Cyber Essentials is a cyber security certification that has been designed by the government to make it simple for organizations to protect themselves against common cyber threats.
Getting Cyber Essentials certified means you are protected against cyber-attacks whatever the size. Attacks can come in many forms. It’s crucial to ensure you are properly protected.
There are two levels of certification, Cyber Essentials, and Cyber Essentials Plus, in this article, we’ll explore both levels of certification.
What is Cyber Essentials Certification?
Your organization must have Cyber Essentials Certification at either the basic or plus level
- You must be certified with an IASME certification body
- Your organization must turnover under £20,000,000
- Your organization must be domiciled in the UK
- The UK government’s Cyber Essentials scheme sets out five controls that organizations can implement to achieve a baseline of cyber security, against which they can achieve certification to prove their compliance.
These include:
- Access control
- Firewalls and routers
- Malware protection
- Secure configuration
- Software updates
Cyber Essentials Plus is a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks.
It involves a technical audit of the systems that are in scope for Cyber Essentials by checking the Cyber Essentials controls have been applied as per the self-assessment.
How does configuration security factor in?
Now let’s focus on secure configuration: secure configuration refers to security measures that are implemented when building and installing computers and network devices to minimize cyber risks.
Secure configuration is an essential part of any framework and standard these days, particularly with CE+ the legwork required to demonstrate secure configuration is substantial.
According to the CE standard secure configuration applies to servers, desktop computers, laptop computers, tablets, mobile phones, thin clients, IaaS, PaaS, SaaS. Do remember we mentioned default settings? This is what we want to avoid. This is where GYTPOL comes in.
Anyone that’s worked with group policy/SCCM/other management platforms will know that it’s not seamless and it’s quite difficult to ensure that whatever settings you’ve got are being deployed effectively to all devices.
Specifically, CE requires computers and network device operators to routinely:
- remove and disable unnecessary user accounts (such as guest accounts and administrative accounts that won’t be used)
- change any default or guessable account passwords (see password-based authentication)
- remove or disable unnecessary software (including applications, system utilities, and network services)
- disable any auto-run feature which allows file execution without user authorization (such as when they are downloaded from the internet)
Many tools are used today to mitigate vulnerabilities, none more so than vulnerability scanning tools. Maintaining a list of Common Vulnerabilities and Exposures (CVEs) and the affected products is a good place to start. When you know your exposure, it's a simple case of patching to remediate.
The same can’t be said for misconfigurations. And threat actors are clearly aware. The latest report from Microsoft Cyber Signals report shows that 80% of ransomware attacks are due to misconfigurations. With no robust automated solution; your organization has the potential to be littered with human errors and default settings.
Organizations rely heavily on Group Policy Objects (GPOs) to roll out security baseline policies, this provides an element of automation. However, there is no way to validate whether the device has received and implemented the policy. This leaves devices at risk of falling out of compliance.
A robust, automated approach
GYTPOL is the only robust automated solution for configuration security assurance, helping monitor, identify and remediate risks caused by misconfigurations on endpoints, servers, on-premises, infrastructure, and cloud services
At GYTPOL we are able to provide continuous monitoring of all your PCs, Servers, validation of all your group policy settings, and detect mismatches, missing GPO, or wrong values applied.
We are hyper-focused on the insecure configurations we know threat actors are exploiting. We map to the MITRE framework categorization, ranking severity by high, medium, and low. We provide actionable intelligence to your organization, identifying the risk and providing literature for the potential impact and the step-by-step process to manually remediate the misconfiguration.
We take this one step further and are even able to remediate with a single click and with no risk of business disruption. Once GYTPOL identifies an issue, the platform allows the operator to reduce or even remove risk through the following capabilities:
- Remediate an individual device, groups of devices, or across the whole organization.
- Show usage on individual devices, allowing the operator to safely remediate impacted devices.
- Auto re-apply, allowing the issue to be automatically remediated for new and existing devices in the organization.
- Revert capability to undo remediation back to the previous state.
- Audit reporting (i.e. who performed the remediation, reason, status of the remediation, etc.).
- Log Actions Pending and Actions Finished/Stopped.
Having a centralized view of the configuration of your device allows organizations to ensure devices are configured correctly, which in turn reduces risk and enables CONTINUOUS compliance.
Further Cyber Essential guidance can be found here.
Comments