WIXLIB

A Trend Micro Whitepaper I July 2017Addressing the SANS Top 20 Critical SecurityControls for Effective Cyber DefenseHow Trend Micro Deep Security Can Help:A Mapping to the SANS Top 20 Critical Security Controls» Addressing the SANS Top 20 Critical Security Controls can be a daunting task. With a broadrange of security controls, Trend Micro Deep Security can help organizations streamline thesecurity of servers across hybrid cloud deployments.

INTRODUCTIONIn the face of increasing reports of data losses, ransomware attacks like WannaCry& Erebus, intellectual property theft, credit card breaches, and threats to userprivacy, organizations today are faced with an increasing pressure to ensure thattheir corporate and user data remains secure. They are also obligated to addresscompliance with a wide range of industry regulations and laws, making itchallenging to understand how best to approach the problem. Finally, with theadvent of widespread cloud usage and the shifting to a shared securityresponsibility model for cloud workloads, organizations are forced to applysecurity in new ways that often don’t fit with traditional approaches.CRITICAL CONTROLS FOR EFFECTIVE CYBER DEFENSE“ the Center for Internet Security’sCritical Security Controls identify aminimum level of informationsecurity that all organizations thatcollect or maintain personalinformation should meet. Thefailure to implement all the Controlsthat apply to an organization’senvironment constitutes a lack ofreasonable security.”California Attorney General,California Dept. of Justice,California Data Breach Report, Feb. 201689%of breaches had a financial orespionage motive-------------------3,141Confirmed data breachesacross 82 countriesSource: Verizon 2016 Data BreachInvestigations ReportIn order to help, the SANS Institute, working in concert with the Center forInternet Security (CIS), has created a comprehensive security framework—the Critical Security Controls (CSC) for Effective Cyber Defense (often referredto as the SANS Top 20)1—that provides organizations with a prioritized, highlyfocused set of actions that are implementable, usable, scalable, andcompliant with global industry & government security requirements. Theserecommended security controls also serve as the foundation for manyregulations & compliance frameworks, including NIST 800-53, PCI DSS, ISO27002, CSA, FedRAMP, HIPAA, Europe’s GDPR, and many others2.There are several reasons that businesses, regulatory bodies andgovernments have embraced the Top 20 CSC as the foundation for securitystrategies and frameworks: Implementation of the controls can reduce the potential impact of knownhigh risk attacks as well as attacks expected in the future. The controls are comprehensive and address the most important areas ofconcern. The controls were generated by experts in both the federal governmentand private industry. The controls are well written, approachable and make common securityrequirements easy to understand and implement.HOW TREND MICRO DEEP SECURITY CAN HELPAs organizations implement a security framework like the SANS Top 20 Critical Security Controls to addresstheir needs, Trend Micro Deep Security can play a significant role in addressing many of the criticalrequirements. Delivered from the market leader in server security3, Deep Security streamlines operationsthrough its ability to secure workloads across physical, virtual, cloud, & container environments. Available as1The CIS Critical Security Controls for Effective Cyber Defense Version 6.0. October 2015Mapping to the CIS Critical Security Controls. January 20163 Worldwide Endpoint Security Market Share, IDC #US418671162Page 2 of 7 Trend Micro WhitepaperAddressing the SANS TOP 20 Critical Security Controls for Effective Cyber Defense

software, service (PCI DSS Level 1 certified), or via the AWS and Azure marketplaces, it can help organizationsstreamline the purchasing and implementation of the essential security elements recommended by the CIS.With proven API-level integration with VMware, AWS, and Azure, Deep Security provides full visibility acrossthe hybrid cloud, and includes the ability to automate security aligned with DevOps approaches.Trend Micro Deep Security is a host-based security control product that secures millions of servers acrossthousands of customers around the world. It includes a cross-generational blend of security controls forprotecting server & container workloads, including: Network security enabling virtual patching, network attackprevention, and lateral movement prevention through IntrusionDetection & Protection (IDS/IPS) and a host-based firewall Malware prevention with anti-malware & content filtering,behavioral analysis, and network sandbox integration to protectvulnerable systems from the latest in threats, including ransmoware. System security through application control, integrity monitoring &log inspection, enabling the lock-down of systems, discovery ofunplanned or malicious changes to registry and key system files, aswell as discovering anomalies in critical log files.With these controls, Deep Security can help organizations: Defend against threats & protect against vulnerabilities, using proven IPS to instantly shieldvulnerable applications and servers with a ‘virtual patch’ until it can be patched Keep malware of workloads, ensuring that servers and applications are protected and unusualbehavior from attacks like ransomware are neutralized Lock down servers, making sure that only authorized applications can run Identify suspicious changes on servers, including flagging things like registry settings, system folders,and application files that shouldn’t change—when they do Accelerate compliance with key frameworks like the SANS/CIS Critical Security Controls, as well askey regulations like PCI DSS and HIPAA, delivering multiple security controls, central control, and easyreporting in a single product.At a summary level, Deep Security can help with 10 of 20 of the Top 20 Critical Security Controls:Page 3 of 7 Trend Micro WhitepaperAddressing the SANS TOP 20 Critical Security Controls for Effective Cyber Defense

