Go to content
logoNanitor
ALL

Cybersecurity

Leveraging Industry Standards for Security Hygiene

Derek Melber

Derek Melber

Chief Strategist

03.01.24

3 min read

Often, I see security solutions that are just “guessing” at what needs to be secured. Sure, there is knowledge, experience, and expertise behind the solution. However, when industry standards can be incorporated, it proves that the security solution is considering the massive expertise and analysis that has gone behind the security standardization and recommendations.  

At the core of a good Continuous Threat Exposure Management (CTEM) platform should be industry standards. Why? Mainly because it makes the most sense! Secondly, many compliance regulations require these industry standards and even frameworks are built on these industry standards.  

Industry Standards for Each CTEM Component 

With Gartner giving CTEM such emphasis in their “Gartner Top 10 Strategic Technology Trends for 2024” report, this is where many organizations should be spending their time to truly secure their environment. What Gartner does not clearly define is where the security analysis foundation should come from. That is where this blog comes in handy! 

  1. Vulnerability management – NIST has a feed for obtaining the latest and greatest vulnerabilities daily.

  2. Misconfigurations – CIS benchmarks are the ideal place to get industry proven and standards for all platform security settings and recommendations.  

  3. Patches – Microsoft, Apple, Cisco, etc. all have their own feeds for the latest info on patching their devices and systems.  

  4. Identity – Well, here is where there is no dedicated feed or list of what needs to be secured per identity platform. The good thing is that Microsoft, AWS, Google Cloud, and others do have suggested security for identities.  


Summary 

By using industry best practices, you have a fighting chance to protect your enterprise against the most common attacks, be better positioned to meet compliance regulations, and have a good security hygiene posture. Without industry standard security checks, it is the wild-west and the chances of getting breached is much greater.