Zenitel Cybersecurity Hardening Guide
Meeting Cybersecurity risks head on
Every new system, application or network service added comes with potential security vulnerabilities, making cyber protection increasingly more difficult and complex. By confronting the serious network security risks pragmatically, you can reap the benefits while minimizing those risks. To accomplish this, you need a solid cybersecurity plan and the resources to execute it. Handling cybersecurity risk reduction up front typically takes less resources than having to clean up after avoidable cyber attacks.
When planning it is vital that you consider and understand what is critical for your company and the system and solutions you use. From there, you can plan, implement and manage your cybersecurity defense.
Zenitel has developed this Cybersecurity Hardening Guide to help you approach your planning, based on the CIS (Center for Internet Security) Controls. It combines our experience applying best practices developed by CIS to support end users and integrators to build a good cyberdefense.
CIS - Center for Internet Security
CIS (https://www.cisecurity.org/) is a forward-thinking nonprofit entity that harnesses the power of the global IT community to safeguard private and public organizations against cyber threats. Its CIS Controls and CIS Benchmarks are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continually refined and verified by a volunteer global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial governments.
Zenitel - CIS SecureSuite member
Zenitel is proud to be a CIS SecureSuite member. Through this membership, we are further bolstering our cybersecurity defenses by leveraging CIS SecureSuite resources that include CIS Benchmarks, consensus-based, internationally recognized security configuration resources, including CIS-CAT Pro, and CIS Controls, a set of cyber practices, developed by experts around the world, to stop today’s most pervasive and dangerous cyber attacks.
CIS Critical Security Controls
CIS has developed the CIS Critical Security Controls for Effectve Cyber Defense, Version 6.1, a prioritized list of highly focused actions you can follow to protect and defend your company against cyber threats. These Controls have been developed after studying actual attacks and effective defenses and have been developed, refined and validated by a community of leading global experts. They align with and map to all the major complicance frameworks, such as NIST Cybersecurity Framework, NIST guidelines and the ISO 27000 series, as well as regulations including PCI, DSS, HIPAA, NERC CIP and FISMA.
Foundational Cyber Hygiene
Developing a strong foundation CIS Controls 1-5 are what CIS refers to as ‘Foundational Cyber Hygiene’ - the basic things you must do to create a strong foundation for your cyberdefense. A number of studies show that implementation of the first 5 CIS Controls provides an effective defense against the most common cyber attacks (~85% of attacks).
In CIS’s view, it is also vital to make a formal, conscious and top-level decision to integrate the CIS Controls within any organization’s standard for cybersecurity. Senior management and the Board of Directors must also be onboard for support and accountability, calling for implementation of the first 5 CIS Controls in their organizations, as a minimum requirement.
Based on best practices, you should be able to answer:
- Do you know what is connected to our systems and networks (CIS Control 1: Inventory of Authorized & Unauthorized Devices)
- Do you know what software is running (or try to run) on our systems and network? (CIS Control 2: Inventory of Authorized & Unauthorized Software)
- Are we continuously managing our systems using ‘known good’ configurations? (CIS Control 3: Secure Configurations for Hardware & Software on Mobile Devices, Laptops, Workstations & Servers)
- Are we continuously looking for and managing ‘known bad’ software? (CIS Control 4: Continuous Vulnerability Assessment & Remediation)
- Do we limit and track the people who have administrative privileges to change and bypass or to override our security settings? (CIS Control 5: Controlled Use of Administrative Privileges)
More information about the CIS Critical Security Controls framework can be found at http://www.cisecurity.org/critical-controls.cfm.
Download the Zenitel Cybersecurity Hardening Guide
At Zenitel, we know that strong cybersecurity controls are essential to keeping your communications systems safe and operational. This is why we want to increase awareness of the risks - and the steps you can take to protect them from harm.
We have a new web zone devoted to cybersecurity that also provides download access to our new Hardening Guide.
“This is good and helpful to lead the industry. Each manufacturer needs this guide for customers/integrators” - Dylan Hayes, CPP, CHPA, Physical Security Program Manager, Seattle Children’s Hospital.
“Cyber Security of Physical Security systems is an issue that all integrators should be addressing with their suppliers. Zenitel is setting a very high bar for the rest of the industry. In taking the lead, they are helping integrators with a clear concise hardening guide.” - Jeffrey A. Slotnick CPP, PSP President, Setracon Inc.
“The Zenitel Cyber Hardening Guide lays out a cybersecurity plan meant specifically for Vingtor-Stentofon systems, but that can also help to educate clients and integrators on what types of things to be thinking about for securing their other systems as well.”- Aronson Security Group (ASG), a Security Risk Management Services (SRMS) provider.