CIS SecureSuite Resources - Common Workflows · 2019. 9. 5. · • CIS Controls 7 –Sub Control...
Transcript of CIS SecureSuite Resources - Common Workflows · 2019. 9. 5. · • CIS Controls 7 –Sub Control...
-
Proprietary 1Proprietary
Eugene Kipniss – Program Manager – MS-ISAC/EI-ISAC
Ronan Tiu - Member Success Technical Training - Program Manager
August 27, 2019
CIS SecureSuite Resources - Common Workflows
-
2TLP: WHITE
• Register for the MS-ISAC’s services here:
https://learn.cisecurity.org/ms-isac-registration
• The MS-ISAC Stakeholder Engagement team will provide you with next steps:
• Register your HSIN account
• Submit public IPs, domains, and subdomains
• Register for an MCAP account
• Add additional staff to your account
How to access MS-ISAC resources
https://learn.cisecurity.org/ms-isac-registration
-
Confidential & Proprietary 3
• CIS SecureSuite™ Membership Tools and Resources
• Common Workflows for CIS SecureSuite™ Members
– CIS Controls
• Version 7.1 - Implementation Group 1
– CIS-CAT Pro Assessor
• CIS Benchmark Analysis and Reporting
– CIS WorkBench
• CIS Benchmark Tailoring and Build Kits
– CIS-CAT Pro Dashboard with CIS-CAT Pro Assessor
• Maintaining your hardened environment
• MS-ISAC – Malicious Code Analysis Platform
• Additional Resources
Agenda
-
Confidential & Proprietary 4
CIS SecureSuite Membership
-
Confidential & Proprietary 5
• All U.S. SLTTs and public academic institutions are eligible for FREE CIS SecureSuite Membership
• If you are current MS-ISAC or EI-ISAC member you are automatically enrolled
• Access CIS WorkBench https://workbench.cisecurity.org
How to Access Membership
https://workbench.cisecurity.org/
-
Confidential & Proprietary 6
Common Workflow used by CIS SecureSuite Members
Identify
internal and external security requirements, such as policies, PCI,
etc.
Develop
Assessment and implementation
standards for assets. Deploy remediation.
Assess
Security and compliance using assessment
standards and procedures.
Maintain
Hardened target environment via
scheduled scans and CIS-CAT Pro Dashboard.
CIS Controls™
CIS
WorkBench,
Tailored
Benchmarks &
Build Kits
CIS-CAT Pro
Assessor &
CIS
Benchmarks
CIS-CAT Pro
Assessor and
Dashboard
-
Confidential & Proprietary 7
Confidential & Proprietary
CIS Controls™
Version 7.1 - Implementation Groups
-
Confidential & Proprietary 8
• Prioritized set of actions that mitigate the most common attacks against systems and networks
• “One ask per Sub-Control”
– Easier to measure each sub-control
• Mappings (at the sub-control level)
– NIST Cybersecurity Framework
– NIST 800-171
- Version 7
-
Confidential & Proprietary 9
-
Confidential & Proprietary 10
• V7.1 Introduces Implementation Groups (IG) to the CIS Controls:
IG’s – a new prioritization for the CIS Controls, at the Sub-Control level.
A detailed methodology to help organization assess which IG they fall within.
Edits requested by the global community that clarify certain CIS Controls and Sub-Controls.
-
Confidential & Proprietary 11
• Prioritization at the Sub-Control Level based on Evolving threats
• Implementation Groups focus on:
– Data sensitivity and criticality of services offered by the organization
– Expected level of technical expertise exhibited by staff or on contract
– Resources available and dedicated towards cybersecurity activities
– https://www.cisecurity.org/controls/
We refer to Implementation Group 1 as Basic Cyber Defense and, as such, should be implemented first.
Controls v7.1 – Implementation Groups
https://www.cisecurity.org/controls/
-
Confidential & Proprietary 12
Confidential & Proprietary
CIS CAT-PRO Assessor Benchmark Analysis and Reporting
-
Confidential & Proprietary 13
CIS-CAT Pro AssessorWhat exactly does it do?
