January 23, 2023

CIS Benchmarks for VMware Carbon Black Workload

We are excited to announce the general availability of CIS Benchmarks for Carbon Black Workload. This feature will help enterprises measure and report compliance of organizational workload assets against industry standard benchmarks published by CIS.

Quick Snapshot

Prerequisites

  • VMware Carbon Black Workload
     

Use Cases

  • Evaluate compliance against security best practices
  • Apply best practices to secure systems and data
  • Harden specific OS, middleware, applications, and network devices
  • Investigate non-compliant assets
  • Operationalize compliance reporting

Benefits

  • Implement expert cybersecurity guidelines
  • Review standard benchmarks for Windows servers
  • Meet security compliance against CIS Benchmarks
  • Evaluate CIS compliance
  • Increased visibility for non-compliant assets
  • Remediate known issues

    The Center for Internet Security (CIS) publishes CIS Benchmarks, a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses and data. These best practices are focused on the secure configuration of a target system. There are more than one hundred CIS Benchmarks that span across more than twenty-five vendor product families. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia. Organizations implement CIS Benchmark guidelines to limit configuration-based security vulnerabilities in their digital assets. 

    While the benchmark sets are excellent guidelines developed by consensus amongst industry experts, they need to be curated to an organizations desired configuration sets and then compliance be measured against organizational assets including hosts, virtual machines, workloads and appliances. There are two types of CIS Benchmarks including Level 1, which have a direct security benefit to the organization, and Level 2 which provides defense-in-depth but may inhibit certain product features. 

    CIS Benchmarks Key Capabilities and Benefits

    The goals for this feature include helping enterprises meet their security compliance against CIS benchmarks, evaluating “hardening status” of the compute infrastructure in on-prem vSphere environments from the Carbon Black Cloud console, and provide an effortless way to evaluate CIS compliance, view/report/notified on non-compliance issues and have a path for remediating any known issues. 

    Create Curated Configuration Sets 
    Utilize the latest benchmark set for the windows server platform and curate one or more configuration sets that can be used to evaluate assets within your organization. Curation can help organizations arrive at optimal compliance checks against their organizational assets. 

    Evaluate Compute Assets Against Curated Configuration Sets 
    Evaluate CIS benchmark compliance for the operating systems running on on-prem and virtual machines using the Carbon Black Cloud console. Trigger a CIS scan or view automated scan results in the CIS dashboard. Provide Level 1 curated CIS checks for the following software: 

    • Windows Server 2022, 2019, 2016, 2012R2, 2012    

    Evaluate On-prem Virtual Machines Against CIS Benchmarks 
    Evaluate CIS benchmark compliance for the operating systems running on on-prem virtual machines using the Carbon Black plugin in the vSphere client. Trigger a CIS scan or view the automated scan results in the CIS dashboard. Provide Level 1 curated CIS configuration set checks for the operating systems listed above. 

    View CIS Benchmark Compliance Metrics 
    View CIS Benchmark Score for all assets assessed in the form of percentile. Dashboard view of total number of CIS compliance checks evaluated and total number of assets in compliance/non-compliance.  

    Investigate Non-Compliant Assets
    Assets that are not compliant can be investigated and reported on. 

    CIS Benchmarks Compliance View

     

    To learn more about this feature and other updates with Carbon Black, check out our release notes here.

      Filter Tags

      Workload Blog

      Hannah Roy

      Read More from the Author

      Hannah Roy is an experienced security storyteller with a wide knowledge of the market, particularly workloads, containers and Kubernetes security. Through 5+ years with Carbon Black, she has brought customer stories to life and helped educate GTM teams on the value Carbon Black brings to the market. Hannah is currently a Product Marketing Manager for Carbon Black’s Cloud Workload Protection team.