How to Identify Your Boundary Defense Needs
By Kes Jecius, RedSeal Senior Consulting Engineer
The Center for Internet Security’s (CIS) twelfth control for implementing a cybersecurity program is for your organization to control the flow of information transferring between networks of different trust levels. The first sub-control states that an organization should maintain an inventory of all network boundaries. So, the first question you need to ask is: where are your network boundaries?
Back in the days before the Internet was prevalent and mainframes dominated the IT landscape, these boundaries were very well defined. All the company’s information was warehoused in a mainframe centrally controlled by a small group of people. Getting access to the data was a very rigorous process and external links were not common. When external links were established, they were very tightly defined to exchange the minimum amount of information required to conduct business.
With the introduction of Local Area Networks, data started to be distributed within the organization. The IT department frequently was not involved in the deployment of these networks since they were seen as local resources and didn’t include external links. As these data resources grew, departments wanted to share information outside the boundaries of their local network. The Internet facilitated this connectivity, and IT departments needed to get involved to provide a control point for these data flows.
Now jump to the present where organizations have multiple internal data sources deployed in a distributed fashion, and the business owners of the data want to share this information with others to make their operations more efficient. The IT department now needs to understand the network boundaries and the security group needs to control and manage the boundary defense requirements.
To inventory these boundaries, the first step is to understand how your network infrastructure is connected. Assuming you’ve done a good job implementing CIS Control #1 (Inventory and Control of Hardware Assets), you have an initial base to identify all connections to external organizations and the Internet. A secondary pass through this information should focus on identifying internal connectivity. Understand where your organization allows data to flow and identify untrusted links within the organization, like guest wireless access.
The second phase of creating your boundary inventory is to leverage the data gathered in implementing CIS Control #2 (Inventory and Control of Software Assets). By understanding the systems running on your servers, you can start to understand where the users of the data are connecting to the enterprise. Then, map these flows to the hardware inventory to get an understanding of all network boundaries and determine where your organization should focus to implement appropriate security controls.
With automated tools and platforms in place from the first two controls, putting together the initial inventory of network boundaries should be a relatively easy process. Then your security group can start to improve overall boundary defenses as identified in the other sub-controls within the twelfth CIS control (Boundary Defense).
Although no single product can be the solution for implementing and managing all CIS controls, look for products that provide value in more than one area and integrate with your other security solutions. RedSeal, for example, is a foundational solution that provides significant value for understanding the networking environment and helping to identify the network boundaries that have already been deployed. This, in turn, will allow your organization to improve these boundary defenses in a cost efficient manner.
Download the RedSeal CIS Controls Solution Brief to find out more about how RedSeal can help you implement your cybersecurity program using the CIS Controls.