Cybersecurity Quarterly
Winter 2020
A Publication from
Working Together in the Fight Against Cybercrime When Securing Your Organization, There's No "I" in Cyber Defense
Why Access and Security Don't Need to be Mutually Exclusive Celebrating the Holidays Right with SANS's Holiday Hack Challenge
20 Years of Cybersecurity Celebrating the long journey from the organization's humble beginnings to becoming a globally-recognized source of cybersecurity best practices that it is today
The Most Trusted Source for Information Security Training, Certification, and Research
CIS & SANS Institute
Information Security Training Partnership SANS Institute partners with the Center for Internet Security to provide its top-rated information security training and awareness programs to State, Local, Tribal, and Territorial (SLTT) Government organizations at significantly reduced costs. Leverage this special partnership to ensure that your employees have the skills and experience necessary to protect your critical organization from cyber threats. Program participants may purchase:
More than 45 of SANS most popular hands-on courses are available OnDemand, or live, online via Live Online.
Use SANS Security Awareness to train and test non-technical staff on email, file storage, digital access, and general data security.
Purchase training during the Winter Aggregate Buy window to receive the best pricing of the year. Discounts are available now through January 31, 2021.
Contact partnership@sans.org, or visit www.sans.org/partnership/cis for more information.
Winter 2020
Contents
Featured Articles
CIS: Celebrating 20 Years of Cybersecurity A look back at how CIS became the organization it is today
8
Community Watch: A New Collaborative 10 Effort to Combat Cybercrime The new collaborative effort to help SMBs and individuals combat cybercrime Security is a Team Sport Creating an effective, secure network environment can't be done alone
12
The Most Festive Challenge of the Year is Here Announcing this year's SANS Holiday Hack Challenge
14
New Updates for CIS CSAT Pro 16 Our expansive list of new features for our latest tool for implementing the CIS Controls Commonly Exploited Protocols: 20 Remote Desktop Protocol (RDP) Our guide to securing your remotely accessed assets in the age of telecommuting Quarterly Regulars
Winter 2020 Volume 4 Issue 4 Founded MMXVII Editor-in-Chief Michael Mineconzo Supervising Editor Laura MacGregor Copy Editors Danielle Koonce Autum Pylant
Staff Contributors Nolan Amelio Sean Atkinson George Fehling Paul Hoffman Aaron Piper Thomas Sager Valecia Stocchetti
Quarterly Update with John Gilligan
4
News Bits & Bytes
6
Cyberside Chat
22
ISAC Update
23
Event Calendar
24
Cybersecurity Quarterly is published and distributed in March, June, September, and December. Published by Center for Internet Security 31 Tech Valley Drive East Greenbush, New York 12061 For questions or information concerning this publication, contact CIS at info@cisecurity.org or call 518.266.3460 Copyright Š 2020 Center for Internet Security. All rights reserved.
3
Cybersecurity Quarterly
Quarterly Update
with John Gilligan
“CIS achieved a major milestone this year — our 20th anniversary. In November, we were able to bring together many of those who met... in early 2000 to plan for a different type of organization.” Welcome to the Winter Issue of Cybersecurity Quarterly. The 2020 Elections are behind us. I am particularly proud of the efforts by all of the organizations who worked for the past three years to improve the resilience of the cyber infrastructure supporting elections. The Center for Internet Security was fortunate to be a key contributor providing best practices and training to the elections community and operating an extensive network of sensors. In addition, we were able to assist in addressing misinformation regarding the election process and helping connect election offices with social media companies. The great progress made in the 2020 Elections becomes the foundation for additional improvements in cyber resilience in the future. CIS achieved a major milestone this year — our 20th anniversary. In November, we were able to bring together many of those who met in the Cosmos Club in Washington, D.C. in early 2000 to plan for a different type of organization to help address global cybersecurity challenges. The co-founders, as well as key leaders who guided CIS over the past 20 years, participated in the event. This issue contains an article — Celebrating 20 Years of Cybersecurity — capturing some of the highlights of the 20th Anniversary event and CIS’s first 20 years. This issue is focused on the topic of collaboration and its importance to cybersecurity. Leslie Daigle, CTO of the Global Cyber Alliance, has authored an article addressing the importance of collaboration as foundation to ensuring effective network security. Our own CISO, Sean Atkinson, has also focused his submission for this quarter’s issue on the importance of communities and collaboration. Continuing the theme of collaboration, Paul Hoffman, Senior Manager in the MS-ISAC has provided an article on the status of the Multi-State and Elections Infrastructure ISACs. In particular, he
4
highlights the recent accomplishment of reaching 10,000 MS-ISAC members. Paul and his team are now on a path for 15,000 members! Another great collaborative effort, the Cybercrime Support Network — a nationwide program to support cybercrime reporting — is described in another article by Nolan Amelio. Nolan also describes the progress made in the past year in establishing a Threat Reporting and Information Sharing Pilot. This pilot, in cooperation with Johns Hopkins Applied Physics Laboratory, was able to demonstrate much faster identification of threats, as well as significant improvements in the automation of threat distribution for state, local, tribal, and territorial (SLTT) organizations. The CIS Security Best Practices (SBP) team has an article describing the new features and benefits of CIS Controls Self Assessment Tool (CSAT) Pro. These highly anticipated features expand on CSAT Pro's ability to run in an organization’s local environment, permitting organizations to self-manage the results of their assessment. Valecia Stocchetti has provided an article that highlights the dangers of the Remote Desktop Protocol (RDP), and describes the new guide from CIS on how to prevent attacks against RDP. Finally, given that this is the Holiday Season, this issue helps launch the annual SANS Holiday Hack Challenge CTF. This year, the Holiday Hack Challenge includes a bigger and better challenge, including instructive talks from security experts. I hope you enjoy this quarter’s issue. Best wishes for the holidays! Best Regards,
John M. Gilligan President & Chief Executive Officer Center for Internet Security
Winter 2020
MDBR: Malicious Domain Blocking & Reporting
Your no-cost* proactive domain security service. Add an extra layer of cybersecurity protection at no cost that is proven, effective, and easy to deploy. * Available to U.S. State, Local, Tribal, and Territorial (SLTT)
government members of the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) and Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®)
Sign Up →
Acknowledgement This material is based upon work supported by the U.S. Department of Homeland Security under Grant Award Number, (19PDMSI00002). Disclaimer The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security.
