Bolster Your Security Strategy: Executing the CIS Top 18 Safeguards via Qualys Cloud Service
The Qualys Cloud Platform is a valuable tool for implementing the Center for Internet Security (CIS) v8 top 18 controls, ensuring robust cybersecurity hygiene in an environment. These controls, formerly known as the SANS Critical Security Controls (SANS Top 20), are a recommended set of safeguards to mitigate the most prevalent cyberattacks against systems and networks.
CIS, a 501(c)(3) nonprofit organisation, has recently released CIS Controls Version 8. This updated version combines and consolidates the controls by activities rather than by who manages specific devices. It has been enhanced to keep up with modern systems and software, including cloud-based computing, virtualization, mobility, outsourcing, hybrid work, and evolving threats.
Implementing CIS 18 controls can help meet the California Consumer Privacy Act (CCPA) requirements and other difficult U.S. State Civil Codes. Failure to implement these controls can result in significant fines, brand damage, and litigation.
Qualys offers a range of solutions to help implement CIS controls and strengthen overall security posture. These include Qualys Vulnerability Management, Detection, and Response (VMDR), which enables automatic discovery and continuous assessment of assets in hybrid environments for vulnerabilities. VMDR integrates with Qualys Patch Management (PM) to quickly discover, prioritize, and automatically remediate vulnerabilities at scale.
Qualys Policy Compliance (PC) offers a compliance-driven approach for preventing configuration drifts, complying with regulations, and managing exceptions. It helps address 15 out of 18 CIS controls that require the establishment and maintenance of secure configurations for operating systems and software applications.
Qualys File Integrity Monitoring (FIM) offers continuous system monitoring of critical files, folders, and registry objects for changes, with unique noise-canceling capabilities. This helps ensure the integrity of critical system components.
The Qualys cloud-native TruRisk platform offers a single solution and agent that provides the capabilities needed to implement and continuously monitor CIS's top 18 controls in a unified manner.
The Qualys Custom Assessment and Remediation (CAR) app allows customers to create custom scripts for determining if an asset is vulnerable to a customer-defined vulnerability.
Lastly, Qualys Security Assessment Questionnaire (SAQ) helps design and automate security and compliance assessments, tracking the knowledge of internal and external parties on security training and awareness programs.
Researchers at Qualys are currently working on a whitepaper detailing how each CIS control and safeguard is mapped to Qualys apps to further improve cybersecurity posture. By leveraging these tools, organisations can effectively implement the CIS controls and bolster their defenses against cyber threats.
Read also:
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
- Strengthening Resistance Against Combined Risks in an Age Characterized by Authoritarian Technology
- Artificial Intelligence with independent agency could potentially intervene in cybercrises.
- Autocrrypt and Cohda Wireless Collaborate for Secure Vehicle-to-Everything Communication
