During the development of ControlsInsight, we selected the first set of controls based on input from Rapid7 experts with extensive experience in attacker methodology (like HD Moore and our co-founders Tas Giakouminakis and Chad Loder) combined with industry best practices for risk mitigation. One of the best practices we used was the SANS 20 Critical Security Controls, which helps organization focus efforts on security controls that would have the greatest impact in improving risk posture against real-world threats. According to the US State Department, organizations can achieve more than 94% risk reduction through the rigorous automation and measurement of the Top 20 Controls. ControlsInsight takes a similar approach to security - the solution prioritizes controls deployment based on effectiveness at defending against threats, giving you an action plan to address the most significant risks across your organization.

With ControlsInsight, you can automatically monitor the following critical security controls:

SANS Top 20 Controls ControlsInsight Why This Control is Critical
3-2 Implement automated patching tools and processes
  • Operating systems up-to-date
  • Browsers up-to-date
  • High-risk applications up-to-date
Cybercriminals often use known exploits to hack into systems that have not been patched. According to the Verizon 2013 Data Breach Investigations Report, 75% of attacks are opportunistic, meaning the victim was targeted because they exhibited a weakness the attacker knew how to exploit.
5-1 Continuously monitor for active, up-to-date anti-malware protection
  • Anti-virus optimized (installed, enabled and DAT file up-to-date)
While anti-virus software has its limitations, it can help defend against threats by attempting to detect malware and block its execution.
5-2 Verify that each system has received its malware signature update
  • Anti-virus optimized (installed, enabled and DAT file up-to-date)
"Trust but verify" - it's important to check that the latest malware signature has been successfully deployed and applied to each system.
5-3 Configure workstations so that they will not auto-run content from USB thumb drives
  • USB access blocked
Attackers have been known to infect networks by dropping USB thumb drives containing malicious code on-site for unwitting users to pick up.
5-5 Scan and block all e-mail attachments including e-mail and web content filtering
  • Email client attachment filtering enabled
  • Third party URL filtering enabled
Email phishing is a common method used by attackers to gain access to a network, who employ clever tactics to trick users into clicking on attachments.
5-7 Deploy features and toolkits such as DEP and EMET
  • Code execution prevention deployed (EMET installed, ASLR, DEP and SEHOP enabled)
These mitigation features prevent malicious code execution and limits the potential damage from both existing exploits and future zero-day exploits.
11-2 Apply host-based firewalls or port filtering tools on end systems
  • Windows firewall enabled
Workstation firewalls configured to deny traffic by default unless explicitly allowed can protect against malicious or unauthorized network traffic.
12-3 Configure all administrative passwords to be complex
  • Strong local password policy enabled
According to the Verizon 2013 Data Breach Investigations Report, 76% of network intrusions exploit weak or stolen credentials.
12-4 Configure all administrative-level accounts to require regular password changes
  • Strong local password policy enabled
See 12-3
12-9 Administrative accounts should never be shared
  • Unique administrator password
Ensuring unique passwords limits the impact if a single set of credentials are compromised by stopping attackers from propagating across the network.
12-10 Configure OS so that passwords cannot be re-used within a certain timeframe
  • Strong local password policy enabled
See 12-3
13-1 Deny communications with known malicious IP addresses
  • URL reputation scanning enabled
  • Third party URL filtering enabled
Attackers focus on exploiting systems that they can reach across the Internet, including devices that pull content from the Internet through network boundaries.

To learn more about the SANS Top 20 Controls and how you can use them to build an effective security program, watch the joint webcast by Rapid7 and SANS here: Take Control! 7 Steps to Prioritize Your Security Program