5
Cybersecurity Quarterly
News Bits & Bytes The CIS Controls and Sub-Controls are now mapped to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS was introduced in 2004 to help prevent credit card fraud. It is a voluntary industry self-governance standard for the protection of payment card data. PCI DSS Version 3.2.1 consists of 12 detailed requirements that mirror security best practices. It applies to all entities that store, process, or transmit cardholder and/or sensitive authentication data. PCI DSS and related security standards are administered by the PCI Security Standards Council, which was founded by the major payment card companies. Participants include merchants, payment card issuing banks, processors, developers, and vendors. The PCI DSS covers technical and operational system components included in or connected to cardholder data. Download your copy of the CIS Controls and SubControls Mapping to PCI DSS in CIS Workbench. Tenable®, Inc. announced a strategic partnership with the Center for Internet Security, Inc. (CIS®) that will bolster cyber hygiene for both public and private sector organizations, making foundational cybersecurity more affordable, accessible, and actionable. The two primary challenges organizations face in achieving basic cyber hygiene are lean budgets and limited staff with security expertise. To make the framework even more accessible and affordable for Multi-State Information Sharing and Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) members, Tenable’s solutions are now the only comprehensive, risk-based vulnerability management offerings available in the CIS CyberMarket. For more information on the partnership, view our press release.
6
The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident. CISA and MS-ISAC observed there are vast products and resources available, but very few that have them all in one place. This joint ransomware guide is written primarily for the IT professional, but every level of an organization can benefit from reviewing it. CISA and MS-ISAC are proud to provide this guide that can help them plan for a ransomware incident and understand the risk management, analytical, and response services available to them. Download the guide from the CISA website. Led by the Johns Hopkins University Applied Physics Laboratory (APL) in partnership with the MS-ISAC and funded by a grant from CISA, a new automated data feed will help defend state and local government computer systems from cyber-attacks and rapidly blocks threats across state lines. The one-year trial, “Indicators of Compromise Automation Pilot,” reduced cyber defense time from some three days to less than three minutes in a successful pilot program across four states. Under the live pilot on active government systems, Louisiana, Massachusetts, Texas, the state of Arizona and Maricopa County, Arizona, together with the MS-ISAC, effectively flagged indicators of a cyberattack and rapidly blocked traffic to and from threatening IP addresses, domains, and files across the shared network markedly faster than current manual processes. Learn more about the pilot at the John Hopkins APL website.
Winter 2020
Detect Ransomware in Minutes Event detection to notification within six minutes*
• Cost-effective solution • Passive, fully managed
intrusion detection system
Find out more →
www.cisecurity.org
* Exclusive 24x7 Network Monitoring for State, Local, Tribal, & Territorial Government Entities
Cybersecurity Quarterly
CIS: Celebrating 20 Years of Cybersecurity A look back at the decades-long journey to becoming one of the cybersecurity industry's most trusted sources of best practices for securing IT systems and data By CIS Staff The year 2020 has been a whirlwind of adaptation and change, prompting the phrase “business as usual� to take on a whole new meaning. The Center for Internet Security (CIS) has become a leader in supporting both public and private organizations in the COVID era, when many are shifting more of their workforce remote and more of their workloads to the cloud. 2020 also marks a milestone for CIS, the organization is celebrating 20 years of making the connected world a safer place for people, businesses, and governments worldwide.
"I am intensely proud of what CIS has accomplished," said CIS co-founder, Frank Reeder. "I am thrilled with where it stands today."
Back in August of 2000, a small group of business and government leaders met at the legendary Cosmos Club in Washington, D.C. to discuss a concerning rash of cyber-attacks. From that meeting and others, a vision emerged for an independent, mission-driven, nonprofit organization dedicated to preventing and mitigating new cyber threats.
2002: Consensus-based security guidance is established with the Consensus Security Benchmark for Windows 2000 (involving NSA, DISA, FBI, SANS, CIS).
Today, CIS is the embodiment of that vision. Over the course of 20 years, we have been privileged to work with some of the best minds in the cybersecurity and IT professions. Through a global, collaborative effort, we have developed world-class standards in the form of the CIS Controls and CIS Benchmarks, along with specialized technology tools to help security practitioners implement and manage their cyber defenses.
8
CIS Contributions to Cybersecurity Through the Years 2000: The idea is born. CIS incorporates and we welcome the first CIS SecureSuite member. The first CIS Benchmark is released (for the Solaris Operating System).
2008: Measurement takes center stage as the era of the professional CIS-Configuration Assessment Tool (CIS-CAT) begins. 2010: MS-ISAC transitions into CIS, providing no-cost support for U.S. State, Local, Tribal, and Territorial (SLTT) organizations (10,000 members today). 2011: 24x7x365 Security Operations Center (SOC) established for monitoring services. Albert IDS Pilot launched (750 devices today).
Winter 2020
2013: AWS Partnership for cloud security with CIS Hardened Images begins; to be joined later on by Microsoft, Google, and Oracle (900 million compute hours used to date). 2015: Council on CyberSecurity (the Critical Security Controls, the U.S. Cyber Challenge) transitions into CIS. CIS Controls v6 reaches 100K downloads. 2018: CIS founds EI-ISAC for election integrity (2,750 members today). 2019: CIS Benchmark portfolio numbers have grown to more than 25 vendor product families and over 150 distinct CIS Benchmarks (more than one million downloads annually.)