Manual Automated
System scan process of many systems resulting in
pass/fail report
Compare document to system settings one system at a time resulting in manually
created spreadsheet of differences
-
Confidential & Proprietary 14
CIS-CAT Pro Assessor
• Produces reporting of your target end-points’ conformance to the CIS Benchmark
• Vulnerability scanning tool for patch management
• SCAP 1.2 Validated – OVAL/xccdf, ARF files
• Interactive reporting format (HTML)
• Reporting designed for CIS-CAT Pro Dashboard
v3.0.60
• Centralized scanning workflows
• Java 1.6 or later or OpenJDK
• GUI and CLI interfaces
• Continued support of v3
v4.0.9
• Centralized scanning workflows
• Java 1.8 or later or OpenJDK
• CLI interface only, GUI on the product roadmap
• Remote scanning capabilities
-
Confidential & Proprietary 15
• Server admins/operations teams use CIS-CAT to perform self assessments.
• Build teams use CIS-CAT to validate a system before production rollout.
• Security teams use CIS-CAT as part of their assessment process.
• Auditors use CIS-CAT as part of compliance and governance processes.
• Scheduled scanning of Target End-Points for a constant monitoring of your
hardened environment
• Vulnerability Assessments
• Download from - https://workbench.cisecurity.org/files
CIS-CAT Pro Assessor How is it used?
https://workbench.cisecurity.org/files
-
Confidential & Proprietary 16
Confidential & Proprietary
CIS WorkBenchCIS Benchmark™ Tailoring and Build Kits
-
Confidential & Proprietary 17
• Where the CIS Benchmarks team works
• Document development environment
– Supports proposed changes
– Tracks changes in documents
– Supports automation content (some)
• Community forum for discussions and tickets
What is CIS Workbench?
-
Confidential & Proprietary 18
• The “forking” of a CIS Benchmark™ and the subsequent customization of the recommendations contained in the benchmark.
• Intra-organizational collaboration on benchmark customization
• Features for updates when CIS releases a new version
• CIS SecureSuite members only
What is Tailoring?
-
Confidential & Proprietary 19
• CIS Controls 7 – Sub Control 5.1
– Maps to NIST-CSF (PR.IP.1)
– Maps to PCI DSS 3.2 (2.2)(Mappings referenced from Auditscripts.com)
• Audit trail of your changes to the CIS Benchmark
• Export your tailored benchmark (.docx, .xlsx, OVAL/xccdf)
• Scan of your environment versus your custom benchmark using an OVAL/xccdf compliant tool
• Helps you maintain hardened target end points
Why tailor a CIS Benchmark™?
-
Confidential & Proprietary 20
Build Kits
• Group Policy Objects (GPO)
– Microsoft Windows XP, 7, 8, 8.1, 10
– Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, 2016
– Microsoft Office 2013 & 2016, MSFT Access, Excel, PowerPoint, Word and Outlook 2013 & 2016
– Internet Explorer 9, 10 and 11
• Google Chrome 49
• Linux Scripts
– RHEL 6 & 7,
– CentOS Linux 6 & 7
– Amazon Linux 2014.09-2015.03
– Debian Linux 7 & 8
– Oracle Linux 6 & 7
– SLES 11 & 12
• IBM AIX 5.3, 6.1 and 7.1 (AIXPert)
• HP-UX 11i - Bastille Configuration
• Mozilla Firefox 38 ESR
Build Kits – Automated Remediation Application
-
Confidential & Proprietary 21Confidential & Proprietary
CIS-CAT Pro Assessor and Dashboard
Maintaining your hardened environment
-
Confidential & Proprietary 22
CIS-CAT Pro Assessor v4Centralized Scanning – v3 & v4 – Remote Scanning – v4 only
Note: For both Centralized and Remote scanning workflows, CIS-CAT Pro Assessor and Java only need to be installed on the machine hosting the applications. CIS-CAT Pro Assessor and Java do NOT need to be installedon the target system for which you are assessing.
-
Confidential & Proprietary 23
• A dynamic web-based application designed to store CIS-CAT Pro Assessor results (“ARF” files) and provide insight into your ecosystem’s security posture.
