Article Details

Implementing Zero Trust Controls for Compliance. The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error. With the capabilities of the ThreatLocker® Zero Trust Endpoint Protection Platform implemented into their cybersecurity strategy, organizations in any industry around the world can check off the requirements of most compliance frameworks and sleep better at night knowing they are protected from the most devastating of cyberattacks, such as ransomware. ThreatLocker has shared a free downloadable asset to equip IT professionals with cybersecurity compliance best practices. This article aims to elaborate on, and provide a basic over of, the asset. Complexities Across Compliance Frameworks Cybersecurity compliance frameworks exist to assist organizations in constructing robust cybersecurity strategies that will keep them ahead of threats. However, each framework is often ambiguous, making it challenging to ensure the outlined requirements are met. To add more complexity to interpreting the demands of this compliance framework brainteaser, individual frameworks are worded differently, even when pointing to the same technology needed. Compliance Best Practices Regardless of the compliance framework, there is a basic set of technical controls that organizations should implement to increase their security posture and move toward compliance. 1. Access Management Solutions Organizations need a centralized account and access management solution that can inventory all access accounts, assign each user a unique ID, log all logins, provide role-based access, and enforce least privilege/least access. The account and access management solution should also enforce strong passwords, incorporate an automatic lockout after a specified number of failed login attempts, protect the authentication feedback, and disable identifiers after a period of inactivity. 2. Multi-Factor Authentication Multi-factor authentication should be implemented and enforced for privileged account logins, for remote access logins, and when logging into any account accessible from the Internet. 3. Privileged Access Management (PAM) A privileged access management (PAM) solution should be used to protect administrators and other privileged accounts. All privileged activity should be logged in a protected central location. Privileged operating environments are separated from non-privileged, and non-privileged working environments can't access privileged. Privileged operating environments should not be able to access non-privileged operating environments, the internet, email, or other web services. The PAM solution should allow for deactivating privileged accounts after 45 days of inactivity. 4. Remote Access Management Systems Organizations need a remote access management system that monitors and logs remote access, provides automatic session lockout, controls the execution of privileged commands, uses replay-resistant authentication, and uses patterned session locking to hide the display after a specified condition. 5. Allowlisting Organizations must implement allowlisting (historically known as whitelisting) that provides an up-to-date software inventory, monitors installed software activity and integrity, logs all executions, and can remove or disable unused, unauthorized, and unsupported software, including operating systems. The allowlisting solution should incorporate application containment to prevent the creation of child processes and control the execution of mobile code, software, libraries, and scripts. Any new software should be first deployed in a sandbox environment and evaluated before permitting it in the organization. 6. Antimalware Solutions Organizations must implement an antimalware solution that scans endpoints, web pages, and removable media in real-time, incorporates automatic definition updates, and prevents connection to malicious websites. 7. Firewalls Organizations need to incorporate a firewall solution that uses the least privilege, blocks all unnecessary ports and access to the Internet, logs network activity, and terminates connection after inactivity or the end of a session. 8. Detection/Prevention Solutions Organizations should implement an intrusion detection/prevention solution, taking both a proactive and reactive approach to their security. 9. Web Filters Organizations need a web security solution that enforces network-based URL filters or DNS filtering. 10. Email Security Email security solutions should be implemented to use only supported email clients, block all unnecessary file types at the email gateway, and use DMARC. Ensure that email servers have an active antimalware solution. 11. Microsegmentation Organizations need a technical solution to microsegment the network virtually or using VLANs. 12. Removable Media Organizations need to implement a solution to control removable media, including enforcing encryption and limiting access to it. 13. Mobile Device Management Organizations should implement a mobile device management solution that encrypts mobile devices, controls mobile connections, and supports automatic lockout and remote wipe and lock. 14. Logging Solution Organizations need a protected central logging solution that ingests and alerts on Windows event logs, application event logs, network logs, data access logs, and user activities uniquely traced to the user. The logs should be reviewed regularly. 15. Patch Management Organizations need a patch management solution that scans their environment for missing patches, provides reports, and can apply them. 16. Penetration Testing Organizations need to participate in penetration testing. Tests should be conducted internally and on all externally facing services. Any vulnerabilities found should be remediated. 17. Threat Intelligence Sharing Organizations should participate in a threat intelligence sharing community in which they exchange information regarding threats and vulnerabilities so they can mitigate threats and vulnerabilities proactively. 18. Data Protection Organizations need to implement measures to protect data. Data should have granular permissions applied. Only users who require access to specific data to perform job duties should be able to access that data. 19. Securely Discarding Data Organizations need a system to securely dispose of data before equipment is reused or removed. 20. Encrypting Sensitive Data Organizations should ensure that sensitive data is encrypted at rest (encrypted hard drives) and in transit (TLS or HTTPS) using a robust encryption algorithm. 21. Backing Up Systems Organizations need to implement a backup system in which backups are performed regularly, duplicated with copies stored both on and offsite, and routinely tested to ensure the organization always has a working backup available to assist in disaster recovery efforts. 22. Physical Security Controls Organizations should have adequate physical security controls to protect against unwanted access, such as locks, cameras, and fences. Employees and visitors should be monitored and logged. Assets should be inventoried, discovered, and tracked, and any unauthorized assets should be addressed. 23. Security Awareness Training Organizations need to implement a role-based security awareness training solution, either produced in-house or purchased from a third-party provider. 24. Written Policies Organizations must have written policies that employees read and sign to enforce each of the above technical controls. Mapping Requirements Across Compliance Frameworks Although compliance frameworks each have their own set of specific criteria, they share the common goal of helping organizations build robust cyber defense strategies to protect against cyberattacks and the resulting data loss. Protecting this hot commodity is essential as attackers seek to exploit valuable data. Companies with a strong security posture, like those using the ThreatLocker® Endpoint Protection Platform, are already well on their way to achieving compliance with any framework. Add the ThreatLocker® Endpoint Protection Platform to your security strategy to help build a successful blueprint for compliance and achieve world-class protection against cyber threats. ThreatLocker has curated a downloadable guidebook, "The It Professional's Blueprint for Compliance", that maps the parallel requirements of numerous compliance frameworks, including: The eBook presents a mapped table for each of the above 24 compliance best practices mapped across the, also above, six compliance frameworks. The tables that reside within the chapters of this asset have been designed to provide detailed examples of what you can implement into your environment to check off the parallel requirements in each framework, from controls, to policies, to cybersecurity awareness training. Download your free copy today Companies with a strong security posture, like those using the ThreatLocker® Zero Trust Endpoint Protection Platform, are already well on their way to achieving compliance with any framework. Add the ThreatLocker® Zero Trust Endpoint Protection Platform to your security strategy to help build a successful blueprint for compliance and achieve world-class protection against cyber threats. Learn more about ThreatLocker® Goodbye, Atlassian Server. Goodbye… Backups? Protect your data on Atlassian Cloud from disaster with Rewind's daily backups and on-demand restores. Take Action Fast with Censys Search for Security Teams Stay ahead of advanced threat actors with best-in-class Internet intelligence from Censys Search.