The cybersecurity landscape is witnessing a phenomenon that has come to be known as the “Great Resignation” among Chief Information Security Officers (CISOs). The challenges faced by CISOs in coping with ever-increasing regulations, compliance mandates, and the need for skilled resources have reached a tipping point. Coupled with a lack of cooperation from the C-suite, these factors have led to a surge in burnout among CISOs.

The Center for Internet Security (CIS) team continuously release updates about cybersecurity best practices for new technologies. As of March 2023 all CIS Windows Server and Windows Workstation Benchmarks will be updated once a year to align with Microsoft’s update schedule. Major version updates that CIS will release (i.e., updating from v1.12.0 to v2.0.0) will account for significant changes in the operating system.

CIS Critical Security Control, known now as CIS Controls have recently been updated and revised in the CIS Controls v8 released by the Center for Internet Security (CIS). The CIS Controls are a collection of industry-recognized best practices for businesses dealing with data security risks. Such measures were created to make things easier and keep the IT operations and security teams attention on crucial tasks. In v8, CIS changes a little the perspective around baseline security and system hardening.

The CIS Critical Security Controls (CIS Controls) created by the Center for Internet Security (CIS) offer a set of best practices and recommendations that address key areas of system security, such as secure configurations, access controls, and vulnerability management. By following the CIS Controls, organizations can systematically strengthen their systems, reduce the attack surface, and mitigate common security risks.

Transport Layer Security 1.0 (TLS 1.0) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as HTTPS, SMTP, POP3, and FTP support TLS. Disable TLS 1.0 is a critical task for security and compliance.

In the ever-evolving landscape of cybersecurity, organizations strive to safeguard their systems and data against emerging threats. Amidst this pursuit, CIS Benchmarks emerge as an indispensable resource, offering a wealth of knowledge and practical recommendations. But what exactly are CIS Benchmarks, and why are they highly regarded across industries?

Hardening the “RDS: Do not allow clipboard redirection” settings is a fundamental step in server hardening. Hardening servers can be a painful procedure. Hardening remote services such as RDS is one of the most critical operational components when hardening servers as it have immediate impact on user and application functionality. Endless hours, and resources are invested in this process. However, despite the efforts, hardening often causes damage to production server environments.

NTLM authentication is a legacy protocol used to authenticate users and computers in Windows-based networks. Despite the availability of newer and more secure protocols, NTLM is still widely used and required for deploying Active Directory, a crucial component of Windows-based networks. This is because NTLM is deeply ingrained in the Windows architecture, making it difficult to disable without causing damage to production systems.