Continuous Controls Monitoring With Control Insights

Person working on a computer that shows Bitsight's Control Insights capability
Written by Scott West

According to the Center for Internet Security (CIS), when an organization implements the recommendations included in the CIS Controls, they will prevent the majority of cyber attacks thrown at them. And, they will be well prepared to defend themselves in the future. It’s an ambitious goal. But, given the current state of cyber attacks and the increasing threat landscape every organization has to defend against, this goal is no longer simply a nice-to-have. It’s become table stakes.

But even if your organization views itself as being highly security conscious, you likely still have gaps in your program and security controls. The real challenge is in identifying and remediating those gaps. There are three steps to do this:

  1. You must determine what controls your organization should have in place. 
  2. Then you need to assemble a comprehensive view of your extended digital footprint including subsidiaries, geographies, assets, IPs, and domains. In other words, you need to understand the attack surface you want to apply the controls against. 
  3. Finally, you need to continually assess how effective those controls are and remediate any gaps you identify. 

Sounds easy, right? It actually is easy with Control Insights.

Introducing Control Insights

Control Insights uses a best practice framework to measure how effective your organization’s security controls are and suggests how to remediate any gaps in those controls. Leveraging over 200 billion externally observable events gathered from more than 120 different data feeds that we process daily, Control Insights provides an objective, evidence-based, continuous controls monitoring capability built into the Bitsight Security Performance Management (SPM) solution

When you consistently and reliably measure the effectiveness of security controls, you hit your performance targets faster, you make your company more secure, and you become more cyber resilient.

Stop Playing Whac-a-mole: Find The Root Cause of Security Findings

So how does this differ from the findings presented in the Bitsight platform? When you fix a finding, you probably expect to see your Bitsight rating improve. And since the Bitsight rating is the only cybersecurity rating independently correlated to the likelihood of a breach, your rating improvement indicates that your organization is more secure. 

But what happens when you fix a finding, and then a week later something similar pops up? Our product team jokingly refers to this as the whac-a-mole syndrome. Fix one finding, it goes away, but then another one pops up. If this happens consistently, you’re not going to see material improvements to your rating.

You see, the real focus should not be on fixing an individual finding. Instead, the focus should be on identifying and fixing the underlying cause that allowed the finding to occur in the first place. For example, if you identify expired certificates from your digital assets, you can remove them. But the better option is to implement a control, a certificate management system that helps you prevent expired certificates in the first place. This is getting to the root cause, and Control Insights can help you get there.

Control Insights as a Proactive Approach to Cybersecurity

Point solutions only measure the effectiveness of a single control and must be configured to monitor specific infrastructure. Control Insights continuously assesses the effectiveness of security controls across your extended organization, without requiring any initial configuration. Bitsight actively identifies and hand-curates infrastructure associated with your organization and measures telemetry across a wide range of security domains. 

Control Insights measures your team’s progress over the past six months and streamlines your efforts to develop performant security controls with expert-designed insights that include:

  • A prescriptive analysis of the control’s effectiveness 
  • The reason the insight was triggered
  • Suggestions as to what the evidence indicates
  • A reference to the relevant security control or subcontrol

It’s a proactive approach to securing your organization. And it will go a long way towards helping you prevent cyber attacks and scale as the threat landscape continues to evolve. 

To learn more about how Control Insights can help you proactively build a more secure organization, contact your sales rep or send an email to [email protected].
 

Attack Surface Analytics Report

Request your free custom report and see how you can start reducing your cyber risk exposure across your digital ecosystem: cloud assets across all geos & subsidiaries; discover shadow IT; security risk findings; and more!