SANS & Top 20 CIS Critical Controls
Qualys Solutions for IT Security & Compliance
Qualys' continuous security approach to IT security and compliance enables organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively, while reducing costs and streamlining operations. Using an innovative Software as a Service (SaaS) approach, the Qualys® Security and Compliance Suite combines Qualys' industry leading vulnerability management service with a comprehensive IT compliance solution.
Qualys Vulnerability Management
Globally Deployable, Scalable Security Risk and Vulnerability Management
Qualys Continuous Monitoring
Identify threats and monitor for changes in your environment
Qualys Threat Protect
Prioritize vulnerability remediation and stay on top of breaches
Qualys Policy Compliance
Define, Audit and Document IT Security Compliance
Qualys Security Assessment Questionnaire
Collect and analyze information about your business easily, quickly, and without reinventing the wheel
Qualys PCI Compliance
Automated PCI Compliance Validation for Merchants and Acquiring Institutions
Qualys Web Application Scanning
Automated Web Application Security Assessment and Reporting
Qualys Web Application Firewall
Simple, Scalable and Customizable Solution to stop Web Application Attacks and Prevent Data Breaches
From CIS and SANS Institute:
Guide from Qualys:
Download the Automating the Top 20 CIS Critical Security Controls whitepaper
The Top 20 CIS Critical Security Controls (CSCs) are a prioritized, risk-based approach to cyber security created in coordination with the SANS Institute. They are the result of a consensus process that involved a wide variety of cyber security professionals from government and industry, who were asked: "In practice, what works and where do you start?" The CSCs have become a blueprint to help Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) to deploy the most effective processes and tools to secure all their computer systems according to risk. Five tenets were fundamental defining the CSCs:
- Offense informs defense
- Continuous diagnostics and mitigation
By following the guidelines of CSCs, your organization can ensure the confidentiality, integrity and availability of its information technology assets.
Why the Critical Controls Matter to Your Organization
Depending on your organization, threats to your computer systems can come from sovereign states, terrorists, criminals, lone hackers, and through mistakes committed by staff and contractors. A successful exploit of a critical system could be disastrous if it stopped vital functions in industries such as financial services or transportation or essential functions of government. The CSCs simplify the deployment of a comprehensive security program by focusing on proven risk reduction efforts that can lower exposure by 80 percent or more. For federal agencies, the use of CSCs also can put your agency well on the path to compliance with FISMA – requirements that may also apply to contractors providing services to your agency.
How Qualys Helps Automate Critical Controls
As a critical tenet for the CSCs, automation provides a key role in achieving reliability, scalability and continuous security. This emphasis aligns well with Qualys’ continuous security and compliance delivery model. Because the Qualys Cloud Platform offers a set of extensible services, organizations can achieve rapid implementation of the majority of the controls with a single solution. Additionally, Qualys solutions can be deployed from the cloud within a matter of hours, without costly Professional Services or any additional software or hardware requirements.
For a detailed explanation of how Qualys helps with each of the 20 controls, download the Automating the Top 20 CIS Critical Security Controls whitepaper.