Qualys Blog

www.qualys.com
2 posts

The Critical Security Controls: Basic Cybersecurity Hygiene for your Organization

It’s a well-known fact that most successful cyber attacks are easily preventable. That’s because the majority are neither highly sophisticated nor carefully customized.

Instead, they are of the “spray and pray” sort. They try to exploit known vulnerabilities for which patches are available, or to take advantage of weak configuration settings that IT departments could have handily and quickly hardened.

One recent and infamous example was the WannaCry ransomware, which infected 300,000-plus systems and disrupted critical operations globally in May. It spread using the EternalBlue exploit for a Windows vulnerability Microsoft had patched in March.

So why do many businesses, non-profit organizations and government agencies — including those with substantial cybersecurity resources and knowledge — continue falling prey to these largely unrefined and easy to deflect strikes?

In most cases, the main reason can be traced back to hygiene — of the cybersecurity type, of course. Just as personal hygiene practices reduce the risk of getting sick, applying cybersecurity hygiene principles goes a long way towards preventing security incidents.

That was the key message Qualys Product Management Director Tim White and SANS Institute Analyst John Pescatore delivered during the recent webcast “Automating CIS Critical Security Controls for Threat Remediation and Enhanced Compliance.”

Continue reading …

Achieve Continuous Security and Compliance with the CIS Critical Security Controls

For InfoSec pros, it’s easy to get overwhelmed by the constant noise from cybersecurity industry players — vendors, research firms, consultants, industry groups, government regulators and media outlets. A good antidote for this hyperactive chatter is to refocus on foundational InfoSec practices. That’s what SANS Institute Senior Analyst John Pescatore and I will do this week: An immersion into the Center for Internet Security’s Critical Security Controls (CSCs).

During an hour-long webcast on Sept. 28, we’ll be discussing the benefits of implementing these 20 recommended controls. Initially published in 2008, these information security best practices have been endorsed by many leading organizations and successfully adopted by thousands of InfoSec teams over the years. Now on version 6.1, the CIS CSCs map effectively to most security control frameworks, as well as regulatory and industry mandates, and are more relevant and useful than ever.

Continue reading …