In the third segment of the CIS webinar series, the focus shifts to specific cybersecurity settings and techniques that help mitigate various Mitre attack techniques. The discussion emphasizes the importance of understanding and controlling kernel settings, as unrestricted access to these settings can be a significant security risk.
Importance of Device Authentication and Certificate Use
One of the key recommendations from CIS is the use of device authentication using certificates. This practice is essential for ensuring secure communication and maintaining an audit trail. Automatic certificate authentication is highlighted as a best practice, reducing the risk of human error and ensuring consistent security measures.
Enumeration Policy for External Devices
The conversation also covers the enumeration policy for external devices, particularly those incompatible with kernel DMA protection. By default, these devices should be blocked to prevent unauthorized access and potential security breaches. This setting is crucial for maintaining the integrity of the system and avoiding the risks associated with unapproved devices.
Custom Security Support Providers (SSPs) and Authentication Packages (APs)
Another critical topic discussed is the need to disable the loading of custom SSPs and APs into the Local Security Authority Subsystem Service (LSASS). Allowing custom SSPs and APs can create backdoors and security vulnerabilities. The panelists stress the importance of understanding the business implications of these settings and using them to enable secure business practices.
Running LSASS as a Protected Process
Ensuring that the LSASS runs as a protected process is another vital setting discussed. This setting, particularly when enabled with UEFI lock, is crucial for system security. It highlights the interconnectedness of various CIS benchmarks and the importance of a holistic approach to cybersecurity settings.
Conclusion
This segment of the CIS webinar series provides a detailed look into specific cybersecurity settings and their role in mitigating attack techniques. The discussion underscores the importance of device authentication, careful management of external devices, and the risks associated with custom SSPs and APs. By focusing on these critical settings, organizations can significantly enhance their cybersecurity posture and protect against various forms of cyber threats.
Are you ready to transform your cybersecurity approach? Contact Senteon today for a comprehensive risk assessment, and don’t forget to watch the full webinar video for a deep dive into these strategies with Jen White and other experts. Your journey to cybersecurity excellence starts here.
Full Webinar Episode: https://www.youtube.com/watch?v=IlUmByjgfpU&t=43s
