Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

CIS Controls  

CIS Critical Security Control 20: Measure Your Security Standing with Penetration Tests and Red Team Exercises

Protecting yourself from threats requires consistently asking yourself whether your security program is working as designed. Critical Control 20 covers pen tests and Red Team exercises.…

CIS Critical Security Control 19: Steps for Crafting an Efficient Incident Response and Management Strategy

An effective incident response plan helps you quickly discover attacks, contain the damage, eradicate the attacker's presence, and restore the integrity of your network and systems.…

CIS Critical Security Control 18: Breaking Down the Control Chaos of Application Software Security

Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.…

CIS Critical Security Control 17: Some Assembly Required for Your Security Awareness and Training Program

Developing out a new security program but neglecting to train your employees on it is like shipping out this year’s hottest product but forgetting to stash the instruction manual in the box. The key principle behind CIS Critical Control 17 is implementing a security awareness and training program.…

Critical Control 16: Account Monitoring and Control (ain’t nobody got time for that!)

This is a continuation of our CIS critical security controls blog series, which provides educational information regarding the control of focus as well as tips and tricks for consideration. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls.…

CIS Critical Security Control 15 Explained: Wireless Access Control – Are You Really Managing Your WiFi?

This is a continuation of our CIS critical security controls blog series. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Decades ago, your network was a collection of routers, firewalls, switches, wall ports, and what seemed like…

CIS Critical Control 14 Explained: Controlled Access Based on the Need to Know

This is a continuation of our CIS critical security controls blog series. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Let’s start with some simple, yet often unasked questions. Do you know what critical assets—information…

CIS Critical Security Control 13: Data Protection Explained

This is a continuation of our CIS critical security controls blog series. Data protection is one of the cornerstones of a solid security program, and it is a critical function of the CIA Triad of Confidentiality, Integrity, and Availability. Data protection, as characterized by Critical…

CIS Critical Control 12: Boundary Defense Explained

This blog is a continuation of our blog series on the CIS Critical Controls. Key Principle: Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data. What Is It? Boundary defense is control 12 of the…

CIS Critical Control 11: Secure Configurations for Network Devices

This blog is a continuation of our blog series on the CIS Critical Controls. We’ve now passed the halfway point in the CIS Critical Controls. The 11th deals with Secure Configurations for Network Devices. When we say network devices, we’re referring to firewalls,…

CIS Critical Control 10: Data Recovery Capability

hope you enjoyed your stop at Center for Internet Security (CIS) Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services! If you missed the previous stops on this journey, please check out our full blog series on the CIS Top 20 Critical…

CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services

This is a continuation of our CIS Critical Control Series blog series. Need help addressing these controls? See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. If you’ve ever driven on a major metropolitan highway system, you’…

The CIS Critical Controls Explained - Control 7: Email and Web browser protection

This blog is a continuation of our blog post series around the CIS Critical Controls. The biggest threat surface in any organization is its workstations. This is the reason so many of the CIS Critical Security Controls relate to workstation and user-focused endpoint security. It…

The CIS Critical Security Controls Explained - Control 6: Maintenance, Monitoring and Analysis of Audit Logs

In your organizational environment, Audit Logs are your best friend. Seriously. This is the sixth blog of the series based on the CIS Critical Security Controls. I'll be taking you through Control 6: Maintenance, Monitoring and Analysis of Audit Logs, in helping you to understand…

The CIS Critical Security Controls Series

What are the CIS Critical Security Controls? The Center for Internet Security (CIS) Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls), is an industry-leading way to answer your key security question: “How can I be prepared to stop…