Secure Baseline

Secure Baseline scanning to identify and fix configuration weaknesses in operating systems

Secure baseline scans are designed to find configuration gaps and security weaknesses in operating systems, using specific security frameworks as comparison benchmarks. Security teams can perform these scans to compare different OS configuration settings against the baseline controls recommended by security frameworks, and make the changes necessary to harden configuration and reduce their organizations’ attack surface. Along with configuration hardening for improved security, secure configuration assessments also help organizations meet the compliance requirements relevant to their industries.

CYRISMA uses the Center for Internet Security’s (CIS) Benchmarks and DISA’s Secure Technical Implementation Guides (STIGs) as the benchmarks for secure configuration scanning to protect both commercial and government entities against breaches. The systems being scanned are put through hundreds of tests under different policy categories and assigned performance grades based on the test results. Scan results include detailed recommendations to fix misconfigurations and close security gaps, and the functionality to create and execute mitigation plans from within the CYRISMA platform.

What can you scan?

CYRISMA’s secure baseline scans can be performed on all versions of Windows, Linux and Mac operating systems (OS). Users can choose between scans based on the CIS Benchmarks and DIS STIGs and deep dive into configuration settings tied to specific policy categories like network security, password policy, WLAN settings, group policy, etc. The platform also allows teams to set up mitigation plans based on detailed recommendations, assign mitigation actions to specific team members, and track baseline trends over time to improve performance and maintain a strong security posture.

Monitor Configuration Drift

In addition to hardening OS configuration and reducing risk, organizations can use CYRISMA’s secure baseline scans to identify configuration drift, improve change management and meet compliance requirements.

Using a single framework for secure configuration ensures consistent configuration settings across systems and machines regardless of computing environment and location. This may be affected over time as changes are made to hardware or software without a proper reporting or tracking mechanism, causing what is known as “configuration drift” or inconsistencies and gaps emerging in secure configuration. With CYRISMA, organizations can schedule regular secure baseline scans and compare new scan results against historical data to quickly spot and fix configuration drift, bringing errant systems back under the security policy’s control.

The Power of CYRISMA

Optimize Cyber Risk Management with our multi-feature SaaS platform

CYRISMA allows you to Discover, Understand, Mitigate, and Manage cyber risk with efficiency and speed

1. Discover

Discover configuration weaknesses and standardize OS configurations based on selected security frameworks. Strengthen the security posture of your organization and reduce the risk of a breach, without impacting end users.

2. Understand

Understand the rationale behind specific security configuration recommendations and how misconfigurations and errors in system settings across computing environments can open up attack opportunities for threat actors.

3. Mitigate

Mitigate configuration weaknesses based on scan results and identify and control configuration drift over time by comparing current scan results with historical data. Maintain a consistently strong cybersecurity posture.

4. Manage

Standardize and manage secure system configurations over time to reduce cyber risk, create a secure operational environment and meet security and industry-specific compliance requirements like PCI DSS, HIPAA, CCNA, GDPR, etc..

Discover how CYRISMA can help protect your business

Schedule a demo and get a first-hand look