CIS 18 Critical Security Controls®

Discover assets you don’t even know about and eliminate blind spots.

Anticipate potential cyber security attacks with audit preventive measures.

Get an instant cybersecurity audit across your entire network through valuable reports.

For the Data Protection control, all data on end-user devices must be encrypted. Lansweeper scans detailed information for both AD users and AD computers, including the BitLocker recovery key. BitLocker encrypts disk volumes to protect the data on them from being accessed in an offline mode. To access the drive again, the BitLocker recovery key is required. Thanks to the pre-made BitLocker Recovery Keys Audit report, you have a list of all AD computers with their BitLocker recovery keys at your disposal when you need them.

The CIS Benchmarks help you implement secure software and hardware configurations. A substantial number of recommendations such as Processes, Services, Shares, Registry settings, System settings, users, user groups, and BitLocker status can be checked and reported on within Lansweeper. This lets you check for any outdated software, unnecessary services, misconfigured DNS settings, settings for automatic session locking, unauthorized administrators, and much more. Since Lansweeper scans all Windows services, that includes your firewalls. Through event log scanning and alerts, Lansweeper can instantly inform you whenever any Firewall settings have been changed.

The core of the account management control is to establish and maintain an inventory of accounts. Using Active Directory, O365, Exchange, and local account scanning, Lansweeper provides a full inventory of all accounts, their groups, permissions, licenses, and all other AD details. Using Lansweeper’s built-in reports, you can easily find disabled AD accounts lingering around or accounts using simple O365 passwords. To maintain “the principle of least privilege”, Lansweeper tells you which users have local administrative rights on an asset-by-asset basis by showing all unauthorized administrators and controls who can manage your assets. Lansweeper itself also allows users to log in using SSO or, in Lansweeper Cloud, MFA.

CIS Control #6 calls for the implementation of SSO, MFA, and a role-based access control structure, in order to maintain the Principle of Least Privilege. Lansweeper allows you to sign in using SSO, so it can be centralized along with access credentials to any other enterprise assets and software you have. In Lansweeper Cloud it is possible to set up MFA, either by itself by using the built-in MFA configuration, or in combination with SSO. In that case, you can use the MFA options made available by your identity provider. Once logged in, the actions a user can take are defined by the role they have been assigned. Each role defined in the web console has its own set of access rights and permissions. In Lansweeper Cloud you can also define asset scopes, allowing you to configure precisely which assets a user can access.

Where software versions can be identified, Lansweeper’s Risk Insights and vulnerability reports verify whether the software has been updated with important security patches. The Risk Insights in the Lansweeper Cloud console provides you with an overview of all known vulnerabilities, drawn from the NIST Vulnerability Database, that could pose a threat to your network. Besides that, Lansweeper continuously publishes audit reports to address trending vulnerability issues such as PrintNightmare and PetitPotam, so you can easily assess whether a particular software-related vulnerability has been addressed. You can list the results in an audit report or dashboard, or set up email alerts to review the report output straight from your inbox. Thanks to the Asset Lifecycle Information in LS Cloud, you can also keep track of any assets that have gone end-of-life and need to be retired or replaced.

The wealth of event log information available in Lansweeper allows you to keep an eye on anything that might indicate a security risk. Although Lansweeper is not a full-fledged log management system, it automatically collects logs from Windows servers and desktops. Event logs can be selected by source and searched, reported, and exported. Built-in error log and user logon reports help identify inconsistencies within log data.

Only fully supported browsers and email clients should be allowed to execute in your environment and they must be at the latest version provided by the vendor. Just like with any other software, Lansweeper allows you to keep track of the version numbers of browsers and email clients. By regularly running reports on your version numbers, you can make sure they are kept up to date. Lansweeper also regularly creates reports for important updates or when browser versions go end-of-life.

Anti-malware software can help you protect your IT environment against disruptions. Lansweeper can in turn help you manage your anti-malware software in a centralized way through software scanning, making sure that you have the right software in the right place and it is up to date. By using file property scanning or registry scanning, you can also make sure that all anti-malware signatures are up to date and that autorun and autoplay are disabled for any removable media.

Keeping your network infrastructure up to date is essential to plugging and preventing any holes in your security profile. The asset lifecycle data in Lansweeper Cloud can help you keep track of any obsolete assets so they can be retired or replaced where necessary. As Lansweeper also scans any installed software versions, you can also keep an eye out for any software installs that still need to be updated to the latest stable release. All Lansweeper licenses now also come with a complementary Cloudockit license, that allows you to generate accurate architecture diagrams and technical documentation for your cloud environment.

Your network must be monitored and defended against security threats across the enterprise’s network infrastructure and user base. Lansweeper scans all Windows devices connected to your network for their security event logs. Event log alerts can then instantaneously warn you whenever a security event is scanned. Unlike report alerts, which run on a schedule, these event log alerts go out instantly. Lansweeper also integrates with some of the leading SIEM and SOAR tools in the industry, so that you always have the asset information you need at your fingertips, whenever you need to take action.