All Content Enabling Endpoint and Network Security with the SANS 20 Critical Security Controls

Enabling Endpoint and Network Security with the SANS 20 Critical Security Controls

Expanding complexity and reach of threats Global infrastructure • Cyber-terrorism, morphing and complex threats Regional networks • AI (learn) hacking • XSS, SQL Injection attacks Multiple networks Individual networks Individual computers • Modern • Security computers • Espionage • Worms • Financial gain • Trojans • Homeland security threats • DOS / DDOS • Delivery via Web 2.0 and social networking sites • Physical again (portable media) • Firewall 101 • Individual • Internet • Watering-hole attacks • TSRs • Ransomware • Viruses • System-hopping malware 1980 1990 2000 2014 Figure 2. The expanding complexity and reach of threats Growing threats Meanwhile, threats continue to grow in both number and sophistication. For example, 280 million malicious programs, 134 million web-borne infections and 24 million malicious URLs were detected — all in just one month.5 Moreover, the complexity and range of those threats has morphed from “simple” viruses and worms to full-fledged cyber-terrorism and other attacks using sophisticated tactics such as SQL injection (see Figure 2). Limited IT staff and budget Finally, despite these growing pressures on endpoint protection, IT staff and budgets grow marginally or not at all (see Figure 3), making it difficult to keep your environment protected. For instance, StatCounter found that more than 16 percent of PCs worldwide still have Windows XP installed even though Microsoft’s support has already ended — a clear security and compliance risk. Part of the problem is that day-to-day IT operations costs are so high: an IDC white paper sponsored by Dell found that the average deployment cost per PC is $615, and WIPRO pegged the annual cost of supporting a laptop at $969 (assuming a five-year refresh rate). Such costs can quickly erode whatever budgets IT organizations have. 72% 212 billion $546 of IT budget spent on maintenance 1 devices by 2020 2 annual IT labor cost of PCs after deployment 3 2.1% average growth of IT budgets in 20144 Figure 3. IT departments today must do more with less. “How to balance maintenance and IT innovation,” Computerworld, Oct. 21, 2013. ”Rethinking IT Asset Management in the Age of the Internet of Things,” IDC, March 2014. 3 “Desktop Total Cost of Ownership: 2013 Update,” Gartner. 4 “Worldwide IT Spending Forecast, 2Q14 Update,” Gartner. 5 Kaspersky Threat Report, April 2012. 1 2 Share: 3 The complexity and range of threats has morphed from “simple” viruses and worms to fullfledged cyberterrorism and other attacks using sophisticated tactics such as SQL injection. AP Twitter feed hacked. In concert with a global consortium of agencies and experts from private industry, the SANS Institute created a list of 20 actionable controls with high payoff. Colossal malware attacks strike Staples corporate systems. Lost, unencrypted USB thumb drive impacts 50K Medicaid providers. 46% $49,246 $194 of lost laptops contain confidential data.1 average value of a lost laptop. >80% is due to data breaches.1 average cost per compromised record.2 1 out of 10 45% 80,000+ 37% $222 laptops are lost or stolen over the lifetime of the device.1 of organizations do not enforce employees’ use of private clouds.3 new malware variants created every day.4 of data breach cases involved malicious attacks.2 average cost per compromised record due to malicious attacks.2 Figure 4. Protecting your environment has never been more important. “The Billion Dollar Lost Laptop Problem,” Ponemon Institute, Sponsored by Intel, October 2010. 2 “2011 Cost of Data Breach Study,” Ponemon Institute, Sponsored by Symantec, March 2012. 3 “2013 State of the Endpoint,” Ponemon Institute, December 2012. 4 Panda Labs Q1 2012 Internet Threat Report. 1 Protecting your environment has never been more important Understanding the importance of mastering these challenges and protecting your environment requires only glancing at the headlines. Organizations are breached every day by attacks on their networks and also in other ways, such as theft of laptops containing confidential data (see Figure 4). As a result, organizations lose not only valuable intellectual property but also the customer trust that is the foundation of any business. Since these controls were derived from the most common attack patterns and vetted across a broad international community of governments and industries, with very strong consensus on the resulting set of controls, they serve as the basis for immediate, highvalue action. The 20 Critical Security Controls, as detailed in “The Critical Security Controls for Effective Cyber Defense, Version 5.0,” are: 1. Inventory of authorized and unauthorized devices Endpoint protection through the SANS 20 Critical Security Controls 2. Inventory of authorized and unauthorized software A set of controls to guide highvalue action 3. Secure configurations for hardware and software How, then, can organizations best protect their IT environments? In 2008, the National Security Agency (NSA) asked the same question, and began assessing which controls have the greatest impact in improving risk posture against real-world threats. In concert with a global consortium of agencies and experts from private industry, the SANS Institute created a list of 20 actionable controls with high payoff. 4. Continuous vulnerability assessment and remediation Share: 4 Massive attack: LivingSocial loses 50M passwords. 5. Malware defenses 6. Application software security 7. Wireless access control 8. Data recovery capability 9. Security skills assessment and appropriate training to fill gaps
Please complete the form to gain access to this content
Access Now

Related Resources

Choosing the Right Deduplication Solution for Your Organization

Governance, Risk and Compliance for the Real World Part 1: Understanding GRC

THE REAL WORLD OF THE DATABASE ADMINISTRATOR

The Essential DBA Playbook for Optimized SQL Server Management
© 2024 Infotechcrowd. All rights reserved. Privacy Policy | Cookies Policy | Advertise with us