CIS Today and Into the Future CIS remains the independent and trusted resource for cybersecurity. Participation from our global volunteer community continues to drive the evolution of cybersecurity best practices. CIS is dedicated to bringing tools and services to the public in formats and products that make it easy and cost-effective to implement those best practices. Recently, CIS released no-cost best practice guidance in the form of the Community Defense Model mapping the CIS Controls to the MITRE ATT&CK model, CIS Foundations Benchmarks for
cloud service providers, a guide to the Shared Responsibility Model for security in the cloud, the CIS Password Policy Guide, the CIS Videoconferencing Security Guide, and more. We introduced new versions of CIS-CAT and CIS CSAT Pro to assist with implementation and monitoring, giving cybersecurity professionals tools to automate and measure their implementation of best practices. CIS Benchmarks and CIS Controls continue to be the cornerstone of effective cyber hygiene and continue to be supported and referenced by experts in the industry. CIS is proud to have grown our team to more than 250 employees in 19 states throughout the U.S., and have built a global community of volunteer subject matter experts with whom we are proud to collaborate to make the connected world a safer place now and for the future. “At our 20-year mark, we celebrate our founders’ vision, which was grand in scope and aspiration but practical," said CIS President and CEO, John Gilligan. "And, while CIS is proud of our mission and our accomplishments over the first 20 years, our focus now is how we continue to ensure Confidence in the Connected World in the next 20 years.” The celebration is just getting started. Stay tuned for more stories of the founding of CIS and the great things we have planned for 2021 and beyond.
9
Cybersecurity Quarterly
Community Watch: A New Collaborative Effort to Combat Cybercrime A look at how the U.S. Department of Homeland Security and its partners are working together to more effectively report, respond to, and prevent cybercrime By Nolan Amelio We have all been on the receiving end of a panicked phone call from a friend or family member who has reached out because “you know things about computers.” They’re experiencing some form of cyber scam, ransomware, or worse, and they need help. Small and medium-sized businesses (SMBs) and individuals experience the scenario outlined above every day. At some point in the troubleshooting process, they may seek to inform law enforcement of the issue and ask for assistance. Often, as much as law enforcement would like to help, many agencies are not optimized for responding to cybercrimes.
At some point in the troubleshooting process, [SMBs and individuals] may seek to inform law enforcement of the issue and ask for assistance. Often, as much as law enforcement would like to help, many agencies are not optimized for responding to cybercrimes.
To aid SMBs and individuals facing significant challenges in dealing with cybercrime, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) has entered into a cooperative agreement with the
Cybercrime Support Network (CSN), in partnership with the Center for Internet Security (CIS), and Mississippi State University’s National Strategic Planning & Analysis Research Center (NSPARC), to launch the State, Local, Tribal, and Territorial (SLTT) Threat Reporting & Information Sharing Pilot. This initiative seeks to achieve the following crucial objectives: 1. Provide SMBs and individuals a streamlined and unified reporting platform to record specific instances of cybercrime. 2. Provide threat and trend data of the SMB and consumer cyber threat landscapes to SLTT partners so they can better serve those in their jurisdictions.
10
Winter 2020
3. Pass actionable instances of cybercrime to appropriate law enforcement agencies for followup. 4. Provide resources to help victims of cybercrime recover. Our objectives are distilled from a need to create an accurate picture of the threat landscape faced by SMBs and individuals. Building a culture of reporting will provide lawmakers and those that work to combat cybercrime with the necessary data to make more informed decisions in regards to funding, staffing, and other considerations. The generation of tailored resources serves to incentivize reporting, as well as serve victims who need assistance determining their next steps. Finally, providing crime, threat, and trend data to law enforcement serves to ensure that those charged with public safety are aware of crimes in their jurisdictions, as well as provides a starting point for determining how to handle these investigations. The next time you receive that panicked phone call from a friend or loved one, know that you can positively impact the situation. By sending them to fraudsupport.org, they can easily report what they are experiencing and receive resources to help them correct the issue. Any cybersecurity professional will tell you that it’s not a matter of if, but when, you encounter a cybercrime. Take solace in knowing that when it does occur, you can recommend a resource designed to support those impacted by cybercrime.
Our objectives are distilled from a need to create an accurate picture of the threat landscape faced by SMBs and individuals. Building a culture of reporting will provide lawmakers and those that work to combat cybercrime with the necessary data to make more informed decisions in regards to funding, staffing, and other considerations.
For questions, please feel free to contact us at info@ cybercrimesupport.org. To stay up to date on all the latest from CSN subscribe to our newsletter and follow us on Twitter, Facebook, LinkedIn, and YouTube. Nolan Amelio is a Program Specialist for the MultiState Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security (CIS). Nolan serves on the Stakeholder Engagement team providing U.S. State, Local, Tribal, and Territorial (SLTT) governments with no-cost cybersecurity resources, services, and support to enhance their cyber defenses. Nolan is currently assigned to Cybercrime Support Network (CSN), a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime, and the SLTT Threat Reporting and Information Sharing, where he spearheads outreach and facilitates information sharing.
