CIS Compliance Tool

In the past few years, there have been numerous examples of how poorly configured systems have paved the way for hackers. These examples have also led to regulatory bodies imposing hefty fines for improper conduct.

Fortunately, there are prescriptive guidelines, provided by the Center for Internet Security (CIS), for establishing a secure baseline configuration for assets to prevent poorly implemented configurations. CIS Benchmarks are the only independent, consensus-based, and industry-accepted guidelines for configuration best practices that have been developed by a global community of cybersecurity professionals and academics from all walks of life and are accepted by governments, businesses, industries, and the wider academic community.

If you want to manually assess all your endpoints, network devices and operating systems within a highly distributed system architecture, it is worth knowing that these benchmarks run about 800 pages on average and make over 300 recommendations within them. With all of these guidelines to comply with a solution that can meet at least ten of these controls can save your engineers many hours from having to manually centralise data.

As a result, The Logit.io platform has become an essential tool in the vulnerability management process for centralising logs, events and traces. Monitor your endpoints for any CIS control violations and make corrective actions in real time by leveraging the Logit.io CIS compliance solution. With Logit.io‘s extensive CIS compliance features, the platform can be used to meet various critical controls including 8.1, 8.2, 8.3, 8.5, 8.6, 8.7, 8.8, 8.9, 8.10, 8.11 and 8.12.

It is generally accepted that there are two types of logs that are treated and configured independently: system logs and audit logs. Typically, system log files provide information on a system-level basis, such as when the system processes started or stopped, and when crashes occurred. This type of logging is native to the system, so it requires less configuration in order to be turned on. Typically, audit logs cover events that occur at the user level, events such as a user logging in or accessing a file. These require a greater amount of planning and effort before they can be set up for analysis.

Having a record of all log entries is crucial for responding to incidents when they occur. Immediately after an attack has been detected, enterprises may be able to gain a better understanding of the extent of the attack by analysing log files. When you maintain detailed log records, you will also be able to identify when and how the attack occurred, what information was accessed, and if any data was exfiltrated, for example. Furthermore, retaining log files is crucial in the case that a follow-up investigation is required or in the case that a long period of time elapsed before an attack was detected.

In previous versions of the CIS benchmarks, it was recommended to deploy a SIEM tool to centrally manage audit logs. This advice has since been redacted due to the fact that organisations may be able to meet CIS controls by using a centralised log management service instead.

According to the most recent guidelines, CIS practitioners are now taking steps to not be too prescriptive regarding which tools should be used to ensure compliance. You can avoid using a SIEM solution that might be more complex than what is needed to meet CIS benchmarks by regularly reviewing your logs.

If long retention periods are required, it may very well be cheaper to use cold cloud storage (such as Amazon S3). Logit.io offers users the option to store audit logs for long-term retention within hosted S3 deployments as part of its solution.

Logit.io provides an affordable solution to meet many of the CIS controls because it offers robust data storage, alerting, and support for using a variety of query expression languages. When these basics are all covered, this alone will meet many guidelines for running a CIS compliant system.