Packetlabs is Now CIS Security Controls Certified. Here's What to Know

Establishing, maintaining, and proving an organization’s security posture remains a high priority for business, government, and regulatory bodies. Through accreditation with the Center for Internet Security (CIS), Packetlabs can show their customers and partners that their cybersecurity posture meets the best practice guidance as set forth in the CIS Controls, underpinned by the rigorous standards of CREST accreditation.

-Curtis Dukes, CIS Executive Vice President of Security Best Practices & Automation Group

It's official: Packetlabs is now CIS Security Controls certified. Learn more about what this mean for your security in today's blog.

What is the CIS Controls Accreditation?

The CIS Controls Accreditation offers eligible organizations the ability to provide CIS Critical Security Controls implementation, auditing, and/or assessment with the assurance that they have met the consistent and rigorous standards of CREST certification.

This program offers service providers a “stamp of approval” at the organization level, ensuring that clients can feel confident that they are doing business with a reputable and reliable CIS Controls assessment-approved organization.

CREST Certifications: What Do They Mean for Organizations?

A CREST certification is a globally-recognized accreditation issued by CREST (the Council of Registered Security Testers). As an international governing membership body representing the global cybersecurity community, CREST certifications are lauded as the best of the best by the cybersecurity industry regarding the indication of knowledge, skills, and competence.

CREST accredits 300 member companies across dozens of countries, certifies thousands of security professionals, and works with some of the world’s top cybersecurity stakeholders to ensure that organizations’ cybersecurity is in good hands. Its mission is to build capable and consistent collaboration through high-quality security services.

In 2023, being CREST-certified is becoming an increasingly mandated requirement for those hiring or buying services–and for good reason. Their code of conduct ensures the promotion of best cybersecurity practices, professional representation, responsible reporting, and so much more.

New Service: CIS Benchmark Audits

Through being CIS Security Controls-certified, our team at Packetlabs is now offering a new service: CIS Benchmark Audits.

A CIS Benchmark Audit achieves several important objectives related to cybersecurity and the overall security posture of an organization’s systems. 

CIS (Center for Internet Security) benchmarks are a set of best practices and guidelines for securing computer systems, networks, and cloud providers. A CIS Benchmark Audit has over 100 secure configurations across the following categories:

• Cloud providers (e.g., AWS, GCP, Azure, Oracle, Microsoft Office 365, Google Workspace)

• Operations systems (e.g., Windows, Unix)

• Server software (e.g., Web servers, Kubernetes, Databases)

• Mobile devices (e.g., Apple, Android)

• Network devices (e.g., Cisco, Palo Alto, Fortinet, Check Point)

• Desktop software (Microsoft Office, Web browsers)

Have confidence that your infrastructure and sensitive information are safe by checking the status of your organization’s security and compliance posture against CIS benchmarks.

How Are CIS Benchmarks Developed?

The CIS Benchmarks are prescriptive configuration recommendations for more than 25+ vendor product families. They represent the consensus-based effort of cybersecurity experts globally to help you protect your systems against threats more confidently.

The CIS Benchmarks Communities are made up of over 12,000 IT security professionals who participate in the consensus process to develop secure configuration recommendations.

These community-developed secure configuration recommendations orbit around hardening organizations' technologies against a wide range of cyberattacks. Mapped to the CIS Critical Security Controls (CIS Controls), the CIS Benchmarks elevate the security defenses for cloud provider platforms and cloud services, containers, databases, desktop software, server software, mobile devices, and more. Additionally, they also assist organizations of all sizes showcase compliance in accordance to a variety of industry regulations and frameworks.

As a rule of thumb, CIS Windows benchmarks will always cover the latest Windows build version within 90 days of a new Windows version release. As such, the CIS benchmark is designed to be used with all build versions up to that most recent version.

Other Penetration Testing and Assessment Options

Penetration testing is not one-size-fits-all.

At Packetlabs, our flexible offerings encapsulate:

• DevSecOps: DevSecOps is integrated early in your development cycle and acts as an extension of your development team to flag vulnerabilities within your existing detected management systems

• Red Teaming: Red Teaming is a full-scope simulated attack designed to get a holistic review of the level of risk and vulnerabilities across people, processes, and tech in an organization

• Purple Teaming: Purple Teaming is our collaborative testing exercise where the Packetlabs red team works with your internal security operations team (or blue team) to bridge the gap between offensive techniques and response efforts

• Cyber Maturity Assessments: A Cyber Maturity Assessment supports the tactical direction of your cybersecurity strategy. As the first step in strengthening your security posture, this assessment generates the roadmap to strengthen your overall security program

• OT Assessments: OT Cybersecurity Assessments simulate the likelihood of an attacker reaching the control centre from an external and internal perspective with production-safe testing

• Ransomware Penetration Testing: A ransomware penetration test evaluates the preparedness and risk of a ransomware attack and identifies gaps in people, processes, and technology, to determine the likelihood and readiness for a ransomware attack

• Cloud Penetration Testing: Multiple perspectives help with strengthening your security posture. These include Cloud Penetration Testing, which simulates an attacker in the environment, and a Cloud Penetration Review, which provides insights into cloud-specific vulnerabilities originating from an insecure configuration. Each of these services can be conducted separately or, for maximum effectiveness, combined as an enhanced cloud security bundle

• Objective-based Penetration Testing: Following a preliminary penetration test, objective-based testing conducts a more advanced simulated cybersecurity attack. The test is conducted by persistent ethical hackers who deploy multiphase attacks to gain access to your organization's data so that you can discover gaps and vulnerabilities unique to your organization and test your ability to detect and respond to threat actor

• Application Security Testing: More targeted in scope than a regular pentest, application security testing uncovers vulnerabilities residing in your web and mobile apps. Application Security Testing actively explores your application from an attacker’s perspective

• Infrastructure Penetration Testing: An infrastructure penetration testing assessment uncovers vulnerabilities in your IT and network systems and provides a tailored approach to each environment

These are in addition to the Packetlabs Portal, which enables you to quickly view findings, prioritize efforts, request retests after remediation, and monitor progress.

Experience CIS Security Controls-Certified Pentesting Services Today

At Packetlabs, our solutions orbit around one goal: strengthening your organization’s security posture. Our comprehensive, CIS Security Controls-certified CIS Benchmark Audits identify gaps in your golden images to allow for further hardening (alongside providing context-aware findings and guaranteeing security best practices.)

Ready to start? Reach out to our team today for a free, zero-obligation quote.