Is your IT highly dynamic in nature? Is it characterized by the constant addition of new assets? Newly introduced systems and software are often left with default configurations, which may be convenient to use but not the most secure. IT teams also make constant changes to systems' configurations, leading to inevitable security gaps. There's no shortage of examples on how poorly configured systems not only pave the way for hackers but also incur hefty fines from regulatory bodies.
Fortunately, the CIS Benchmarks, developed by the Center for Internet Security (CIS), provide prescriptive guidance for establishing a secure baseline configuration for assets. The CIS Benchmarks are the only consensus-based configuration best practice guidelines developed by a global community of cybersecurity professionals and experts from all walks of life and are accepted by governments, businesses, industries, and academia.
On the flip side, manually assessing all your endpoints against these benchmarks—each running about 800 pages with over 300 recommendations—is likely to be a long haul, let alone monitoring your systems for further configuration drifts.
Here's where Vulnerability Manager Plus comes into play. Its CIS compliance feature helps accomplish and maintain compliance with over multiple CIS benchmarks by regularly monitoring your endpoints for all applicable CIS benchmarks, instantly detecting violations, and suggesting detailed, corrective actions.
Vulnerability Manager Plus' CIS compliance feature regularly assesses every configuration in your systems against recommendations from the CIS Benchmarks, instantly detects violations, and provides step-by-step guidance to help comply. To achieve CIS compliance, Vulnerability Manager Plus uses out-of-the-box compliance policies—direct derivatives of the CIS Benchmarks—to audit your systems' configurations. Each CIS benchmark is built for a specific product, service, or system, including recommendations for all their configurations. Adhering to the recommendations in a CIS benchmark ensures that the product or system is configured to an optimum security standard.
Group Vulnerability Manager Plus' compliance policies based on the targets you want to audit.
Map any number of policy groups to the desired target group of systems and schedule audits at a frequency and time of your choice.
Gain a bird's eye view of your endpoints' compliance posture, get an in-depth look at the audit results, identify violations, and utilize remediation insights along with a detailed rationale to improve compliance.
Cut down on redundant scans. Group policies so you can scan your target machines for compliance with multiple CIS benchmark policies at once. Alternatively, you can leverage readily available Policy Group Templates built by consolidating CIS policies based on OS and benchmark profile levels.
Create a target group with a desired group of systems. Map any number of policy groups to your target group of systems and schedule audit scans at a frequency and time of your choice. Based on your schedule, the security configurations of your target systems will be assessed for compliance against recommendations from CIS policies. You can also choose to be notified as and when there's a change in the audit status.
Want to view the overall CIS compliance posture of each target group? Maybe you prefer an in-depth inspection of every system based on each of the mapped CIS policies or, even better, based on every recommendation per policy? How about the remediation for each violation? Find out everything you need to know from a single pane of glass.
Offers insights on the overall compliance percentage of the target group, the number of computers that aren't secure, the breakdown of computers based on compliance, the compliance percentage of each computer, and more.
Offers insights on the compliance percentage of the computer, the number of recommendations (rules) violated, the breakdown of recommendations based on compliance status, the compliance percentage of the computer per policy, and the rules violated per policy.
Offers insights on the compliance percentage of the computer per policy; the number of recommendations (rules) violated from the policy; the breakdown of recommendations based on compliance status; the compliance status of the computer per recommendation; and the detailed summary, rationale, and remediation step for each recommendation violation.
With thousands of systems having thousands of security configurations to assess, compliance becomes a tiring job. Let Vulnerability Manager Plus run schedule-based audits on multiple systems against multiple benchmarks and keep you informed of every violation instantly.
CIS policy violations amount to nothing if they aren't corrected with appropriate remediation. Gain detailed, step-by-step guidance on how to remediate every violation and improve your compliance with CIS benchmark policies.
Though the CIS Benchmarks are free, manual assessment is cumbersome and only ensures point-in-time compliance. By scheduling audits at a frequency of your choice—monthly, weekly, or even daily—you can regularly monitor violations and ensure continual compliance.
Deprecated CIS benchmarks are often superseded by their latest version, reflecting the changes made in the newest version of the product they apply to. Similarly, Vulnerability Manager Plus is updated with the most recent version of all the CIS benchmark policies.
Configuration recommendations detailed in PCI DSS, HIPPA, FISMA, and other regulatory frameworks align with and point to the CIS Benchmarks as the definitive standard. This makes them an excellent means of both improving security and meeting audit objectives.
By implementing optimal configurations as stipulated in the CIS Benchmarks, you'll remove unnecessary files, closed unused ports, and disabled performance draining services, enabling systems to work more efficiently.
The CIS Benchmarks are developed with and reflect the collective knowledge of experts from every role (threat responders and analysts, technologists, IT operators and defenders, vulnerability finders, tool makers, solution providers, users, policy makers, auditors, etc.) and across every sector (government, power, defense, finance, transportation, academia, consulting, security, IT, etc).
CIS stands for the Center for Internet Security. CIS standards are a set of security guidelines and best practices developed by this nonprofit organization. These standards provide detailed configuration recommendations and benchmarks for securing your enterprise network.
The purpose of CIS benchmarks is to provide industry-recognized guidelines for secure system configuration. CIS benchmarks help organizations enhance their security posture, mitigate risks, and ensure compliance with industry standards and regulatory requirements.
The Center for Internet Security develops benchmarks for a variety of applications, operating systems, servers, and databases through a unique consensus-based process involving communities of cybersecurity professionals and subject matter experts around the world. The CIS Benchmarks contain standards and best practices for configuring the security settings of a system.
Since the CIS Benchmarks are globally recognized and developed by experts from all sectors, including government, business, industry, and academia, organizations across all industries and geographies can benefit from CIS compliance.
The essence of the CIS Benchmarks lies in their community-driven approach. Each recommendation detailed in the CIS Benchmarks is arrived at with a consensus from a global community of experts from every role (threat responders and analysts, technologists, IT operators and defenders, vulnerability finders, tool makers, solution providers, users, policy makers, auditors, etc.) and across every sector (government, power, defense, finance, transportation, academia, consulting, security, IT, etc).
Each recommendation in a CIS benchmark is assigned a profile. The profile indicates the security level of the recommended configuration.