Scan Remote Endpoints From Wherever You Are with CIS-CAT Pro

IT professionals can be overwhelmed by the various standards, compliance requirements, and security options that are involved in configuration management. As remote work grows, the complexity of implementing secure configurations expands as well. Employees are using company resources to work from home, and many IT staff need to assess company equipment without being physically present.

Thousands of organizations around the world leverage CIS SecureSuite Membership to improve their cyber defenses. One of the most useful Member benefits in a remote work environment is the ability to conduct remote configuration assessments using a tool called CIS-CAT Pro. CIS-CAT Pro is a quick and effective way to compare target machines to the secure recommendations of the corresponding CIS Benchmarks.

Cybersecurity Experts Use the CIS Benchmarks

Many servers, operating systems, and applications come with default settings that are put in place for convenience, not security. Implementing secure configurations is a way to help significantly improve an organization’s cyber defenses. The CIS Benchmarks provide free configuration recommendations for 100+ CIS Benchmarks covering more than 14 technology groups. Secure configurations can help protect against threats such as denial of service or unauthorized data access.

CIS Benchmarks are referenced by many industry frameworks and organizations including PCI DSS, FISMA, HIPAA, DISA STIGs, FFIEC, and more.

CIS-CAT Pro: Assessment Tool and Dashboard

CIS-CAT Pro leverages the powerful security guidance of the CIS Benchmarks in an assessment tool. Available only to CIS SecureSuite Members, it has two components: CIS-CAT Pro Assessor and CIS-CAT Pro Dashboard. CIS-CAT Pro Assessor scans against a target system’s configuration settings and reports the system’s compliance to the corresponding CIS Benchmark. CIS-CAT Pro Assessor typically scans in just a few minutes, saving users hours of tedious manual configuration review. It also offers multiple reporting formats, including an HTML report which lets users quickly review noncompliant settings and remediation steps for achieving compliance to the CIS Benchmark recommendation.

An integrated component to CIS-CAT Pro Assessor is CIS-CAT Pro Dashboard. CIS-CAT Pro Dashboard allows users to view system compliance to the CIS Benchmarks over a period of time with dynamic reporting features. CIS-CAT Pro Dashboard displays CIS-CAT result scoring for target systems in an easy-to-read graph format. Users can sort data to view charts per CIS Benchmark or per device. Systems can also be tagged (for example, by department) in order to view system grouping compliance to CIS Benchmarks over time, to prevent configuration drift.

Try some features for free - download CIS-CAT Lite.

Remote Assessment Capability and New Features

CIS-CAT Pro Assessor helps IT teams run a configuration assessment within minutes, instead of having to develop subject matter expertise on an operating system and the settings necessary to prevent attacks. A team can see where they score with conformance to a CIS Benchmark on a web server, a mail server, or a router. CIS-CAT Pro Assessor can also scan multiple target end points through a single instance.

CIS-CAT Pro Assessor v4 allows IT professionals to conduct remote CIS Benchmark assessments using the graphical user interface (GUI) of CIS-CAT Pro Dashboard when Assessor v4 Service is installed. Remote assessment can also be conducted using the command line interface.

Recently-released Version 1.0.7 of CIS-CAT Pro Assessor v4 Service includes support for Java versions 8 through 14 for Assessor v4 Service. Imports to CIS-CAT Pro Dashboard, when using these versions of Java on the Assessor v4 Service server, will now be successful when imported via the API when using Assessor v4 Service.

CIS-CAT Pro Assessor v4 GUI

Later this year, a GUI component will be added to CIS-CAT Pro Assessor v4. This new application will be delivered as part of the CIS-CAT Pro Assessor v4 download and will provide users with easy-to-follow remote or local configuration assessment workflows. The GUI application embeds a runtime version of Java to alleviate the need for GUI-users to install Java. Java will still be required for command line operations. The GUI application requires very little training. It will be a great tool system administrators can utilize to validate configuration changes made to move closer to conformance with CIS Benchmark recommendations.

Tailor Configuration to Your Organization's Needs

Customizations can be managed two ways to meet your organization's unique security needs. Alterations of CIS Benchmarks can be made through the tailoring functionality within CIS WorkBench. Modifications to the content can also be completed manually in the XML content such as the XCCDF or OVAL files in the CIS Benchmarks folder of CIS-CAT Pro Assessor.

Customizations could range from turning on or off a recommendation or tailoring a recommendation such as password length. Upon saving the file with the alterations, the assessment will then run against the new modifications and the CIS-CAT report will produce results in correspondence with the changes made.

There's No Better Time for a CIS SecureSuite Membership

Wherever teams may be working, IT professionals can harden their organization’s endpoints and implement a secure baseline by remotely assessing with CIS-CAT Pro v4. Operations and security teams can use CIS-CAT Pro for self-assessments or to validate a system before production rollout. Auditors can use CIS-CAT Pro to conduct or view assessment results.

To access CIS-CAT Pro, and many more cybersecurity tools and resources, learn about all that CIS SecureSuite Membership has to offer.