SANS Top 20 Controls with ESP

SANS Top 20 Critical Security Controls

The SANS Institute recommends that every company strive to reach the SANS top 20 Critical Security Controls, these controls detail a minimum security strategy to build your organization’s cyber defense into a robust security infrastructure that combats most modern threats in order to retain the integrity of your cyber assets.

ESP SANS20 img

Use Elemental's Solution to implement, monitor and enforce SANS 20 Controls

Elemental Security Platform (ESP) is one of the most advanced cybersecurity, compliance, and risk management automation platforms on the market. Resilient enterprise SaaS, it is scalable for any network security infrastructure, from small businesses to large enterprises. ESP offers easy out-of-the-box deployment, continuous and automated management, and auditor-proof enforcement of technical controls needed to implement these recommended controls. Hundred of controls in the form of actionable security policies can be deployed to your servers and other hosts in a matter of minutes, providing instant security configuration compliance visibility in your environment. Afterward, those controls are monitored and enforced 24/7, with precise reporting on policy outcomes available to your team with a click of a button.

ESP SANS20 Policies

Elemental's ESP technology goes beyond simple host security configuration checking and continuous compliance reporting, it enables automatic system hardening by enforceing most of the deployed technical controls. This is easily accomplished by deploying security policies with enforcement mode activated.

An example of enforceable SSL/TLS related controls/rules:

ESP TLS enforce rules
Note: the little hammer in front of a control/rule means 'Enforceable Rule'.

Elemental waives

SANS Top 20 Critical Controls

Putting these security controls into practice is not a frivolous venture. Unprotected organizations are at risk of malware, ransomware, spyware, and DDos attacks that can hamper business productivity for days or weeks by loosing crucial access and sensitive data, both of which may never be re-attainable without a cyber protection plan. Implementing these basic security practices within your organization could vastly reduce your cyber exposure and eliminate these basic threats.

Most of the top 20 SANS Critical Controls can be implemented using Elemental's ESP solution, check details below:

Control Ref. # ---- SANS TOP20 Control ---- Elemental Support
>>>>>>> Basic Controls
CBC-01 > Inventory and Control of Hardware Assets YES - tell me more ..
CBC-02 > Inventory and Control of Software Assets YES - tell me more ..
CBC-03 > Continuous Vulnerability Management YES - tell me more ..
CBC-04 > Controlled Use of Administrative Privileges YES - tell me more ..
CBC-05 > Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers | YES - tell me more ..
CBC-06 > Maintenance, Monitoring and Analysis of Audit Logs YES - tell me more ..
>>>>>>> Foundational Controls
CFC-07 > Email and Web Browser Protections YES - tell me more ..
CFC-08 > Malware Defenses YES - tell me more ..
CFC-09 > Limitation and Control of Network Ports, Protocols and Services YES - tell me more ..
CFC-10 > Data Recovery Capabilities N/A - tell me more ..
CFC-11 > Secure Configuration for Network Devices, such as Firewalls, Routers and Switches N/A - tell me more ..
CFC-12 > Boundary Defense YES - tell me more ..
CFC-13 > Data Protection YES - tell me more ..
CFC-14 > Controlled Access Based on the Need to Know YES - tell me more ..
CFC-15 > Wireless Access Control YES - tell me more ..
CFC-16 > Account Monitoring and Control YES - tell me more ..
>>>>>>> Organizational Controls
COC-17 > Implement a Security Awareness and Training Program N/A - tell me more ..
COC-18 > Application Software Security N/A - tell me more ..
COC-19 > Incident Response and Management N/A - tell me more ..
COC-20 > Penetration Tests and Red Team Exercises N/A - tell me more ..

button free trial