MAPPING THE TOP 20 CRITICAL SECURITY CONTROLSThe table below provides a high-level mapping of Deep Security’s security controls to the SANS/CIS Top 20 Critical Security Controls. It also providescommentary on where cloud service providers (CSPs) like AWS, Microsoft Azure, and others have a role to play.CIS CRITICAL SECURITY CONTROL1. Inventory of Authorized & Unauthorized Devices: Actively manage(inventory, track & correct) all hardware devices on the network so thatonly authorized devices are given access, and unauthorized &unmanaged devices are found and prevented from gaining access.2. Inventory of Authorized & Unauthorized Software: Actively manage(inventory, track & correct) all software on the network so that onlyauthorized software is installed and can execute, and that unauthorized& unmanaged software is found and prevented from installation orexecution.CLOUD SERVICE PROVIDERROLEWill typically be able to generateasset lists via an APINo controlsAPPLICATION OF SECURITY CONTROLSOrganizations should implement & enforce: Change management Source control Restrict access to APIs Automated server discovery across physical,virtual, & cloudOrganizations should implement & enforce: Change management Source control Application control (whitelisting) Integrity monitoring3. Secure Configurations for Hardware & Software on Mobile Devices,Laptops, Workstations, & Servers: Establish, implement, and activelymanage (track, report on, correct) the security configuration of laptops,servers, workstations using a rigorous configuration management andchange control process in order to prevent attackers from exploitingvulnerable services and settings.Change control of the IaaS layerOrganizations should implement & enforce: Change management Source control Application control (whitelisting) Integrity monitoring4. Continuous Vulnerability Assessment & Remediation: Continuouslyacquire, assess, and take action on new information in order to identifyvulnerabilities, remediate, & minimize the window of opportunity forattackers.They provide: Routing tables Network access control lists Security groupsOrganizations should implement & enforce: Scans as part of deployment Intrusion prevention (IPS) Strong patch managementPage 4 of 7 Trend Micro WhitepaperAddressing the SANS TOP 20 Critical Security Controls for Effective Cyber Defense

CIS CRITICAL SECURITY CONTROLCLOUD SERVICE PROVIDERROLE5. Controlled Use of Administrative Privileges: The processes and toolsused to track/control/prevent/correct the use, assignment, andconfiguration of administrative privileges on computers, networks, andapplications.They provide: IAM (Identity & AccessManagement) Granular policy support6. Maintenance, Monitoring, & Analysis of Audit Logs: Collect, manage,and analyze audit logs of events that could help detect, understand, orrecover from an attack.They provide: Storage Logging at the IaaS level Netflow logsAPPLICATION OF SECURITY CONTROLSOrganizations should implement & enforce: Principle of least privilege Regular review of accessOrganizations should implement & enforce: Centralized logging SIEM (Deep Security supports the leaders, including HP ArcSight, IBM QRadar, & Splunk)Log inspectionNo controlsOrganizations should implement & enforce: Regular endpoint patching Anti-malware w/behavioral analysis Web reputation services Intrusion prevention (IPS)No controlsOrganizations should implement & enforce: Change management Anti-malware w/behavioral analysis Sandbox integration Integrity monitoring Web reputation servicesThey provide: Security groupsOrganizations should implement & enforce: Application control Secure OS configuration Intrusion prevention (IPS) Firewall10. Data Recovery Capability: The processes and tools used to properlyback up critical information with a proven methodology for timelyrecovery of it.They provide: Snapshots for workloads Snapshots for databases Simple high availabilityOrganizations should implement & enforce: Regular automated snapshots Test restoration11. Secure Configurations for Network Devices: Establish, implement,and actively manage (track, report on, correct) the security configurationof network infrastructure devices using a rigorous configurationmanagement and change control process.They implement & enforce: Configuration of networkfabric Separation of virtual privatecloudsOrganizations should implement & enforce: Route tables Network access control lists Security groups7. Email and Web Browser Protections: Minimize the attack surface andthe opportunities for attackers to manipulate human behavior throughtheir interaction with web browsers & email systems.8. Malware Defenses: Control the installation, spread, and execution ofmalicious code at multiple points in the enterprise, while optimizing theuse of automation to enable rapid updating of defense, data gathering,& corrective action.9. Limitation and Control of Network Ports, Protocols, and Services:Manage (track/control/ correct) the ongoing operational use of ports,protocols, and services on networked devices in order to minimizewindows of vulnerability available to attackers.Page 5 of 7 Trend Micro WhitepaperAddressing the SANS TOP 20 Critical Security Controls for Effective Cyber Defense