ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 32
CONTROL 13
13 - Network Monitoring and Defense
Safeguards Total
11
IG1
0/11
IG2
6/11
IG3 11/11
Operate processes and tooling to establish and maintain comprehensive
network monitoring and defense against security threats across the
enterprise’s network infrastructure and user base.
Why Is This CIS Control Critical?
We cannot rely on network defenses to be
perfect. Adversaries continue to evolve and
mature, as they share, or sell, information
among their community on exploits and
bypasses to security controls. Even if
security tools work “as advertised,” it takes
an understanding of the enterprise risk
posture to configure, tune, and log them
to be effective. Often, misconfigurations
due to human error or lack of knowledge
of tool capabilities give enterprises a false
sense of security.
Security tools can only be effective if they
are supporting a process of continuous
THE SAFEGUARDS
13.1 Centralise Security Event
Alerting
Network
Detect
13.2 Deploy a Host-Based Intrusion
Detection Solution
Devices
Detect
13.3 Deploy a Network Intrusion
Detection Solution
Network
Detect
13.4 Perform Traffic Filtering
Between Network Segments
monitoring that allows staff the ability
to be alerted and respond to security
incidents quickly. Enterprises that adopt
a purely technology-driven approach will
also experience more false positives, due
to their over-reliance on alerts from tools.
Identifying and responding to these threats
requires visibility into all threat vectors of
the infrastructure and leveraging humans
in the process of detection, analysis, and
response. It is critical for large or heavily
targeted enterprises to have a security
operations capability to prevent, detect,
and quickly respond to cyber threats
before they can impact the enterprise.
Network
Protect
13.5 Manage Access Control for
Remote Assets
Devices
Protect
13.6 Collect Network Traffic Flow
Logs
Network
Detect
13.7 Deploy a Host-Based Intrusion
Prevention Solution
Devices
Protect
13.8 Deploy a Network Intrusion
Prevention Solution
Network
Protect
13.9 Deploy Port-Level Access
Control
Devices
Protect
13.10 Perform Application Layer
Filtering
Network
Protect
13.11 Tune Security Event Alerting
Thresholds
Network
Detect
32
Did You Know?
In the first half of 2019, 4.1 billion data records were compromised from 3,800 publicly
disclosed data breaches. The reputational damage from a data leak can often be the most
costly part of all, greatly increasing the risk of a business shutting down after a breach.
1
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