• Helps you understand the evolution of hardening your target end points
• Provides a holistic view of your environments’ conformance to the CIS Benchmarks/Tailored Benchmarks
• Provides workflow for IT/Ops teams for maintenance
• Helps your organization maintain a hardened environment by helping manage “configuration drift”
• Provides reporting for internal/external audits
Why install CIS-CAT Pro Dashboard?
-
Confidential & Proprietary 24
Recommended Hardware for InstallWindows - Linux/Unix Install
Lightweight application - processor and memory use:
Highest memory utilization during import of “ARF” reports
Suggested to run imports during off hours
System hardware requirements:
8GB RAM
2 CPU’s with 4 cores each
Ubuntu 16.04/Windows Server 2016
-
Confidential & Proprietary 25
Required OS/Software for Install CIS-CAT Pro DashboardWindows/Linux Installer – Java 64bit/Java 32bit
• Windows Dashboard - CIS Supported components:
Windows 2016 Server, SQL Server 2017
Windows 2016 Server, Apache Tomcat 8.5
64bit and 32bit Java versions
• Linux Dashboard – CIS Supported components:
Ubuntu 16.04, MySQL 5.6
Ubuntu 16.04, Apache Tomcat 8/8.5
• Java 8.0 or Open JDK
• SQL Server and Apache Tomcat must be installed prior to running the installer.
• Using the installer.exe is not required, but recommended on new installations and upgrades
• Consult the documentation for additional component options - https://cis-cat-pro-dashboard.readthedocs.io/en/stable/
https://cis-cat-pro-dashboard.readthedocs.io/en/stable/
-
Confidential & Proprietary 26
The Link between CIS-CAT Pro Dashboard and Assessor ReST API
CIS-CAT
Pro
Assessor
Host Server
Target end-points execute Assessment via “Scheduled Tasks” (Windows) or scheduling (Linux) software.
ARF file import into the database is invoked via ReST-ful web service. Documentation - https://ccpa-
docs.readthedocs.io/en/latest/Configuration%20Guide/#cis-cat-pro-dashboard-integration
Desktops Servers
SQL
database
for CIS-
CAT Pro
Dashboard
ReST
API
https://ccpa-docs.readthedocs.io/en/latest/Configuration%20Guide/#cis-cat-pro-dashboard-integration
-
Confidential & Proprietary 27
• Manage Configuration Drift - Alerts and “Configuration Difference” reports
• Target System tagging - view compliance to CIS Benchmarks/tailored benchmarks by creating a “custom” group of systems.
• Create exceptions/white list recommendations - will automatically recalculate assessment scoring and be reviewable through the dynamic nature of the dashboards.
• CIS Controls View - annotated benchmark content
• Complete Report showing all recommendations in the benchmark and overall pass/fail results
• Each CIS SecureSuite Member has their own instance(s) of CIS-CAT Pro Dashboard
CIS-CAT Pro Dashboard – Key Features
-
Confidential & Proprietary 28Confidential & Proprietary
MS-ISAC - Malicious Code Analysis Platform
-
29TLP: WHITE
A web based service that enables members to submit and analyze suspicious files in a controlled and non-public fashion
• Executables
• DLLs
• Documents
• Quarantine files
• Archives
Malicious Code Analysis Platform
To gain an account contact:
-
Confidential & Proprietary 30Confidential & Proprietary
Additional CIS SecureSuite Resources
-
Proprietary 31
Upcoming and Recorded CIS Webinars
Link to register: https://www.cisecurity.org/cis-securesuite/member-webinars/
https://www.cisecurity.org/cis-securesuite/member-webinars/
-
Proprietary 32
• As a benefit of membership, your organization’s employees are eligible to receive support service, at no charge, from staff:
Email: [email protected]
Discussion areas on CIS WorkBench site
• Email: [email protected] if you need your account manager to assist you with your account or have questions on benefits.
• SLTT Account Managers:
Kim Grimaldi – [email protected]
Kelly Morris – [email protected]
SLTT Support
mailto:[email protected]:[email protected]:[email protected]
-
Proprietary 33Proprietary
Q & A
-
Proprietary 34Proprietary
Thank you !!