The cybersecurity industry gives a lot of attention to protective solutions like firewalls and EDRs. And that makes sense. These technologies are important for a powerful security program.

However, the over-focus on these solutions leads many people to believe that security is something that’s done to a network environment. In reality, if a network environment isn’t intrinsically secure, there aren’t enough security solutions on earth to keep it safe from cyber attacks.

To be intrinsically secure, a network environment must be properly designed and configured. This is where the Center for Internet Security (CIS) benchmarks come in.

What are CIS Benchmarks?

When a new operating system or application is installed, it comes with default settings. Usually, all ports are open, and all application services are turned on. In other words, freshly installed assets are highly insecure.

CIS benchmarks are a set of configuration standards and best practices designed to help (Read more...)