Uptycs for CIS Compliance
We can help you meet the universally accepted configuration benchmarks provided by the Center for Internet Security.
Visibility & Validation
Uptycs makes demonstrating compliance easy and provides thorough asset visibility.
-
See into any given asset’s security posture, provenance, and prevalence
-
Gain live and historical access to processes, files, certificates, and other attributes
-
Benefit from comprehensive live audit support
Measurable Compliance Posture
Gain detailed compliance posture information to make identifying non-compliant assets much simpler.
-
View customizable dashboard visualizations of compliance posture
-
Identify where you need to target your remediation efforts
-
Drill down into non-compliant assets to get associated evidence and remediation guidance
-
Instantly see the latest failed configuration checks, most non-compliant resources, time to resolve non-compliance, and much more.
-
Integrations with Splunk, ServiceNow and other ticketing & SOAR systems
Requirements and Controls
Set your security controls to meet compliance requirements while also making security-forward decisions to level up your defense arsenal.
-
Leverage telemetry-powered behavioral detection, including IDS, to spot IoCs and IoBs and see them mapped to MITRE ATT&CK
-
Get multi-method malware detection including YARA scanning and integration with third-party file reputation databases
-
Utilize FIM for directories and files, with out-of-the-box sensitive folder and file detection
-
Establish policy baselines and receive comprehensive monitoring, alerting and reporting on anomalous events
-
Harness the power of lateral movement detection to see exactly how a threat attempts propagation within your network
CIS Benchmark Capabilities of Uptycs Unified CNAPP and XDR
Explore the full list of capabilities that support your CIS compliance requirements
Asset Inventory Audit
Instant visibility into security posture of an asset
Read More
Asset Inventory Audit
- Instant visibility into security posture of an asset
- Random asset selection at scale for auditing with comprehensive insight support
- Asset provenance: serial, h/w, configs, users, network, inventory, detections, certificates and compliance
- Asset prevalence: Rare startup, paths, packages, users, access and processes as % of cohort
- Asset prevalence: Comparison of asset vs cohort: users, shell access, compliance failures and more
- Live and historical access to: processes, files, certificates and more attributes and artifacts
- Comprehensive Live Audit support
CIS Audit
OS distribution Independent and distro dependent benchmarking and audit
Read More
CIS Audit
- OS distribution Independent and distro dependent benchmarking and audit
- Over 200 comprehensive checks for rich audit
- Customizations for scoring, exclusion, parameterization of audit benchmark
- Inline CIS definitions and prescriptions
- Evidence capture from each run
- High fidelity and light weight telemetry-based continuous compliance and monitoring
- Telemetry-based live and continuous audit and compliance
- High speed audits to support 24x7 monitoring
- Structured audit and results to find problems and improve security hygiene
Custom Audit & Compliance
Granular and customizable checks
Read More
Custom Audit & Compliance
- Granular and customizable checks
- Configuration support for scoring, parameterization of checks
- Composable checks that span multiple standards (PCI, SOC, etc.)
- Recompose checks to create custom audit and compliance standards
- Captured structured evidence
- Established golden baselines
- Integrations with Splunk, ServiceNow and other ticketing and SOAR systems
- Custom Alerts, Reports, Dashboards
Audit Support Services
Customer partnership to establish controls
Read More
Audit Support Services
- Customer partnership to establish controls
- Proactive, reactive and predictive controls
- Audit preparation by helping customer with their preparatory checklist
- Customer collaboration: Team extension
- Customer collaboration: Surface evidence
- Customer collaboration: Live visibility
- Customer collaboration: Established provenance and efficacy of controls
- Custom alerts, reports and dashboards as necessary
- Full and comprehensive report for customer engagement
Behavioral Detection (IDS)
Comprehensive system behavior based detection
Read More
Behavioral Detection (IDS)
- Comprehensive system behavior based detection
- Telemetry-powered Behavioral Detection functionality, including IDS
- Lambda Analytics correlation for event and alerts
- Login, Sessions, Process activity detection
- Commands, Sockets, DNS, Files and more
- Behavioral (Indicators Of Behavior - IOB) detection
- Compromise (Indicators Of Compromise - IOC) detection
- Configurable and Customizable
- IOB’s and IOC’s mapped to MITRE ATT&CK
Malware Detection
Multi-method malware detection
Read More
Malware Detection
- Multi-method malware detection
- VirusTotal integration and correlation
- 3 rd party File reputation database integration
- Live YARA scan for 100’s of signatures at process launch
- On-demand YARA scan of File and related carving
- On-demand YARA scan of Process/Memory and related carving
- YARA scan triggered by File Integrity Monitoring
- Process has baselining and correlation
File Integrity Monitoring
FIM for directories and files
Read More
File Integrity Monitoring
- FIM for directories and files
- Out-of-box sensitive folder and files detection
- Read, Write, Exec, Modify
- Multi-method correlation – system based and file system based
- Deep sys-call integration for change attribution and chaining
- Rapid inotify monitoring for micro-VM deployments
- Policy, baseline, monitoring, alerting, reporting
- Regulatory compliance such as PCI, SOC 2, HIPAA, NIST
- Comprehensive exclusion filters and policies to reduce noise
- Auto YARA scan based on FIM triggers
Network Detection
DNS capture and reputation correlation
Read More
Network Detection
- DNS capture and reputation correlation
- HTTP/HTTPS capture and correlation
- JA3 and JARM hash computation and reputation correlations
- JA3/JARM lookup alerts and baselining
- System socket API telemetry
- Lateral movement detection
- Logon activity and correlation with network
- Syslog capture and detection of network activity
Baseline & Outlier Detection
Baselines created and collected across multiple dimensions
Read More
Baseline & Outlier Detection
- Baselines created and collected across multiple dimensions
- Logins, Paths, Hash, Sockets and many more attributes
- Establish baseline based on 30,60,90, 180 days or more of historical telemetry
- Compared real-time activity against baseline
- Event and Alert correlation for process, logins, shell cmd’s, process hash, sockets and more
- Detect potential outliers based on historical baseline deviations
Vulnerability Detection
Continuous ingestion: Asset inventory and software packages
Read More
Vulnerability Detection
- Continuous ingestion: Asset inventory and software packages
- Continuous ingestion: Asset configuration and asset audits
- Continuous ingestion: Vendor provided security bulletins
- Continuous ingestion: CVE’s and other known sources of vulnerabilities
- Continuous ingestion: CIS and similar audit benchmarks
- Continuous Analytics: Correlation of software inventory with vendor provided security bulletins to surface software vulnerabilities
- Continuous Analytics: Correlation of asset audit and config checks to surface configuration vulnerabilities
- Standardized measurable outcomes based: CIS, CVE/CVSS/NVDB
