BASED ON SANS 20 CRITICAL SECURITY CONTROLSRemediation activity generally falls into hardware, software, and larger systems/architectural improvements/fixes. A key ingredient in identifying the need for remediation is the CYBERSALUS Cyber Security Operations Center (CSOC). Vulnerabilities identified during monitoring and incident response activities of the CSOC require remediation.
A key feature of CYBERSALUS’ remediation capability is its Cyber Fire Brigade Reaction Teams who are available to immediately resolve vulnerability crises. This capability is available to quickly solve urgent problems which may arise from malicious attacks on computer systems and networks.
CYBERSALUS provides technical remediation to include hardware and software changes using state-of-the-art technical tools. We also offer non-technical remediation such as training courses, policy compliance and assist in modifying the organizational culture through formal programs.
CYBERSALUS can provide cyber architects to address System/Enterprise architectural gaps. In today’s cyber threat environment organizations must have a configuration management process, specifically a Configuration Control Board process which validates the set of solutions to resolve these gaps. This work is not the core mission of most organizations. Therefore, CYBERSALUS is ready to provide a complete set of supporting staff with the expertise to address these critical requirements.
CYBERSALUS remediation activities use SANS 20 Critical Security Controls as a guideline. SANS 20 Critical Security Controls are embedded in National Institute of Standards and Technology (NIST) publications for Federal government compliance and various laws for commercial entities. Thus the various hardware, software, and system remediations normally fall into one or more of these Critical Security Control areas.
Each of these areas of system critical controls has a substructure of possible actions. The complete structure of controls will be compared to an assessment report, revealing actions that need to be taken. A client can pick and choose which actions they want to take internally, which they want CYBERSALUS to perform, and which actions they can’t afford at this time i.e. will postpone. The risks, threats, and potential impacts must be clearly identified in order to judge the risk of postponement.
CRITICAL CONTROLSCritical Control 1: Our remediation of Inventory of Authorized and Unauthorized Devices
Critical Control 2: Inventory of Authorized and Unauthorized Software
Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Critical Control 4: Continuous Vulnerability Assessment and Remediation
Critical Control 5: Account Monitoring and Control and Data Loss Prevention
Other Critical Control areas are: Malware Defenses, Application Software Security, Wireless Device Control, Data Recovery Capability, Security Skills Assessment and Appropriate Training to Fill Gaps, Secure Configurations for Network Devices - Firewalls, Routers, Switches, Limitation and Control of Network Ports, Protocols/Services, Controlled Use of Administrative Privileges, Boundary Defense, and/or Maintenance/Monitoring/Analysis of Audit Logs. Also possibly included are Controlled Access Based on the Need to Know, Incident Response and Management, Secure Network Engineering, and/or Penetration Tests and Red Team Exercises. Each of these areas also has multiple sub-factors.
These are all areas that may be called out in recommendations from an assessment or actions recommended as a result of operations monitoring and incident handling.
“We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure.”
Former NSA Director and CIA Director Michael Hayden