management (PAM). CIS even dedicates a control solely to addressing PAM aspects.
According to Verizon, in its 2019 Data Breach Investigations report, nearly one-third of all data leaks involved credential theft. In addition, privilege abuse ranks third among the most common types of security incidents. And these facts are not for nothing: it is only necessary to compromise a privileged credential to impact the entire environment.
senhasegura is a PAM solution that assists organizations in implementing the actions introduced by Control 4 – Controlled Use of Administrative Privileges. senhasegura’s features allow the control, monitoring, and management of credentials, access, applications, and privileged behaviors. Therefore, it is possible for the Information Security team to enforce the principle of least privilege and thus defend their organizations against cyber-attacks that may use privileged actions as an attack vector to perform malicious actions.
In the previous article, we have listed the 9 subcontrols provided by CIS, related to the controlled use of administrative privileges, and examples of how senhasegura’s features can assist organizations in fully deploying these subcontrols in their environments. Now, let’s introduce 8 other controls proposed by CIS, and how senhasegura can bring organizational compliance to those controls. These are:
1. Control 1 – Inventory and Control of Hardware Assets:
senhasegura’s Scan Discovery feature enables the discovery of new and existing privileged accounts and certificates across a variety of infrastructure assets, including servers, workstations, and network devices. In addition, after scanning, one can review found assets and credentials and take specific actions, such as importing credentials and certificates, or updating them if they have already been added to the solution.
2.Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs:
The logs generated by senhasegura make an organization’s audit process easier. In addition, they can be integrated with any Event Analysis and Correlation (SIEM) tool. senhasegura’s Behavior Analysis feature enables the analysis and alerting of unusual behaviors when using privileged credentials and also concentrates them on those most sensitive to the organization’s business continuity.
3. Control 8 – Malware Defenses:
senhasegura.go is the privilege delegation and elevation management tool from the senhasegura solution. With it, one can control application execution at endpoints and enforce application blocking or allowance. Used together with antivirus and malware detection solutions, senhasegura.go allows increased protection against zero-day attacks of malicious software.
4. Control 10 – Data Recovery Capabilities:
senhasegura allows one to perform backups of the solution’s data automatically or manually. This way, one can ensure that senhasegura is always running to protect the infrastructure, and ensuring that the data generated is healthy and available. It is worth mentioning that senhasegura only works on backing up data generated by the solution, not replacing backup solutions to protect the organization’s file system.
5. Control 11 – Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches:
The process of protecting security configurations on network devices includes protecting default administrator credentials. senhasegura enables credential management and automatic password rotation on devices such as firewalls, routers, switches, gateways, and other related hardware.
6. Control 14 – Controlled Access based on the Need to Know:
The senhasegura solution protects access to critical infrastructure based on the principle of least privilege. Access is granted through Role-Based Access Controls (RBAC) or on-demand, with workflow-based access controls, requiring approval and explanation for the access. Also, senhasegura.go allows one to run applications at endpoints at granular level, allowing users to run only applications approved by administrators.
7. Control 16 – Account Monitoring and Control:
It is possible, through senhasegura, to detect and manage application and service accounts. The use of these accounts can be monitored and analyzed with the Behavior Analysis module, thus allowing the understanding of frequency and means through which accounts are used, alerting the Information Security team on any unusual behavior.
8. Control 18 – Application Software Security:
senhasegura helps organizations manage access to separate environments, with appropriate controls to prevent unauthorized access to critical and production environments, as well as removing credentials embedded in application codes by bringing these passwords to the solution and causing them to be queried directly through the integration APIs.
senhasegura is a complete PAM solution to protect an organization’s privileged credentials from cyber-attacks and insider threats. Its architecture, without the need to install agents, allows an easy, fast, and scalable implementation of the solution. In addition to meeting all control recommendations that address the use of administrative privileges, senhasegura’s features also allow compliance with many other controls introduced by CIS, from the basic ones, such as asset inventory and log monitoring, to organizational ones, such as application software security. Therefore, it is possible to ensure the proper privilege management, the mitigation of cyber-security risks, and business continuity.