11
Cybersecurity Quarterly
Security is a Team Sport
When it comes to cybersecurity, while a single person can cause a breach, creating and maintaining an effective security posture is a team effort By Leslie Daigle In the context of enterprise network security, the message is clear: a slip by any one person can be the path to a security breach, but no single person can prevent malicious activity by themselves. It takes teamwork to ensure that corporate networks and information resources are properly and constantly secured. When we broaden the focus to internet security as a whole, the message is not different: no single actor can clean up the internet for everyone, while a lapse on the part of one organization can have important negative consequences for many others. All it takes is one network engineer misconfiguring a router in their own network, and suddenly some of your customers can’t reach your website. That happens quite frequently – somewhere in the
When we broaden the focus to internet security as a whole, the message is not different: no single actor can clean up the internet for everyone, while a lapse on the part of one organization can have important negative consequences for many others. 12
network, there are routing leaks and possible hijacks multiple times every day. BGPStream reports observing 269 route leaks or possible hijacks for the month of November 2020. Most of them are quite brief and limited in scope, but every now and then there is an incident that is impactful enough that it makes the news. For example, in November 2018, Google G-Suite resources became unreachable by many when a China Telecom configuration mistake caused their network to receive traffic destined for Google. The internet was built from collaboration and cooperation – literally and figuratively. The open standards for the protocols that drive the internet have been built through open processes and discussions through the decades of the Internet Engineering Task Force’s existence. Unlike the traditional telephony network, which relied on treaty-based interconnection rules between countries, networks connect to the internet through these open protocols, and traffic moves from source to destination because of the cooperation of the network of networks. When no single entity could provide an answer to routing security, a group of network operators came together to create and share “Mutually Agreed Norms for Routing Security” (MANRS) – committing to best practices to reduce the likelihood of issues
Winter 2020
The internet was built from collaboration and cooperation – literally and figuratively. within their own networks or of inadvertently promoting others’ misconfigurations. Collectively, the network operations industry is looking to improve the state of security for the whole Internet . Network operators clearly have an interest in ensuring that the whole network continues to work. Individual domain holders may not be so invested. While we hear “See something? Say something!” in the context of improving security in public spaces, it is not so clear what to do when a domain seems to exist solely for the purpose of criminal activity (phishing, hosting malware, etc.). These domains are not always noticeable to the casual user, so who is going to see anything, let alone say something? Additionally, cybercrime is by and large an international crime and so falls to many law enforcement jurisdictions to prosecute. Although arrests are made, cybercrime is hard to prosecute and so prevention is key. Fortunately, there are entities that are tracking the existence of malicious domains. Domain Trust is a platform being built by the Global Cyber Alliance (GCA) and our partners to share information on domain names which are observed causing cybercrime on the internet. To reach that goal of prevention of cybercrime, the aim is that the domain registries ultimately suspend and take down the domains and that ISPs block the domains for their customers. Domain Trust allows sharing of the data amongst the community and sharing of best practices – through collaboration and information sharing, together we can make the internet more secure. These are just two areas of consideration of internet security – demonstrating that every individual (person or corporation) needs to do its part but that collectively we can achieve greater things. GCA, in partnership with the Internet Society, launched a survey of network operators to gain a global understanding of the state of implementation of routing security measures, the
level of concern within network operations (and business decision-making), and the plans for next steps. This survey can be filled out anonymously, although we’d certainly appreciate having your contact information for the purposes of following up with more direct questions (and no other purpose – see our privacy policy). If you operate a network (engineering or business decision-making), please fill out our survey, and check back for updates! Leslie Daigle is the Global Technical Officer for the Global Cyber Alliance, a nonprofit organization whose mission is to eradicate cyber risk around the globe. Daigle has been actively involved in shaping the internet’s practical evolution for more than twenty years. Always fascinated by the internet’s technology, innovation, and real world impact, she started her professional career working with internet applications technologies for corporate commercial activities, and progressed to take on leadership roles within internet technology supporting institutions. Daigle has been the Principal at Thinking Cat Enterprises for several years, which has been focused on advancing the internet’s technology development and deployment through coordinated action of interested internet stakeholders. Daigle previously was the Internet Society’s first Chief Internet Technology Officer. She joined the Internet Society in 2007, and she helped to (re)create the global dialog on important technical issues, calling stakeholders to action by providing achievable targets and facilitating their own collaboration across (corporate) organizational boundaries until May 2014. Daigle was an appointed member of the related Internet Architecture Board (IAB) from March 2000 to March 2008, and was the elected Chair of the IAB from 2002 to 2007. Prior to working for the Internet Society, she held the positions of Consulting Engineer at Cisco Systems, Director of Directory Research at VeriSign, and Vice President for Research at industry pioneer Bunyip Information Systems, among others. Daigle holds an M.Sc. in Computing & Information Science from the University of Guelph, and a B.Sc. in Math and Computer Science from McGill University.
13
Cybersecurity Quarterly
The Most Festive Cyber Challenge of the Year is Here The start of the holiday season brings about the return of the highly anticipated annual SANS Holiday Hack Challenge By Tanya Van Kirk
The SANS Holiday Hack Challenge, run by SANS's in-house penetration testing and ethical hacking expert Ed Skoudis and his Counter Hack team, is a game-based, holiday-themed, free virtual cyber challenge that is now open at holidayhackchallenge. com. The annual challenge is essentially an in-depth, fun, and festive story, which Skoudis has been intricately developing over the past year, about Jack Frost attempting to ruin the holidays with his ruthless cyber-attacks. It’s your job to stop him by solving as many challenges as you can to save Santa, the three French hens, and the rest of us! All skill levels can and should participate in this global holiday gathering, whether you want to gain
The annual challenge is an indepth, fun, and festive story... about Jack Frost attempting to ruin the holidays with his ruthless cyber-attacks. All skill levels can and should participate in this global holiday gathering, whether you want to gain fundamental cyber knowledge, test your hands-on skills, prove your advanced capabilities, or just have fun and be inspired. fundamental cyber knowledge, test your handson skills, prove your advanced capabilities, or just have fun and be inspired.
How it Works After registering to play, you’ll create your own custom avatar and begin to explore the North Pole neighborhood. As you roam the immersive, interactive world, you’ll need to work on various offensive, defensive, and digital forensics and incident response (DFIR) challenges incorporated throughout the story to save the holidays from Jack
14
Winter 2020
In 2019, over 17,000 challengers participate in the event. This year's challenge is already underway! Join in on the fun by registering at holidayhackchallenge.com years' Holiday Hack Challenges streaming on the services. Frost. You have until January 4 to complete as many challenges as you can, covering a wide breadth of topics, including cloud, offense, analytics, defense, wireless, crypto, and more. All of the participants’ work will be reviewed in January, after which the top performer and other winners will be announced, and all of the prizes and awards will be allocated. The Holiday Hack Challenge winner will receive either a SANS cybersecurity course or a NetWars Continuous 4-month online subscription as their prize. There will also be other exciting prizes, such as passes to the 2021 RSA Conference.
