The Center for Internet Security (CIS) provides a set of Critical Security Controls (CSC) that help organizations in improving their cyber defense. These controls are the recommended practices for thwarting prevalent attacks and focus on the most fundamental and valuable actions that every enterprise should take. Accomplishment of these controls would be the starting point for every enterprise seeking cyber security. Endpoint Central MSP helps you in improving the security posture of your organization by facilitating the implementation of these controls.
Requirement | Requirement Description | How Desktop Central fulfills it? |
---|---|---|
1.1 |
Utilize an active discovery tool to identify devices connected to the organization’s network and update the hardware asset inventory. |
Endpoint Central MSP scans the desktops and mobile devices in your network and collects the hardware details. Using Endpoint Central MSP's Inventory Management, you can schedule a scan for actively tracking hardware assets and E-mail alerts can be configured to notify when a hardware device is either added or removed. |
1.4 |
Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization’s network or not. |
Endpoint Central MSP maintains inventory details in the database and assets can be accessed even if it is not connected to the network. |
1.6 |
Ensure that unauthorized assets are either removed from the network, quarantined or the inventory is updated in a timely manner. |
With the help of Endpoint Central MSP, the access to shared printer in a network can be narrowed to authorized users. Endpoint Central MSP's Secure USB configuration enables IT admins to restrict the usage of unauthorized external devices from Windows machines. |
2.3 |
Utilize software inventory tools throughout the organization to automate the documentation of all software on business systems. |
Endpoint Central MSP scans the desktops and mobile devices in your network and collects the software details. Using Endpoint Central MSP's Inventory Management, you can schedule a scan for actively tracking hardware assets and E-mail alerts can be configured to notify when a hardware device is either added or removed. |
2.4 |
The software inventory system should track the name, version, publisher, and install date for all software, including operating systems authorized by the organization. |
Endpoint Central MSP's Inventory Management lists software details such as name, version, publisher and the installation date for all software applications and operating systems, authorized by the organization. |
2.5 |
The software inventory system should be tied into the hardware asset inventory so all devices and associated software are tracked from a single location. |
With the help of Endpoint Central MSP, an IT admin can acquire comprehensive data on all the hardware and software details in a network. For every managed computer, Endpoint Central MSP lists the entire inventory data pertaining to that particular computer. |
2.6 |
Ensure that unauthorized software is either removed or the inventory is updated in a timely manner. |
Blacklisted applications can be prohibited from being installed and executed in a network using Inventory Management's Application Control features namely, Prohibited Software and Block Executables. Inventory alerts will be triggered when a prohibited software in detected in the network. Upon detection, Endpoint Central MSP helps you in uninstalling the application automatically. |
2.10
|
Physically or logically segregated systems should be used to isolate and run software that is required for business operations but incur higher risk for the organization. |
Endpoint Central MSP provides the privilege of excluding the prohibition of a software application for selective computers or custom groups. |
3.2 |
Perform authenticated vulnerability scanning with agents running locally on each system or with remote scanners that are configured with elevated rights on the system being tested. |
Endpoint Central MSP periodically performs vulnerability scanning on all managed computers with the help of agent installed in client computers of all 3 major flavors of Operating System (Windows, Mac & Linux). |
3.4 |
Deploy automated software update tools in order to ensure that the operating systems are running the most recent security updates provided by the software vendor. |
Endpoint Central MSP periodically scans the systems in your organizations for missing patches by OS. Endpoint Central MSP's Automated Patch Deployment (APD) empowers the IT admins with the ability to deploy the missing patches automatically without any user intervention. |
3.5 |
Deploy automated software update tools in order to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor. |
Apart from identifying the missing patches for native applications, Endpoint Central MSP identifies missing patches for third party applications as well. These missing patches are installed depending on the system health - healthy, vulnerable and highly vulnerable. An IT admin has the privilege for defining the system health policy. Endpoint Central MSP's Automated Patch Deployment (APD) empowers the IT admins with the ability to deploy the missing patches automatically without any user intervention. |
4.2 |
Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts. |
The User Management configuration of Endpoint Central MSP allows an IT admin to change a password and configure password settings for the end users. Apart from this, a Windows user account can be added, removed or modified. |
5.2 |
Maintain secure images or templates for all systems in the enterprise based on the organization’s approved configuration standards. |
Endpoint Central MSP's OS Imaging and Deployment creates and deploys secure images to the Windows machines in the network. |
7.4 |
Enforce network-based URL filters that limit a system’s ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization’s systems, whether they are physically at an organization’s facilities or not. |
The Browser configuration of Endpoint Central MSP aids IT admin in filtering the sites based on trust and the imposed restrictions. Windows Defender for smartscreen, files and sites can be enabled as well. |
8.2 |
Ensure that the organization’s anti-malware software updates its scanning engine and signature database on a regular basis. |
Endpoint Central MSP's Patch Management provides regular antivirus updates for prominent anti-malware software applications. Amongst all the different kinds of data fetched during an asset scan, the antivirus status of Windows machines is fetched as well. |
9.1 |
Associate active ports, services and protocols to the hardware assets in the asset inventory. |
Endpoint Central MSP's System Manager aids an IT admin in performing actions such as start/stop of a service, remotely. This, in addition to the services, lists all the running processes that can be viewed, managed and killed, remotely. |
9.2 |
Apply host-based firewalls or port filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed. |
Firewall configuration of Endpoint Central MSP helps you in the creation of rules for either restricting or enabling ports, protocols and services in Windows machines. |
15.4 |
Disable wireless access on devices that do not have a business purpose for wireless access. |
Endpoint Central MSP's WiFi configuration helps is enabling/disabling of wireless adapter in Windows machines seamlessly. |
16.6 |
Maintain an inventory of all accounts organized by authentication system. |
Reports for recently created/modified user accounts/computers, active/inactive & expired/ not expired user accounts, unused accounts, recently logged on accounts and last logon failed accounts can be exported for audit purposes. |
18.3 |
Verify that the version of all software acquired from outside your organization is still supported by the developer or appropriately hardened based on developer security recommendations. |
While adding the license of a software application to be managed, Endpoint Central MSP provides an option to manage the license of all the version of that particular software. The software inventory details list all the versions of software applications in the managed computers. |