Cybersecurity: Using Liongard to Support CIS Controls
Learn how your MSP can use Liongard’s Actionable Alerts to implement CIS Controls.
As cybersecurity remains a core concern for MSPs, it can be daunting to stay on top of the many issues and best practices out there. Fortunately, organizations like the Center for Internet Security (CIS) have put together simplified guidelines to help you protect your business and clients against cyber threats. The CIS team of global experts developed 20 Critical Security Controls with prescriptive actions you can take to mitigate risk. Let’s dive in to see how Liongard can help your team support these CIS Controls.
The Connection between Liongard and CIS Controls
Liongard provides MSPs with fresh, automated system data, which allows you to monitor customer environments for critical changes and receive alerts when something needs your attention. Liongard’s alerts span critical systems like Office 365, Active Directory, SQL Servers, firewalls, and more—and they help support specific CIS Controls.
We’ve gone through our library of alert rules and matched each one to the corresponding CIS Control it supports. In some cases, our alerts overlap to support more than one CIS Control, so we’ve mapped them to the most relevant control in each case.
How to Use Liongard to Implement CIS Controls
Access and download the list of Liongard Actionable Alerts and the CIS Controls they support here.
For your convenience, the first sheet can be sorted by System Inspector, general purpose, or the CIS Control number. The second sheet includes all of the CIS Controls and reference material. You’ll notice the 20 CIS Controls are broken down into three categories:
1. Basic CIS Controls—these should be implemented in every organization for cyber defense readiness.
2. Foundational CIS Controls, the next step up from basic—smart for any organization to implement.
3. Organizational CIS Controls, distinct from the others and focused more on people and processes.
From there, it’s easy to set up alerts in Liongard to monitor these CIS Controls:
Step 1: Select relevant alert rules for your MSP and/or customers (Use our library of alerts or customize your own.)
Step 2: Turn the rules on in a Template and decide which Environments to apply it to. It’s easy to start with a controlled test using a few rules and one customer Environment.
Step 3: When an alert rule’s threshold is met, an automated alert will be delivered to your destination of choice (Roar, PSA, and/or email), where your team can take the necessary action.
For more help here, register for the Liongard webinar on Standardizing Support Through Actionable Alerts.
Additionally, know that you can also run reports on Liongard data to audit the systems you are managing. For certain tasks like auditing firmware versions of firewalls, it may be easier to run a report in Liongard and create project work to get started. Tune into this live session to learn more about Liongard’s reporting.
Examples of Liongard Rules that Support CIS Controls
The following are just a few examples of Liongard alert rules that MSPs have found useful in supporting specific CIS Controls:
CIS Control #1: Inventory and Control of Hardware Assets
Approximately 25 Actionable Alerts support this control, including:
- Active Directory servers at or near the end of support
- Active Directory workstations at or near the end of support
CIS Control #3: Continuous Vulnerability Management
Several Actionable Alerts support this control, including:
- Active Directory user accounts with brute force attempts
- Amazon Web Services changes to CloudTrails enabled
CIS Control #4: Controlled Use of Administrative Privileges
About 20 Actionable Alerts support this control, including:
- Active Directory, Office 365, SonicWall and SQL Server changes to privileged users
- Active Directory and Office 365 privileged users with stale passwords
CIS Control #11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
Approximately 65 related Actionable Alerts support this control, including:
- SonicWall NAT policies added, removed or modified
- Fortinet firewall policies added, removed or modified
CIS Control #16: Account Monitoring and Control
More than 60 related Actionable Alerts support this control, including:
- Office 365 exposure to accounts with stale passwords
- Internet Domain registrants contact details modified
- VMWare ESXI with users list modified
- Active Directory and Office 365 with no password expiration policy
Liongard is rooted in security and transparency best practices to maximize peace of mind for our employees, our MSP partners and their customers. For more on how to utilize Liongard to manage your CIS Controls, watch our webinartoday. If you’re interested in other security frameworks, we’ve also mapped how Liongard can help support NIST’s Cybersecurity Framework and functions here.