KringleCon Virtual Conference For the third year in a row, the event also features KringleCon, a virtual conference that takes place inside the Holiday Hack Challenge village, where participants can watch talks from information security experts on tips and tricks for solving some of the Holiday Hack Challenges and advancing their careers in the industry. This year’s stellar lineup of KringleCon speakers includes Jack Rhysider, Charles Shirer, Dave Herrald, Josh Wright, and many others. The opening keynote will be presented by none other than Holiday Hack Challenge creator Ed Skoudis.
Also new for this year's challenge is an official series of Discord channels for participants to collaborate with other challengers or brag about completing the challenges. As always, participants should keep their eyes out for mini-games and other Easter eggs scattered around the challenge. In 2019, over 17,000 challengers participated in the event. This year's challenge is already underway! Join in on the fun by registering at holidayhackchallenge. com now to compete with your teammates, friends, and players from around the globe in this one-of-a-kind shared virtual experience. Tanya Van Kirk is the Director of Brand Marketing for the SANS Institute, the most trusted provider of information security training, certification, and research in the world. She is an experienced marketing executive with over 20 years of branding and strategy experience. Before her position at SANS, Tanya managed marketing planning and development for AIMMS, a Dutch software platform provider. Prior to that, Tanya served as marketing and circulation lead at a number of regional lifestyle magazines and industry trade publications, as well as started, developed, managed, and sold a successful events and marketing consulting business.
Another fan favorite feature of the event is the Holiday Hack Challenge playlist, featuring custom holiday music that is streaming on all major streaming services, including Spotify, Apple Music, and Amazon Music, for the first time ever this year. Additionally, participants can find playlists from past
15
Cybersecurity Quarterly
New Updates for CIS CSAT Pro
An expansive list of new features have been added to CIS's latest tool to help organizations effectively implement the security recommendations contained in the CIS Controls By Aaron Piper The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to assess their implementation of the CIS Controls, enabling them to track their progress over time and identify areas for improvement.
Event Logs for Assessments and Organizations Custom tags for tasks Assessment Summary filtering
In the Fall 2020 issue of Cybersecurity Quarterly, we introduced CIS CSAT Pro – a new on-premises version of CIS CSAT available to CIS SecureSuite Members. Since then, we’ve had two new CSAT Pro updates (v1.1.0 and v1.2.0), which bring many additional features to the tool. These features include:
Task discussions Improved task tracking (calendar, reminders, and email notifications) Organization logo upload
Exportable graphs
Exportable Board Level Slides
New mappings (NIST 800-53 and PCI DSS)
In addition to the CIS Sub-Control level CSV spreadsheet export that was already available, a set of slides containing the graphs and summary data from the Assessment Dashboard and the organization’s Assessment History graph can now be exported. These graphs are exported in PPTX format.
Organization Tree Chart
In the Fall 2020 issue of Cybersecurity Quarterly, we introduced CIS CSAT Pro. Since then, we’ve had two new CSAT Pro updates (v1.1.0 and v1.2.0), which bring many additional features to the tool. 16
New Mappings Mappings from the CIS Sub-Controls to the NIST 800-53 Rev4 Low Baseline and to the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 are now included in CIS CSAT Pro’s Sub-
Winter 2020
Control view. Clicking on a mapping block displays additional information on the external framework’s requirement You can download the CIS Sub-Controls mapping to: NIST 800-53 Rev4 Low Baseline from the CIS website or from CIS WorkBench PCI DSS from the CIS website or from CIS WorkBench
Organization Tree Chart An organization chart that shows an entire organization tree is now available. Features of the Organization Chart include: Each organization and sub-organization in the organization tree is displayed in a block displaying the organization’s industry, the total number of sub-organizations under it, and the number of suborganizations directly under it. The currently selected organization is highlighted in green. Each organization block is clickable, taking you to the Organization Info page for that organization. Sub-organizations can be displayed or hidden. Easily navigate large organization charts by dragging to move around the chart. Zoom in or out with the scroll wheel of the mouse.
Event Logs Two new event logs are now available, displaying a history of important actions at the assessment level and the organization level. Entries in these logs include the event, the user who performed the action, and the date/time of the event. The Assessment Event Log is available from the Assessment Dashboard. It maintains a history of assessment-level events including assessment creation, closing or reopening the assessment, and changes to the assessment’s Implementation Group.
The Organization History section displays an event log for the selected organization on its Organization Info page. Events logged in this section include: User changes (added, removed, or a role change in the organization) Sub-organization creation/deletion Changes in the organization’s information (name, website, or industry)
Custom Tags for Tasks Users can now label CIS Sub-Controls in their assessments with custom tags. These tags can be entered and viewed in the Sub-Control View for that task. The custom tag input field will autopopulate existing tags that are currently used in the organization’s assessments as the user starts typing, or the user can create an entirely new tag. Once tagged, tasks in an assessment can be filtered by custom tag in the Assessment Summary page.
Assessment Summary Filtering The task list in the Assessment Summary page can now be filtered by various criteria including task applicability, assignment status, workflow status, score, asset type, security function, custom tags, or Implementation Group. Multiple filters can be selected at once. Filtering can help users quickly answer questions like, “Which Implementation Group 1 Sub-Controls have not yet been assigned?”
17
Cybersecurity Quarterly
Task Discussions
Task Reminders and Email Notifications
Users can now comment on individual tasks in the Sub-Control View. The Discussion feature can be used to aid team communication during the assessment process or to save information about that task for future reference.
Users can now send an email, along with an optional comment, to the user assigned to a task in order to remind that user to complete the task. Similarly, users can send reminders (with optional comments) to task assigners in order to remind them to review and validate tasks.
