Netwrix® & CIS

Controls Solution
Brief

1
What are the CIS Controls?

The vast array of compliance and security mandates out there can leave many organizations confused on where
to even start, but Netwrix® believes the best place to start is with the CIS Controls. Published by the Center for
Internet Security (CIS), these controls help organizations defend against known attacks by condensing key security
concepts into actionable controls to achieve better overall cybersecurity defense.

The CIS Controls provide clarity on what organizations really need to be focusing on in terms of security best
practices to help prioritize actions that must be taken to defend against cyber threats. The latest version, CIS
Controls V7, keeps the same 20 controls that businesses and organizations around the world already depend
upon to stay secure; however, the ordering has been updated to reflect the current threat landscape The latest
version breaks down the 20 controls into three specific categories: basic, foundational,
and organizational.

CIS Controls Background

The CIS Controls have been formulated to provide clarity and guidance for the bewi dering array of security tools
and technologies, security standards, training, certifications, vulnerability databases, guidances, best practices
and compliance mandates.

The goal is to answer , the fundamental questions regarding security:

ƒ What are the most critical areas we need to address and how should an enterprise take the first step to mature
their risk management program?

ƒ Rather than chase every new exceptional threat and neglect the fundamentals, how can we get on track with a
roadmap of fundamentals and guidance to measure and improve?

ƒ Which defensive steps have the greatest value?

2
CIS Controls categories: Breakdown

ƒ Basic – (CIS Controls 1-6): Key controls which should be implemented in every organization for essential cyber
defense readiness.

ƒ Foundational – (CIS Controls 7-16): The next step up from basic – these technical best practices provide clear
security benefits and are a smart move for any organization to implement.

ƒ Organizational – (CIS Controls 17- 20): These controls are different in character from 1-16; while they have many
technical elements, CIS Controls 17-20 are more focused mainly on people and processes involved incybersecurity.

Back to basics: CIS Controls 1-6

The majority of security incidents occur when basic controls are lacking or are poorly implemented. A study of the previous
version of the CIS Controls found that 85% of cyber-attacks can be prevented by adopting the first five CIS Controls alone.
Netwrix solutions alone can help you satisfy the first six CIS Controls.

CIS Controls 1 – 6 represent well known, cybersecurity basics and focus on the fundamentals of securing the infrastructure
and monitoring it regularly for changes, including Configuration Management, Vulnerability Assessment, and Continuous
Monitoring to know when a new critical vulnerability surfaces or an asset becomes exposed. By implementing CIS
Controls 1 – 6 as continuous and evolving processes, organizations significantly reduce their risk while also adapting to
today’s continuously changing cyber threats and shifting business needs.

1. Inventory and Control of Hardware Assets 4. Controlled Use of Administrative Privileges

2. Inventory and Control of Software Assets 5. Secure Configuration for Hardware and Software on
Mobile Devices, Laptops, Workstations and Servers

3. Continuous Vulnerabiluty Management 6. Maintenance, Monitorings and Analysis of Audit Logs

3
 Netwrix delivers Security through System Integrity by introducing the essential Critical Security
Controls, leveraging intelligent change control technology to track system integrity, and using dynamic
policy and baseline management to ensure systems remain secure, available and compliant at all times.

CIS Critical Security Controls Mapped

to Netwrix Change Tracker
CIS Critical Security Control Netwrix Netwrix Netwrix Netwrix
Change F.A.S.T. Log Vulnerability
Tracker Cloud Tracker Tracker

Control 1: Inventory and Control of Hardware Assets

Control 2: Inventory and Control of Software Assets

Control 3: Continuous Vulnerabilility Management

Control 4: Controlled Use of Administrative Privileges

Control 5: Secure Configurations for Hardware and Soft-

ware on Mobile Devices, Laptops, Workstations and Servers

Control 6: Maintenance, Monitoring and Analysis

of Audit Logs

Control 7: Email and Web Browser Protections

Control 8: Malware Defenses

Control 9: Limitation and Control of Network Ports,

Protocols and Services

Control 10: Data Recovery Capabilities

Full Coverage Partial Coverage

4
CIS Critical Security Controls Mapped
to Netwrix Change Tracker
CIS Critical Security Control Netwrix Netwrix Netwrix Netwrix
Change F.A.S.T. Log Vulnerability
Tracker Cloud Tracker Tracker

Control 11: Secure Configurations for Network Devices,

such as Firewalls, Routers and Switches

Control 12: Boundary Defense

Control 13: Data Protection

Control 14: Controlled Access Based on the Need to Know

Control 15: Wireless Access Control

Control 16: Account Monitoring and Control

Control 17: Implement a Security Awareness and T

raining Program

Control 18: Application Software Security

Control 19: Incident Response and Management

Control 20: Penetration Tests and Red Team Exercises

Full Coverage Partial Coverage

5
 About Netwrix
Netwrix makes data security easy by simplifying how professionals can control sensitive, regulated and business-
critical data, regardless of where it resides. More than 11,500 organizations worldwide rely on Netwrix solutions
to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less
effort and expense, and increase the productivity of IT teams and knowledge workers.

Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and
Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

For more information, visit www.netwrix.com

Next Steps
See Netwrix products — Check out the full portfolio of Netwrix products: netwrix.com/products

Get a live demo — Take a personalized product tour with a Netwrix expert: netwrix.com/livedemo

Request a quote — Receive pricing information: netwrix.com/buy

CORPORATE HEADQUARTER: PHONES: OTHER LOCATIONS: SOCIAL:

300 Spectrum Center Drive 1-949-407-5125 Spain: +34 911 982608

Suite 200 Irvine, CA 92618 Toll-free (USA): 888-638-9749 Netherlands: +31 858 887 804
Sweden: +46 8 525 03487
565 Metro Place S, Suite 400 Switzerland: +41 43 508 3472
1-201-490-8840 netwrix.com/social
Dublin, OH 43017 France: +33 9 75 18 11 19
Germany: +49 711 899 89 187
5 New Street Square +44 (0) 203 588 3023 Hong Kong: +852 5808 1306
London EC4A 3TW Italy: +39 02 947 53539 6