Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable’s Critical Cyber Controls for Secure Systems

With an ever changing dynamic IT landscape, it is critical you transform your information security strategy to be continuously responsive to the pressing demands of your business and today’s security risk. But it can be challenging to know where to start when developing and evolving your security program.

How can you know if you are taking the right steps and if you are doing enough to protect your assets and business?

Do you know where to look for guidance?

Security has had to reinvent itself to protect organizations worldwide from the inevitable breach or attack that will occur as businesses become more digital. To make this transformation, you need to draw from a variety of consortiums, standards and best-practices that have been published. Many leading organizations look to these cybersecurity standards against which to measure their information security practices, such as:

Tenable security experts examined these and other standards and distilled the recommendations into 5 core controls which make it easy to draw from the industry’s best practices.

All of these standards are well thought out, but sometimes reading and understanding the standards can be overwhelming. The good news is that these standards all share common elements and themes, and adopting any standard will help ensure that you mitigate the most vulnerable parts of your security controls.

Tenable’s Critical Cyber Controls

To help you formulate an effective security policy, our Tenable security experts examined these and other standards and distilled the recommendations into 5 core controls which make it easy to draw from the industry’s best practices. By adopting the Tenable Critical Cyber Controls, you will highlight the strengths and weaknesses of your organization so you can take action to prevent malicious activity:

5 critical controls

  1. Track your authorized inventory of hardware and software: Discovery of all assets is a critical first step, including identification of all authorized or unauthorized hardware and software, transient devices and applications, unknown endpoints, BYOD devices, network devices, platforms, operating systems, virtual systems, cloud applications and services. The optimum solution should include a combination of automated discovery technologies running in near real time.

  2. Continuously remove vulnerabilities and misconfigurations: To remove all vulnerabilities, you must implement a regular continuous monitoring program. Procedures should include three areas:

    • Applying software, hardware, and cloud service patches to remove vulnerabilities
    • Applying configuration changes to limit malicious exploits
    • Applying additional host or network based security monitoring

    Tenable recommends that you organize your technologies by business function and asset. Each asset should be assessed and patched on an agreed upon schedule with a repeatable process.

  3. Deploy a secure network: Network security should be a daily practice. For each asset, one or several mitigating technologies can be deployed to prevent or detect malicious activity. For example, host based technologies include anti-virus, application white-listing and system monitoring; network based technologies include activity monitoring, intrusion prevention and access control; auditing cloud-based technologies can be done with APIs, threat subscriptions and network monitoring or endpoint system monitoring.

  4. Give users access to only what they need: All users should have a demonstrated business need to access specific systems and data. Limit and control administrative privileges, avoid using default accounts, enforce strong password creation, and log all accesses. Tenable recommends that you implement multiple technologies to determine active user accounts, such as authentication logging and network protocol analysis.

  5. Search for malware and intruders: You must actively monitor your systems for anomaly detection and exploitation. It is frankly unrealistic to expect your systems to be 100% incident free. Attackers acquire new technologies every day; you have to stay one step ahead of them by proactively managing your systems with near real time continuous scanning for viruses, malware, exploits and inside threats. Each of the previous 4 controls make your search for malicious activity easier and create several audit trails to be used in a forensic analysis.

Take charge of cybersecurity; strive to implement these five critical controls for a healthy network.

Take charge with continuous network monitoring

Are you doing all this now? And even if you are, do you monitor the effectiveness of these IT controls to assure that you’re in a known, good state continuously? If you see gaps in your information security program, adopting a truly continuous network monitoring strategy is the best way to mitigate enterprise risk. A continuous network monitoring solution like SecurityCenter Continuous View™ allows organizations to leverage automation and to easily detect if you are performing these basic security controls.

Take charge of cybersecurity; strive to implement these five critical controls for a healthy network.

This blog entry was updated on March 16, 2015.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training