Improved Task Tracking Several new features are now available to improve the ability of users to track tasks in assessments including a task calendar and task reminders.
Task Calendars A task calendar is now available to organize an assessment’s tasks by due date. Hovering over a task displays additional information. The tasks also have checkmarks to indicate their status in the workflow: A double checkmark preceding the task indicates the task has been validated A single checkmark indicates the task has been completed but not validated No checkmark indicates that the task has not yet been completed Clicking on a task will take users to the Sub-Control View for that task. The calendar view can be shifted among monthly, weekly, and daily views, and lets users navigate to view past or future time frames.
Now, users automatically receive an email with task details when tasks they assigned are completed. Assigned users and users who completed a task receive an email notification when that task is sent back for additional changes.
Organization Logos Organization Admins can now upload a logo for each of their organizations and sub-organizations from the Organization Info page. Check out the change log to see the full list of changes for each version.
Getting Started with CIS CSAT Pro CIS CSAT Pro is available to CIS SecureSuite Members. Join the CSAT Pro Community in CIS WorkBench and download the appropriate installer for your environment (Windows or Unix). If you’ve installed a previous version of CIS CSAT Pro, the installer will upgrade your existing installation. If you’re new to CIS CSAT Pro, see the Deployment Guide to walk you through installation. CIS is community driven – if you’ve used CIS CSAT Pro, please share your feedback to help us improve the tool. Aaron Piper is a Senior Cybersecurity Engineer at CIS. He focuses on automation, tooling, and measurement efforts for the CIS Controls, and is the Product Owner for the CIS Controls Self Assessment Tool (CIS CSAT). Prior to working at CIS, Piper worked in cybersecurity for the Federal Government for more than a decade.
18
Winter 2020
NNT SecureOpsTM Secure your Cloud and Container Environments with Confidence Despite implementing cloud technologies, most organizations continue to be heavily dependent on legacy systems. This presents a unique challenge in ensuring cloud and container security. Over 80% of
HOW NNT’s SECUREOPSTM PROTECTS YOUR CONTAINER AND CLOUD SECURITY POSTURE
breaches* still take days to discover, with at least 25% persisting for months before being identified. Maintaining a high level of security at all times and adhering to regulatory compliance standards
Automated & accurate CIS benchmark secure configuration guidance audits
Guaranteed system integrity with real-time change detection
Threat Intelligence with over 8 billion file reputations and 85,000 network vulnerability tests
Limitless choice of security deployment options
for your cloud and container environments is achieved by detecting security threats before they become breaches. This level of security is provided by NNT’s SecureOps as it monitors complete configuration and system integrity while leveraging intelligent change control.
Request a Demo
Learn More >>
*Source: 2020 Verizon Data Breach Investigation Report 19
Cybersecurity Quarterly
Commonly Exploited Protocols: Remote Desktop Protocol (RDP) Cybercriminals have taken advantage of the rise in Remote Desktop Protocol (RDP) usage due to telecommuting. Our new guide can help organizations secure this attack vector. By Valecia Stocchetti Each year, billions of internet-connected systems and devices are brought online. This does not include the number of newly-installed systems that are internal to a network. Of these systems, many are at risk of being exploited by attackers through a variety of vectors, including poorly-secured network protocols and services. We are at a point in cybersecurity where offense must inform defense in order to help protect against the most prolific cyber threats to our environments. Telecommuting has always presented challenges, balancing security with usability. Open-source reports indicate that Remote Desktop Protocol (RDP) usage jumped an estimated 41% when COVID-19 struck.
Telecommuting has always presented challenges, balancing security with usability. Opensource reports indicate that Remote Desktop Protocol (RDP) usage jumped an estimated 41% when COVID-19 struck. CIS is releasing guidance to help organizations understand how to mitigate against these risks and why it is important, in order to protect and defend against the most pervasive cyber threats that are faced today. This guide explains how best to secure Remote Desktop Protocol (RDP).
Remote Desktop Protocol (RDP) Attacks RDP, a proprietary Microsoft protocol that allows a user to connect to a system remotely over a network connection, has largely been targeted over the years. Attacks exploiting RDP often do not happen as a result of an organization failing to purchase the latest and greatest software or application, but rather due to a lack of basic cyber hygiene. Many RDP-based attacks can be thwarted by implementing a few direct mitigations, at a low or no cost, which can help to protect against these types of attacks.
20
Winter 2020
RDP compromise, where an attacker uses RDP to remote into a system and deploy ransomware, has been and continues to be one of the most common methods that is used to ransom a system. Additional supportive controls for protecting against and detecting RDP-based attacks It is no secret that ransomware has been on the rise. Over the past few years, ransomware has also changed its initial infection vectors. Common vectors, such as phishing emails and software vulnerabilities, are still among the top methods. However, RDP compromise, where an attacker uses RDP to remote into a system and deploy ransomware, has been and continues to be one of the most common methods that is used to ransom a system. With the massive shift in telecommuting as a result of the COVID-19 pandemic, the usage of RDP has increased dramatically. This expands the number of available systems for attackers to target and potentially compromise.
Securing RDP CIS’s guide, Exploited Protocols: Remote Desktop Protocol, is here to help you secure RDP. It leverages security best practices from the CIS Controls and secure configuration recommendations from the CIS Benchmarks. The guide contains:
Download our guide for an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack. Valecia Stocchetti is a Sr. Cybersecurity Engineer for the CIS Controls at the Center for Internet Security. Valecia comes to CIS from the eCommerce field where she worked complex financial fraud cases. She is a graduate from the University at Albany with a degree in Digital Forensics. Prior to joining the CIS Controls team, Valecia worked in the MS/ EI-ISAC Computer Emergency Response Team (CERT), where she managed CERT and spearheaded multiple forensic investigations and incident response engagements for the MS/EI-ISAC SLTT community. In her current role, she works with various attack models and data, including the MITRE ATT&CK framework, to help validate and prioritize the CIS Controls. Valecia holds many certifications, including GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), and GIAC Security Essentials Certification (GSEC). While she enjoys all things InfoSec, she particularly finds the Cybercrime and Espionage fields fascinating, which is what led her to this career in the first place.
