The Center for Internet Security (CIS) Top 20 Critical Security Controls are used by companies large and small across all industries to strengthen cybersecurity. While many other frameworks go beyond these security domains, the CIS Top 20 remains an invaluable control to ensure organizations are covering essential security functions that reduce cyber risk.
CIS Control 2: Inventory & Control of Software Assets
CIS Control 2 is strictly about managing and tracking all software on the network so that only authorized software is being used. It also calls for the identification of unwanted software, and the implementation of controls to prevent unauthorized and unwanted software from being installed.
Specifically, the CIS recommends that organizations:
- Use software inventory tools to automate documentation of all software used throughout the business
- Use technology to ensure that only authorized software is running and executed on IT assets
It’s Not Easy To Restrict Software on Devices You Don’t Know About
On the surface, satisfying this control seems easy. There are many application control tools at the disposal of IT and security that only allows devices to run permitted software.
But that’s just for devices that IT and security know about. There are many devices that are harder to identify because of today’s dynamic IT environment. For example, it can be hard to track all software running on mobile and BYOD devices that connect and leave networks frequently.
With employees now working remotely, this becomes even more challenging. If company-issued devices don’t have all the necessary controls, employees may be unintentionally installing malicious software. Or they may be using personal devices for work, and accessing corporate data on a machine running unwanted software.
Axonius makes it easy to completely continuously meet and validate CIS Control 2, by:
- Discovering all hardware assets (managed or unmanaged) for which software should be tracked. Axonius connects to management consoles that know about any device, regardless of location.
- Continuously updating a list of installed software for assets. A comprehensive list of running software can be monitored continuously for any device that is known to Axonius adapter sources, such as EDR/EPP. configuration and patch management solutions, vulnerability assessment tools, or IT agents.
- Surfacing assets that are found with unwanted software. The Axonius Query Wizard can be used to continuously identify specific, potentially malicious software for any device.
The Axonius Query Wizard allows you to continuously identify malicious software, such as nmap, mimikatz, or coin miners.
Any time a device is found with potentially malicious software, you can automatically:
- Create an incident in a ticketing system like ServiceNow, ZenDesk, Jira, and others
- Notify team members via email, Slack, or webhook
- Isolate the device using endpoint security agents such as VMware Carbon Black, or Cybereason