CIS Benchmarks for VMware Carbon Black Workload
We are excited to announce the general availability of CIS Benchmarks for Carbon Black Workload. This feature will help enterprises measure and report compliance of organizational workload assets against industry standard benchmarks published by CIS.
Quick Snapshot
Prerequisites
- VMware Carbon Black Workload
Use Cases
- Evaluate compliance against security best practices
- Apply best practices to secure systems and data
- Harden specific OS, middleware, applications, and network devices
- Investigate non-compliant assets
- Operationalize compliance reporting
Benefits
- Implement expert cybersecurity guidelines
- Review standard benchmarks for Windows servers
- Meet security compliance against CIS Benchmarks
- Evaluate CIS compliance
- Increased visibility for non-compliant assets
- Remediate known issues
The Center for Internet Security (CIS) publishes CIS Benchmarks, a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses and data. These best practices are focused on the secure configuration of a target system. There are more than one hundred CIS Benchmarks that span across more than twenty-five vendor product families. CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia. Organizations implement CIS Benchmark guidelines to limit configuration-based security vulnerabilities in their digital assets.
While the benchmark sets are excellent guidelines developed by consensus amongst industry experts, they need to be curated to an organizations desired configuration sets and then compliance be measured against organizational assets including hosts, virtual machines, workloads and appliances. There are two types of CIS Benchmarks including Level 1, which have a direct security benefit to the organization, and Level 2 which provides defense-in-depth but may inhibit certain product features.
CIS Benchmarks Key Capabilities and Benefits
The goals for this feature include helping enterprises meet their security compliance against CIS benchmarks, evaluating “hardening status” of the compute infrastructure in on-prem vSphere environments from the Carbon Black Cloud console, and provide an effortless way to evaluate CIS compliance, view/report/notified on non-compliance issues and have a path for remediating any known issues.
Create Curated Configuration Sets
Utilize the latest benchmark set for the windows server platform and curate one or more configuration sets that can be used to evaluate assets within your organization. Curation can help organizations arrive at optimal compliance checks against their organizational assets.
Evaluate Compute Assets Against Curated Configuration Sets
Evaluate CIS benchmark compliance for the operating systems running on on-prem and virtual machines using the Carbon Black Cloud console. Trigger a CIS scan or view automated scan results in the CIS dashboard. Provide Level 1 curated CIS checks for the following software:
- Windows Server 2022, 2019, 2016, 2012R2, 2012
Evaluate On-prem Virtual Machines Against CIS Benchmarks
Evaluate CIS benchmark compliance for the operating systems running on on-prem virtual machines using the Carbon Black plugin in the vSphere client. Trigger a CIS scan or view the automated scan results in the CIS dashboard. Provide Level 1 curated CIS configuration set checks for the operating systems listed above.
View CIS Benchmark Compliance Metrics
View CIS Benchmark Score for all assets assessed in the form of percentile. Dashboard view of total number of CIS compliance checks evaluated and total number of assets in compliance/non-compliance.
Investigate Non-Compliant Assets
Assets that are not compliant can be investigated and reported on.
To learn more about this feature and other updates with Carbon Black, check out our release notes here.