A high-level overview of the direct mitigation for securing RDP Why it is important to secure RDP from an attack perspective Related CIS Controls and/or CIS Benchmarks for securing RDP
21
Cybersecurity Quarterly
Cyberside Chat This Quarter's Topic: Collaborate for Cybersecurity Success By Sean Atkinson, Chief Information Security Officer, CIS The management of control regarding information systems will continue to be a challenge. The underlying capabilities of digitized business processes continue to expand further into the digitization of our professional and personal lives. At this point, we rely on organizations to secure our data through an expectation or assumption that a strong security posture is in place. Security is not absolute, the management of the underlying threat and probability of impact to those systems requires multiple perspectives and collaborative efforts to reduce the probability of a threat being actualized within these environments. The need to harness multiple and diverse perspectives will provide for a greater level of security and control within our business environments. The “critical thinking� skills needed to create robust and resilient infrastructure needs to harness multiple perspectives from within an organization, as well as external resources. CIS takes great pride in providing perspectives through our framework and guidance documents for the CIS Controls so organizations do not have to define what control sets can be utilized to manage security. The creation of the Controls is a collaborative effort. Volunteers from around the world contribute their thoughts, best practices, and
Security is not absolute, the management of the underlying threat and probability of impact to those systems requires multiple perspectives and collaborative efforts to reduce the probability of a threat being actualized within these environments. 22
experiences to assist any organization wishing to make improvements in their cybersecurity posture. The use of shared intelligence and threat indicators is another example of modularity of independent research when combined creates a community of intelligence where many can benefit. Multiple tools consume shared information to provide new and current threat vector identification capabilities to create a more robust solution backed with collaborative input. Collaboration occurs at the operational level with the use of Managed Service Providers. The utilization of dedicated experts promotes a new level of confidence when using professional services to identify, protect, detect, and respond to incidents within an environment. Here at CIS, the MS-ISAC provides a 24x7x365 SOC that works in collaboration with our members to identify and detect threats to SLTT networks. The information gained and visibility from these services are used to collaboratively assist others. When one threat is detected against a network, all other networks are updated with the same threat indicators, generating a self-reinforcing system of protection using the information from one incident to benefit all members. The element for consideration by any business is the ability to utilize such information. Having access to the information is just the beginning of the process, it is the harnessing of that data to make a true difference in your cybersecurity posture. Applying the information within a business context is the critical point between success and failure. The utility of the threat data and or products/services need to be managed within the business. The internal collaboration between IT, IS, and the business becomes the part where collaborative information becomes an actionable plan of contextualized security control.
Winter 2020
ISAC Update As the year that was 2020 draws to a close, the MSand EI-ISACs continues to provide vital cybersecurity resources to the SLTT and Election communities that we serve. Membership during this difficult time has surged and we welcomed our 10,000th member in November! From November of 2016 to November of 2020, we have welcomed over 8,500 new members. Our Malicious Domain Blocking and Reporting (MDBR) service is growing prodigiously and is now covering over 1,000 organizations, providing them with safe and secure DNS redirection and reporting. Our Nationwide Cybersecurity Review (NCSR) is wrapping up for the year and we strongly encourage you to complete the survey. Your input is invaluable to not just the MS- and EI-ISACs, but can help your organization and its information security strategy in a myriad of ways. With the conclusion of the election cycle, the EIISAC is proud to have been a key organization
in helping to make this one of the most secure U.S. elections ever held. The EI-ISAC is on the doorstep to its 3,000th member and we hope to secure that number before the end of the year. 2021 will be a year of membership growth, product and service expansion, and new ways of better securing the SLTT community. The SLTT Threat Reporting and Information Sharing project will be coming online in its pilot phase, offering a new avenue for reporting cybersecurity incidents from consumers and small businesses. Working hand in hand with the Cybercrime Support Network (CSN), fusion centers, and law enforcement, we hope to help this underserved community and open up a new data set to better serve our SLTT partners. We will continue to evolve and grow while always maintaining our commitment to our core mission to improve the overall cybersecurity posture of the nation's state, local, tribal, and territorial governments through focused cyber threat prevention, protection, response, and recovery. The MS- and EIISACs wish you and yours a happy and healthy holiday season and we want to offer a hearty thank you to all of our current members for your efforts on our behalf and for touting the benefits of membership to your SLTT colleagues. We are stronger and more connected than ever before!
23
Cybersecurity Quarterly
Upcoming Events January January 12 – 14 AWS re:Invent concludes its three-week online run with three days of 40+ online breakout sessions covering over 50 content tracks on all things related to working in the cloud with AWS and its partners. To learn more, visit https://reinvent.awsevents.com/. January 28 The Texas Association of Governmental Information Technology Managers (TAGITM) will be hosting its 2021 Winter Virtual Summit. The focus of the event will be Risky Cyber Business – What You Need to Know, allowing government IT leaders and professionals in the state to virtually learn about the latest in cyber risk and cyber threats. At the event, the MS-ISAC Stakeholder Engagement team will lead a discussion covering MS-ISAC membership and the Malicious Domain Blocking and Reporting (MDBR) service. Learn more at https://www.tagitm. org/events/.
February February 2 – 5 The National Association of Secretaries of State (NASS) and the National Association of State Election Directors (NASED) will co-host the NASS/ NASED 2021 Winter Virtual Conference. NASS and NASED members gather together virtually to discuss the latest developments in election administration. Learn more at https://www.nass. org/events/nass-2021-virtual-winter-conference. February 8 – 11 The Pennsylvania Education Technology Expo and Conference (PETE) 2021 will take place virtually, bringing together like-minded technology administrators and educators from across the State of Pennsylvania and surrounding areas to learn from leading experts in the education and technology fields. Learn more at https://www.peteandc.org/.
