Rapid7 ControlsInsight allows organizations to quickly assess the deployment and configuration of 11 critical security controls from one platform; we'd like to take a brief look at these controls to discuss what they are and what they mean to the organization (Or as one of my professors was known to bark out at the end of a less than compelling presentation, "So what?") Previous blogs have looked at unique password, browser up to date, and operating system up to date controls, in this installment we'll take a high level look at three more:
What does it mean: This control is to ensure that an AV tool (currently ControlsInsight supports McAfee, Symantec, Sophos, Trend Micro, Microsoft, and Kaspersky) is installed, enabled, and that the DAT file is current.
Why it is important: Corporations roll out AV to nearly every machine when deploying to new employees or upgrading older machines, on the day you receive your new laptop you have the latest and greatest (or not…I've received “core-load” machines in the past that were out of date when delivered to me), but over time signatures need to be updated or employees intentionally or unintentionally disable the AV leaving the machine and the organization vulnerable. AV is mature and ubiquitous, while it is not perfect, neglecting to deploy and manage leaves a critical opening via the files that enter your organization on a daily basis.
Code execution prevention
What does it mean: This security best practice prevents modification of specific regions of memory on a hard drive by either intentional or unintentional means. There are 4 specific tools that ControlsInsight monitors: ASLR, SEHOP, EMET, and DEP.
Why it is important: Certain portions of a hard drive contain files that rarely need to be modified, this control, when enabled locks down those parts of the machine to prevent malicious activities or unintentional harmful modification of these files.
Email attachment filtering enabled
What does it mean: This control actively prevents users from receiving certain file types that may be high risk to the organization, typically .exe files.
Why it is important: While file attachments are an integral part of email, the key is to allow those that are safe and part of the business activities (.XLS, .PPT, etc) while blocking or severely limiting those that can introduce viruses or other risks (.EXE) into the organization.
As highlighted in last week's blog, each of these controls can be enabled or disabled within your organization to tailor ControlsInsight to you.
Want to try it in your organization? Click here for a trial.