Hardening by using CIS – A Holistic Approach

System hardening refers to the process of securing a computer system by reducing its vulnerability to potential threats and attacks. This is achieved by taking various measures, such as configuring the system’s software and hardware components to eliminate known security weaknesses, disabling unnecessary services, limiting user privileges, implementing access controls and firewalls, and regularly updating and patching software to address known vulnerabilities.

System hardening aims to create a more secure computing environment that is less susceptible to unauthorized access, data breaches, malware infections, and other types of security threats. This is particularly important for systems that store sensitive or confidential information, such as financial data, medical records, and government intelligence.

System hardening is an ongoing process that requires continuous monitoring and maintenance to ensure that the system remains secure and up to date with the latest security patches and updates. It is an important aspect of cybersecurity that is essential for protecting sensitive information and maintaining the trust of users and customers.

The CIS (Center for Internet Security) benchmarks are a set of best practices and guidelines to provide a comprehensive framework of security controls and settings that can be used to harden various types of systems, including Cloud deployments. it is possible to apply the CIS (Center for Internet Security) benchmarks for tactical and operational levels. They cover various security areas, such as operating systems, applications, and network devices. The benchmarks are designed to be used by organizations of all sizes and types and can be customized to meet specific security needs.

At the tactical level, the CIS benchmarks can be applied to individual systems and devices to ensure that they are configured securely. For example, an IT administrator may use the CIS benchmarks to configure a web server or database server in accordance with best practices. This can help to prevent common security issues such as unauthorized access, data breaches, and malware infections.

At the operational level, the CIS benchmarks can be used to establish policies and procedures that govern how systems and devices are configured and maintained. This can help to ensure that all systems are configured consistently and securely across an organization. 

In summary, the CIS benchmarks can be applied at both the tactical and operational levels to improve security posture and reduce the risk of security breaches. The benchmarks provide a set of best practices that can be customized to meet specific security needs and can be applied to individual systems and broader organizational policies and procedures.

One of the main tools provided by CIS is the CIS-CAT Pro tool, which can scan and assess systems against the CIS benchmarks and generate reports on areas of non-compliance. The tool can also guide how to remediate any issues found and bring systems into compliance with the benchmarks.

In addition to CIS-CAT Pro, other tools and scripts can help automate system hardening based on the CIS benchmarks. These tools can help to streamline the process of implementing security controls and settings recommended by the benchmarks, reducing the potential for human error, and saving time and resources.

Automating system hardening using the CIS benchmarks can help to ensure that security controls and configurations are consistently applied across all systems and networks, reducing the potential for security vulnerabilities and improving overall security posture.

Reducing the attack surface is an essential goal of system hardening, and the CIS benchmarks can be a valuable tool for achieving this goal if cross-referenced by MITRE. Starting with Identifying the systems and applications that are most critical to your business and prioritizing them for hardening based on their level of risk. It’s important to remember that system hardening is an ongoing process. You should regularly review and update your security controls and settings to address new threats and vulnerabilities as they emerge.  So, create your security baseline first to reduce the attack surface.

Both MITRE and CIS are related to finding controls in the sense that they provide guidance on the controls that organizations can implement to enhance their security. MITRE’s ATT&CK framework can help organizations identify the techniques that attackers might use and provide guidance on the controls that can be implemented to prevent those attacks. Similarly, the CIS Controls provide a prioritized list of actions that organizations can take to improve their security posture. It is possible to use both MITRE and CIS benchmarks at the same time; Our approach for implementing holistic controls for our customers is that incorporate both frameworks, and that is what we do as consultants @ Securitybricks.

MITRE’s ATT&CK framework provides a comprehensive view of adversaries’ tactics and techniques to attack systems and networks. It provides a framework for understanding the different stages of an attack and the techniques that are commonly used at each stage. The framework can help organizations identify gaps in their defenses and prioritize their security investments to address the most critical risks.

The CIS benchmarks, on the other hand, provide prescriptive guidance on how to secure individual systems and devices. They provide a set of best practices for configuring systems to reduce the risk of common security issues such as unauthorized access, data breaches, and malware infections.

To implement a holistic set of controls that incorporates both MITRE and CIS frameworks, we use the MITRE framework to identify the tactics and techniques most relevant to their specific environment. We then use the CIS benchmarks to implement best practices for securing individual systems and devices in a way that addresses those specific risks.