This month, we are looking at Control 7 from the Center for Information Security (CIS) framework, which focuses on the need to manage vulnerabilities inherent in every network and workstation continually.
There’s a reason you’re always getting those alerts about updates for your phone and PC, and it’s because there are new vulnerabilities discovered every day that can be taken advantage of to gain access to your devices and data. And the same is true for network equipment like firewalls and switches.
Control 7 emphasizes the need for a plan to monitor and resolve these vulnerabilities, to minimize the window of opportunity for threat actors (aka hackers) to exploit them. In addition, automated tools are mandatory in locating these vulnerabilities and installing updates to close them up, but unfortunately, those tools don’t work for every device.
So, the biggest takeaway from CIS 7 is that this control is not one that you can set and forget. Several of the items within this group must be reviewed by someone on a monthly or more frequent basis because it takes diligence to maintain a truly secure environment.
It’s this diligence that has led CHTS to invest resources to monitor current trends regarding vulnerabilities, as well as partner with security vendors to ensure that we have the latest intel on vulnerabilities, that could affect our clients and their networks. If you’d like more information on this control, please contact your team lead or vCIO.