Center for Internet Security (CIS) Releases New Community Defense Model for Cybersecurity

Implementation Group (IG) 1 of the CIS Controls – the definition of Basic Cyber Hygiene – provides mitigation against the top four attack patterns listed in the 2019 Verizon Data Breach Investigations Report (DBIR), including ransomware. Implementation is easy with only 43 safeguards.

EAST GREENBUSH, N.Y., Aug. 4, 2020 – The Center for Internet Security, Inc. (CIS®) released its Community Defense Model (CDM) today, ahead of this week's SANS webinar, "Cleaning Up Our Cyber Hygiene." The model shows that the CIS Controls® (Controls) – a prioritized and prescriptive set of safeguards that mitigate the most common cyber-attacks against systems and networks – mitigate approximately 83% of all attack techniques found in the MITRE ATT&CK Framework. Furthermore, Implementation Group 1 (IG1) of the Controls, the definition of Basic Cyber Hygiene, provide mitigation against the attack techniques found in the top four attack patterns listed in the 2019 Verizon Data Breach Investigations Report (DBIR), including ransomware. This is a critical finding for both public and private sector organizations that have been facing a rapid increase in cyber-attacks, especially ransomware, over the last several years.

The CDM maps the Controls to the MITRE ATT&CK® (Adversarial Tactics, Techniques, and Common Knowledge) Framework, and describes how data sources are used to support the mapping to specific Controls and their associated Sub-Controls (Safeguards). The CDM also formalizes the documentation of the specific attack patterns mitigated by the Controls to include: web-application hacking, insider and privilege misuse, malware, ransomware, and targeted intrusions.

“Consistent with our mission, CIS is committed to providing both public and private sector organizations with the tools they can use to help mitigate cyber-attacks," said CIS President and CEO, John Gilligan. "The rigorous and data-driven analysis mapping of the CIS Controls to the MITRE ATT&CK Framework in our Community Defense Model is the most recent step we're taking to help all organizations start secure and stay secure with basic cyber hygiene."

While ransomware attacks have received the most public notoriety over the last several years, there are several other attack techniques that can be just as challenging for any organization. The findings in the CDM also demonstrate the effectiveness of the Controls, which are separated into three Implementation Groups (IGs), against a variety of other attack techniques:

  • Malware: Implementing IG1 of the CIS Controls can mitigate 79% of malware attack pattern techniques. Implementing IG1 is the definition of Basic Cyber Hygiene.
  • Web-Application Hacking: 100% of instances of web-application hacking techniques can be defended against by implementing all of the CIS Controls.
  • Insider Privilege & Misuse: 100% of the techniques can be defended against by properly implementing the CIS Sub-Controls in IG1.
  • Targeted Intrusion: 80% of targeted intrusion techniques can be defended against by implementing all of the CIS Controls.

In developing this new model, CIS used publicly available data from sources including the Multi-State Information Sharing & Analysis Center® (MS-ISAC®), the 2019 Verizon DBIR, and CrowdStrike to identify the most relevant attack patterns and their frequency. Once the attack patterns were identified and analyzed, the MITRE ATT&CK Framework was used to select which attack techniques are associated with specific attack patterns.

"The data and analysis behind this model provide a defensible basis for applying specific best practices to mitigate cyber-attacks. This is an industry first, and we're proud to lead the way on behalf of the community of cybersecurity experts who have helped develop the CIS Controls with us," said Gilligan.

The CIS Controls are a prioritized set of safeguards to mitigate the most common cyber-attacks against systems and networks. The volunteer experts who develop the Controls come from a wide range of sectors including defense, education, government, healthcare, manufacturing, retail, transportation, and others. The findings in the CDM underscore why the Controls are the definition of an effective cybersecurity program. Through the mapping of the Controls, the new model also provides specific and concrete steps all organizations can take to better protect themselves against cyber-attacks, especially malware and ransomware.

The overall goal of the CDM is to bring another level of rigor and detail to support the development of the CIS Controls, while taking advantage of the industry ecosystem that is developing around the MITRE ATT&CK Model.

Read the entire Community Defense Model whitepaper here.

Join CIS Senior Vice President and Chief Evangelist, Tony Sager on Friday, August 7, 2020 at 3:30 P.M. EDT for the SANS webinar, "Cleaning Up Our Cyber Hygiene."

Register here.

About CIS:

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. elections offices. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.

Contact: media@cisecurity.org