Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • CIS Control 1: Inventory and Control of Enterprise Assets
  • Cyber Attacks
  • Data Breach

CIS Control 1: Inventory and Control of Enterprise Assets

4 years ago Matthew Jerzewski
CIS Control 1: Inventory and Control of Enterprise Assets

Since 2008, the CIS Controls have been through many iterations of refinement and improvement, leading up to what we are presented with today in CIS Controls version 8. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles such as threat analysts, incident responders, solution providers, policy-makers, and more. This work is the wisdom collected from experts across many sectors who have banded together to create, adopt, and support the CIS Controls.

Today, I will be going over the first Control from version 8 of the top 18 CIS Controls – Inventory and Control of Enterprise Assets. This control had some updates since its last publication in CIS Controls 7.1 such as the introduction of “Safeguards”, which were known as “Sub-Controls” in previous versions of the CIS Controls. It is also notable that there are now only 18 Controls, whereas there were previously 20. Here I will go through the five safeguards for CIS Control 1 and offer my interpretation on what I’ve found.

Key Takeaways for Control 1

  • Starting with the basics. CIS Controls for version 8 have 18 controls. Out of the 18, the first six are considered to be the basics for setting the foundation for enterprise cybersecurity. Adopting the CIS Controls can both simplify and strengthen cybersecurity at once.
  • Tool availability. Many of the tools that accomplish the requirements set forth in Control 1 are open-source, which can help cut costs down during adoption of CIS. This is mainly for smaller organizations, as larger ones will quickly outgrow the extent of capabilities available as open-source. Commercial tools and services are available for enterprises who fit this category.
  • Reusability. Work smarter not harder. Many of the tools referenced in Control 1 can be used in Control 2, which is very helpful when tackling the Controls in order.

Safeguards for Control 1

1.1) Establish and Maintain Detailed Enterprise Asset Inventory

Description: Establish and maintain an accurate, detailed, and up-to-date inventory of all enterprise assets with the potential to store or process data. This inventory can include end-user devices (including portable and mobile), network devices, non-computing/IoT devices, and servers. Ensure the inventory records the network address (if static), hardware address, machine name, data asset owner, department for each asset, and whether the asset has been approved to connect to the network. For mobile end-user devices, MDM-type tools can support this process where appropriate. This inventory includes assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments. Additionally, it includes assets that are regularly connected to the enterprise’s network infrastructure—even if they are not under control of the enterprise. Review and update the inventory of all enterprise assets bi-annually or more frequently.

Notes: The security function for this safeguard is identifying assets and cataloging the inventory. Al assets that are recorded should be cataloged after a scan. If you are a small business, a simple csv file can be sufficient, but middle to large enterprises will require a proper asset management database.

1.2) Address Unauthorized Assets

Description: Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset to isolate it from other assets.

Notes: The security function for this safeguard is responding to unauthorized assets found on your network. Having new devices show up as discovered assets doesn’t always mean there is something nefarious afoot. Establishing a secure baseline from previous asset scans should help ease your paranoia. Keeping a secure baseline will show you when a new asset is discovered, making it easier to assess whether or not the asset is permitted to be on the network or if the asset needs to be quarantined.

1.3) Utilize an Active Discovery Tool

Description: Utilize an active discovery tool to identify assets connected to the enterprise’s network. Configure the active discovery tool to execute at least daily.

Notes: The security function for this safeguard is detecting assets via some active discovery method. A basic example of active discovery classic ping-and-response method used by many systems as an initial way to locate hosts on a network. Keep in mind that some assets might not show up or remain hidden with active discovery due to firewalls or transient connectivity. This is where deploying both active and passive (which we will go over later) techniques are important in order to gain full transparency of an organization’s network.

1.4) Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory

Description: Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise’s asset inventory. Review and use logs to update the enterprise’s asset inventory weekly or more frequently.

Notes: The security function for this safeguard is detecting assets on a network by using DHCP logging and cataloging the updated assets. DHCP is a benefit to many organizations for the sake of centralized IP address management and the ability to easily add new devices to the network using recycled addresses. This safeguard is very similar to safeguards 1.3 and 1.5 with the exception of using DHCP versus a static IP address.

1.5) Use a Passive Asset Discovery Tool

Description: Use a passive discovery tool to identify assets connected to the enterprise’s network. Review and use scans to update the enterprise’s asset inventory at least weekly.

Notes: The security function for this safeguard is detecting assets via passive discovery methods. Unlike active discovery methods where they send packets to a host and monitor its response, passive discovery locates services running on a network by observing traffic generated by servers and clients. Passive and active discovery are complementary methods that when utilized together give organizations more descriptive data that they can then start to generate a detailed outline of all assets located on their network. Organizations can’t protect what they don’t know they have.

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber-attack vectors by downloading this guide here.

The post ” CIS Control 1: Inventory and Control of Enterprise Assets” appeared first on TripWire

Source:TripWire – Matthew Jerzewski

Tags: Cloud, TripWire

Continue Reading

Previous New Passwordless Verification API Uses SIM Security for Zero Trust Remote Access
Next F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

13 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

18 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT