Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

CIS Controls  

The CIS Critical Security Controls Explained - Control 4: Controlled Use of Administrative Privilege

The ultimate goal of an information security program is to reduce risk. Often, hidden risks run amok in organizations that just aren't thinking about risk in the right way. Control 4 of the CIS Critical Security Controls can be contentious, can cause bad feelings, and…

The CIS Critical Security Controls Explained - Control 3: Continuous Vulnerability Management

Welcome to the third blog post on the CIS Critical Security Controls! This week, I will be walking you through the third Critical Control: Continuous Vulnerability Management. Specifically, we will be looking at why vulnerability management and remediation is important for your overall security maturity,…

The CIS Critical Security Controls Explained - Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Stop No. 5 on our tour of the CIS Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls) deals with Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. This is great timing with the announcement of…

The CIS Critical Security Controls Explained - Control 1: Inventory and Control of Hardware Assets

The Rapid7 Security Advisory Service relies heavily on the CIS top 20 critical controls as a framework for security program analysis because they are universally applicable to information security and IT governance. Correct implementation of all 20 of the critical controls greatly reduces security risk,…

The CIS Critical Security Controls Explained - Control 2: Inventory and Control of Software Assets

As I mentioned in our last post, the 20 critical controls are divided into Basic, Foundational, and Organizational families in order to simplify analysis and implementation. This also allows partial implementation of the controls by security program developers who aren't building a program from scratch,…

Using CIS Controls To Stop Your Network From Falling in With the Wrong Crowd

Earlier this month Kyle Flaherty wrote a post on the Rapid7 Community Blog about how Rapid7 came out on top for coverage of the Center for Internet Security (CIS) Top 20 Security Controls. In light of recent DDoS events I'd like to take a little…

Rapid7 On Top in SANS Top 20 Critical Security Controls

Being great is, well… great, right? But as we all know it doesn't happen in a vacuum, it's an equation: Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships Coincidentally (or not), these items make up three of the five core values we strive towards here at…

Use DHCP Discovery to Implement Critical Security Control 1

The number one critical security control from the Center for Internet Security recommends actively managing all hardware devices on the network:CSC 1: Inventory of Authorized and Unauthorized Devices Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized…

Top 3 Takeaways from the "Simplify Controls: How to Align Security Controls to Reduce Risk to Your Business" Webcast

This week we heard from Bill Bradley, Product Marketing Manager at Rapid7, about the far reaching implications of security controls. Each organization (SANS and the Australian Signals Directorate to name a couple) that highlights recommended controls promotes a slightly different twist on the weighting and…

How ControlsInsight aligns to SANS 20 Critical Security Controls

During the development of ControlsInsight, we selected the first set of controls based on input from Rapid7 experts with extensive experience in attacker methodology (like HD Moore and our co-founders Tas Giakouminakis and Chad Loder) combined with industry best practices for risk mitigation. One of…