24
March March 2 – 4 The Consortium for School Networking (CoSN) will be hosting its 2021 CoSN Annual Conference virtually. The event will bring together education technology leaders from across the country to network and address key challenges as they transition to digitally enabled learning environments. Learn more at https:// cosnconference.org/. March 7 – 10 The National League of Cities (NLC) will be hosting its 2021 Congressional City Conference virtually. The event will connect local leaders from across the country to learn best practices, discover tools, and gather resources to best fit their communities' needs. Through workshops and general sessions, participants will get training to build leadership skills and conduct productive meetings with federal representatives. Learn more at https://ccc.nlc.org/.
April April 12 – 14 The Cyber Risk Alliance will host InfoSec World 2021 at Disney’s Coronado Springs Resort in Orlando, Florida. The event will bring together information security professionals to network and learn from keynotes, breakout sessions, workshops, and summits with peers from around the world. Learn more at https://www.infosecworldusa.com/. April 26 – 28 The Massachusetts Attorney General's Office will be hosting the 2021 National Cyber Crime Conference (NCCC) at the Four Points by Sheraton Norwood in Norwood, Massachusetts. Over the past nine years, the NCCC has become the premier annual cybercrime and digital evidence training event for law enforcement, prosecutors, and forensic examiners. Learn more at https://www.mass.gov/ service-details/national-cyber-crime-conference.
}; msg := ControlMessage{Target: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, " capeString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w http.ResponseWriter ollChannel <- reqChan;timeout := time.After(time.Second); select { case result Winter := <-2020 reqChan: if re , "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndSe "html"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct { Target stri (chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan bo atusPollChannel); for { select { case respChan := <- statusPollChannel: respChan <- workerActive; c uff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; fun an bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := st strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return get"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", h p.HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); s e.Second); select { case result := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fp int(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };package main; import ( "fmt" s"; "time" ); type ControlMessage struct { Target string; Count int64; }; func main() { controlChan := make(chan bool); statusPollChannel := make(chan chan bool); workerActive := false;go admin(contr spChan := <- statusPollChannel: respChan <- workerActive; case msg := <-controlChannel: workerActiv atus := <- workerCompleteChan: workerActive = status; }}}; func admin(cc chan ControlMessage, statu admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strings.Split(r.Host, ":"); r. ue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; msg := ControlMessage fmt.Fprintf(w, "Control message issued for Target %s, count %d", html.EscapeString(r.FormValue("ta http.ResponseWriter, r *http.Request) { reqChan := make(chan bool); statusPollChannel <- reqChan;ti := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return; al(http.ListenAndServe(":1337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; " ruct { Target string; Count int64; }; func main() { controlChannel := make(chan ControlMessage);wor := make(chan chan bool); workerActive := false;go admin(controlChannel, statusPollChannel); for { n <- workerActive; case msg := <-controlChannel: workerActive = true; go doStuff(msg, workerComplet ctive = status; }}}; func admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.Han equest) { hostTokens := strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r intf(w, err.Error()); return; }; msg := ControlMessage{Target: r.FormValue("target"), Count: count} for Target %s, count %d", html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc("/s { reqChan := make(chan bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); sele int(w, "ACTIVE"); } else { fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TI :1337", nil)); };package main; import ( "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; "ti Count int64; }; func main() { controlChannel := make(chan ControlMessage);workerCompleteChan := ma ol); workerActive := false;go admin(controlChannel, statusPollChannel); for { select { case respCha ase msg := <-controlChannel: workerActive = true; go doStuff(msg, workerCompleteChan); case status nc admin(cc chan ControlMessage, statusPollChannel chan chan bool) {http.HandleFunc("/admin", func( strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r.FormValue("count"), 10 return; }; msg := ControlMessage{Target: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fpri d", html.EscapeString(r.FormValue("target")), count); }); http.HandleFunc("/status",func(w http.Res an bool); statusPollChannel <- reqChan;timeout := time.After(time.Second); select { case result := { fmt.Fprint(w, "INACTIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(ht ( "fmt"; "html"; "log"; "net/http"; "strconv"; "strings"; "time" ); type ControlMessage struct { Ta nnel := make(chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make( Channel, statusPollChannel); for { select { case respChan := <- statusPollChannel: respChan <- work true; go doStuff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = sta ollChannel chan chan bool) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) Form(); count, err := strconv.ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w rget: r.FormValue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for T get")), count); }); http.HandleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqCha ;timeout := time.After(time.Second); select { case result := <- reqChan: if result { fmt.Fprint(w, case <- timeout: fmt.Fprint(w, "TIMEOUT");}}); log.Fatal(http.ListenAndServe(":1337", nil)); };pac tp"; "strconv"; "strings"; "time" ); type ControlMessage struct { Target string; Count int64; }; fu sage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan bool); workerActiv ); for { select { case respChan := <- statusPollChannel: respChan <- workerActive; case msg := <-co g, workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; func admi ol) {http.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) { hostTokens := strings .ParseInt(r.FormValue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Error()); return; }; ms Count: count}; cc <- msg; fmt.Fprintf(w, "Control message issued for Target %s, count %d", html.Esc ndleFunc("/status",func(w http.ResponseWriter, r *http.Request) { reqChan := make(chan 25 bool); statu cond); select { case result := <- reqChan: if result { fmt.Fprint(w, "ACTIVE"); } else { fmt.Fprint
Advanced Threats. Maximum Protection.
Ensure users and devices can safely connect from anywhere, with industry-leading protection.
Proactively identify, block, and mitigate targeted threats, including zero-day attacks, malware, and phishing.
See Why
Copyright Š 2020 Center for Internet Security, All rights reserved.
Interested in being a contributor? Please contact us: info@cisalliance.org www.cisecurity.org 518.880.0699