Implement the CIS top five controls with BelManage.

Implement the CIS top five controls with BelManage.

CIS Controls

Many cyber attacks today, such as the WannaCry ransomware, are not stopped by traditional cybersecurity tools such as anti-virus, firewalls or intrusion detection and prevention systems. The solution to stopping today's attacks is to go back to the basics of cybersecurity and implement standard security controls and monitor them on a continuous basis. BelManage and BelSecure support the Center for Internet Security's (CIS) Top 5 Controls, with the following:

  1. 1Complete listing of all hardware including desktops, laptops, servers, virtual machines, tablets and phones. Configuration details include make, model, serial number, BIOS or UEFI, operating system, group policies applied, USB storage device usage, encryption status, and more.
  2. 2Complete listing of all installed software including versions and last time used. Ability to automatically compare installed software with standard images or approved software. Flags unused software as candidates to be removed.
  3. 3Comparison of configurations to the US Government Configuration Baselines (USGCB).
  4. 4Automatic vulnerability assessment based on published vulnerabilities from Microsoft, Adobe, Oracle Java and Apple.
  5. 5Detailed information on both local and domain user logins by host and privileges, and the ability to automatically track user account changes such as elevated privileges.

Belarc's products allow our customers to automatically monitor the CIS 5 Basic Controls, including:

  • Hardware - Identify authorized and unauthorized hardware.
  • Software - Identify authorized and unauthorized software.
  • Vulnerabilities - Continuously monitor all systems for operating system and application vulnerabilities.
  • User Privileges - Control and monitor the use of Administrator Privileges for both Local and Domain accounts.
  • Secure Configurations - Implement and monitor the use of secure configurations on all devices.

Belarc's system automatically monitors the following Controls:

  • Drive Encryption - Monitor all drives and determine if encryption has been fully, partially or not enabled.
  • USB Storage Device usage - Identify all used USB storage devices and compare serial numbers to a list of approved devices.
  • Anti-virus Status - Identify virus definition date, whether real time file scanning is on.
  • OS Update Agent - Identify how the machines are getting their security updates.

Contact Sales

Securing the Enterprise - Cybersecurity Myths & Reality