Rapid7 ControlsInsight helps organizations measure how well critical security controls are deployed and configured across endpoints. ControlsInsight then provides actionable and prioritized recommendations on how to improve your organization's security. Currently, our intelligent threat model analyzes 11 important security controls:
- Antivirus optimized
- Code execution prevention
- Email attachment filtering enabled
- Hardened local password
- Hardened web browsers
- High-risk applications up-to-date
- Operating systems up to date
- USB access restricted
- User Account Control enabled
- Web browsers up-to-date
- Windows Firewall enabled
These controls can be seen by clicking the Controls Settings link under the Management tab. Each of these security controls plays a very crucial role in the protection of the asset and your organization against security breach.
With the release of ControlsInsight 2.2, users can now select only those security controls specific to their environment or relevant to their assessment at that point to include in the risk score calculation. Each time a set of security controls is modified and saved, a reassessment is performed in the background pertaining to the new controls, a new grade is displayed in the threats page and the corresponding grade changes can be observed in the trending chart. The threats page displays only the new configuration selected and the reports generated also reflect only the new configuration. This feature offers a great level of flexibility to the users and it helps in prioritizing their evaluation of their environment by creating their own configuration.
The screen shot below shows all 11 security controls enabled by default.
The screen shot below shows an overall score of 5 with all 11 of the security controls enabled.
Now if the user feels the security controls Email client attachment filtering enabled, Hardened local password and Web browsers up-to-date are irrelevant to the assets that are being assessed or the user just wants to observe the overall grade in the absence of these controls, they are able to disable these controls and save the new configuration.
The screenshot below shows these 3 controls disabled.
The screen shot below shows the new grade change to 6 for the new configuration.
We hope this capability will help you to more accurately analyze the security posture of your organization. Have other ideas about how ControlsInsight can better meet your needs? Tell us about it in the comments or start a discussion.