Secure Configurations with CIS Critical Security - Exerting Critical Control

News & Tech Alerts

The latest news and information from NCSI

Hardware and Software Everywhere
At times, it doesn’t seem possible to count all the individual pieces of hardware and software in your world.  But every piece of the IT puzzle must be tracked, reported, and corrected if found to be out of alignment with today’s security requirements. This brings us to the heart of our third article on the Center for Internet Security’s Critical Security Controls.

CIS Control #3:
Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.

[See our previous blogs on CIS Critical Security Control #1 and Control #2]


Endpoint Management is the End Game
Attack points lurk at the unprotected edges of your network, at the endpoints of your system where a single weak device can become a victim, becoming a malware-infected desktop spreading ransomware to other devices.  Our engineers are experienced in eliminating this complicated risk – It’s called Endpoint Management and is a sophisticated approach to the secure management of networked resources. It’s an ongoing effort and one that requires a consistent approach to address all 20 of the CIS Critical Security Controls.  [We deploy both Ivanti and Imperva Solutions to help knock out Control #3].


Needed: A Consistent Network-Wide Security Approach
A haphazard, piecemeal approach to endpoint security leaves exactly the kind of holes and breaches that attackers look for when trying to enter an organization’s system. Buying one part of the solution off the shelf, having another written by an employee, getting a couple more handled by a favorite software vendor, then hoping the rest will be taken care of in operating system upgrades, is no basis for a proper security policy.


How NCSi Does It
There is a driving philosophy behind Endpoint Management, and it parallels the five critical tenets of an effective Cyber Defense System. The same tenets are the drivers behind the CIS Critical Security Controls.


The following Five Critical Tenets of an Effective Cyber Defense System are taken from the Center for Internet Security Critical Security Controls for Effective Cyber Defense, Version 6.1, August 31, 2016:

  1. Offense informs defense: Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.
  2. Prioritization: Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.
  3. Metrics: Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustments can be identified and implemented quickly.
  4. Continuous diagnostics and mitigation: Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.
  5. Automation: Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics.


We provide the most powerful and efficient tools available for this work. Chief among those tools is ivanti’s Endpoint Application Management solutions. Ivanti, who partners with NCSi, is a recognized leader in endpoint management. We also employ Imperva technology and a host of other essential tools to complete the job.


Disciplined IT Security
CIS Security Control #3 makes it clear that every individual piece of the network puzzle is vulnerable and must be accounted for in a secure environment. This security doesn’t happen by accident, or with an undisciplined approach. Care must be taken daily and for the long-term to make sure that you are safe now and will be in the future when new threats arise.


We live a philosophy of cyber security. We have the tools, and the know-how.  Allow us to secure your organization’s network for today and tomorrow.  See our Security Attack Plan with all 20 of the CIS Critical Security Controls.  And when the time is right, Connect with us to discuss your IT Security challenges.