Cybersecurity frameworks, and getting control over cyber asset management can feel overwhelming, especially for MSPs juggling multiple client environments with limited resources. That’s where CIS Critical Security Controls come in—offering a clear, prescriptive roadmap to help IT teams prioritize security efforts and cyber asset management while reducing risk.
In our recent webinar, Liongard Founder and Chief Strategy Officer Joe Alapat sat down with Charity Otwell, Director of the CIS Critical Security Controls, to break down why CIS Controls matter for MSPs, how they align with modern security strategies, the criticality of cyber asset management, and practical steps for implementation.
Missed the live session? No problem. This blog highlights key takeaways, and you can watch the full webinar on demand to dive deeper into how CIS Controls can help you simplify security and stay ahead of evolving threats.
The Big Challenge: You Can’t Protect or Manage Assets That You Don’t Know
One of the key takeaways from the discussion was a simple yet powerful truth: “You can’t protect what you don’t know.” Many organizations are operating in the dark when it comes to their IT environments, lacking the visibility needed to secure their systems effectively. Without a clear understanding of their assets, companies expose themselves to significant risks, including unsecured devices connected to corporate networks, unpatched software with known vulnerabilities, dormant user accounts with active permissions, risky third-party integrations, and a lack of asset inventory leading to misconfigurations. As Joe Alapat, Liongard Co-founder and CSO, pointed out, many organizations attempt to implement cybersecurity best practices without even knowing what they need to protect. This is where CIS Controls provide a critical advantage. By following a structured framework, organizations can establish comprehensive asset management and visibility, strengthen their security posture, and significantly reduce risk exposure.
Why CIS Controls? A Practical, Actionable Framework
The CIS Controls framework is highly relevant for IT teams because it provides a practical, prioritized approach to cybersecurity. Unlike broad, high-level security frameworks that can be complex and difficult to implement, CIS Controls offer actionable steps to strengthen security posture. Here’s why IT teams, especially in small to mid-sized organizations, find it valuable:
- Simplifies Security Implementation – CIS Controls break down security best practices into manageable, prioritized steps, making it easier for IT teams to focus on the most impactful actions first.
- Addresses Common Threats – The framework is built based on real-world attack data, ensuring that IT teams tackle the most prevalent cybersecurity risks effectively.
- Enhances Compliance Readiness – Many regulatory frameworks (e.g., NIST, CMMC, HIPAA, GDPR) map to CIS Controls, helping IT teams align with compliance requirements without unnecessary complexity.
Where to Start? Begin with CIS IG1
The CIS Implementation Group 1 (IG1) framework provides organizations with a strong cybersecurity foundation by focusing on essential security safeguards. Implementing IG1 controls, focused on building and maintaining a comprehensive asset inventory, can help defend against 77 percent of malware attack techniques, 78 percent of ransomware tactics, and nearly 80 percent of the most common cyber threats. To achieve this, organizations should prioritize foundational security measures, including maintaining a comprehensive inventory of assets and software, securing hardware and software configurations, and managing identities and account access effectively. By focusing on these key areas of cyber asset management, organizations can significantly reduce their attack surface while ensuring greater operational efficiency and security resilience.
Left of Boom vs. Right of Boom: Proactive vs. Reactive Security
A key takeaway from the webinar was the importance of shifting from reactive security (“Right of Boom”) to proactive security (“Left of Boom”) to minimize risk and enhance resilience. Left of Boom focuses on prevention and preparedness through strong asset and identity management, automated monitoring for misconfigurations, and proactive risk mitigation strategies. In contrast, Right of Boom is centered on response and recovery, including incident detection and containment, forensic investigation of breaches, and remediation efforts to prevent recurrence. Too often, organizations operate in a constant firefighting mode, reacting to security incidents only after they occur. CIS Controls provide a structured framework to help organizations move toward proactive security, reducing vulnerabilities before they become critical threats.
Making CIS Controls Work: The Power of Automation and Asset Management
Security frameworks are only effective if implemented properly, yet many IT teams struggle with keeping asset inventories up to date, detecting unauthorized access, tracking configuration drift, and managing identities and access. These challenges create security gaps that leave organizations vulnerable to attacks. This is where automation plays a crucial role. By integrating automated security platforms like Liongard with CIS Controls, organizations can continuously discover and track all IT assets, automate compliance checks to reduce risk, detect and respond to unauthorized changes, and improve incident response times. As one panelist emphasized, cybersecurity teams need more than a static spreadsheet—they require a real-time system that continuously maps and secures their environment. Liongard’s automated asset management, discovery, and compliance tools enable IT service providers to align with CIS Controls more efficiently, ensuring security risks are identified and addressed before they become critical issues.
Final Takeaways: How to Build a Cyber Resilient Future
Building a strong cybersecurity foundation starts with the basics—implementing CIS IG1 controls to mitigate the majority of attack risks. IT and security must align to ensure that security is not just about protection, but also about maintaining visibility, governance, and operational efficiency. To achieve this, automation is key. Leveraging automation and integrations helps organizations keep IT environments continuously monitored and secure. Most importantly, prevention is always better than remediation. Shifting Left of Boom allows organizations to proactively defend against threats before they escalate into security incidents. By adopting CIS Controls and integrating automation, IT service providers can transform cybersecurity challenges into opportunities, creating a secure, scalable, and resilient future.
Want to Learn More?
To dive deeper into the insights shared during the webinar, watch the full recording here.
Interested in seeing how automation can streamline CIS Controls implementation and enhance security? Schedule a discovery call to learn more.