Lumeta & the CIS CSC

The Center for Internet Security (CIS) Critical Security Controls (CSC) for Effective Cyber Defense [formerly known as the SANS 20 Critical Security Controls] are a ‘best practices’ recommended set of actions that provide specific and actionable ways to prevent today’s most pervasive and dangerous cyber attacks. They are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state – designed to protect your network from unauthorized access and from being exploited by stopping attacks early, stopping multiple attacks, and decreasing the impact of any cyber incidents through rapid response.


Download the latest SANS poster: “Monitoring and Measuring the CIS Critical Security Controls” (Products and Strategies for Continuously Monitoring and Improving Your Implementation of the CIS Critical Secrity Controls)


Controls CSC 1 through CSC 5 are essential to success and should be considered among the very first things to be done. They are referred to as “Foundational Cyber Hygiene” – the basic things that you must do to create a strong foundation for your defense.

Lumeta’s Network Situational Awareness solutions currently address 9 of the CIS Critical Security Controls.

Lumeta IPsonar is a SANS user-vetted tool for the foundational Critical Security Control 1 – Inventory of Authorized and Unauthorized Devices – where government agencies & commercial enterprises can use Lumeta to:

  • Discover, index and map the entire enterprise, including Layer 2 and 3 topologies, down to the host level
  • Identify unknown and unauthorized networks, connections and devices
  • Extend data to down-stream security solutions for remediation

Lumeta IPsonar is also a SANS user-vetted tool for Critical Security Control 9 – Limitation and Control of Network Ports, Protocols, and Services – where organizations can use Lumeta to:

  • Find vulnerable ports – ports which should be non-responsive but are actually responding

Additional Critical Security Controls that Lumeta addresses are:

  • Critical Security Control 4 – Continuous Vulnerability Assessment and Remediation
  • Critical Security Control 8 – Malware Defenses
  • Critical Security Control 11 – Secure Configuration for Network Devices such as Firewalls, Routers, and Switches
  • Critical Security Control 12 – Boundary Defense
  • Critical Security Control 15 – Wireless Access Control
  • Critical Security Control 19 – Incident Response and Management
  • Critical Security Control 20 – Penetration Tests and Red Team Exercises

The full lists of Lumeta findings mapped to the CSC they address are below:

Meeting the Top Critical Security Controls:

Recursive Network Indexing - Problems Identified

Detecting Incidents Causing Breach:

Detecting Incidents Causing Breach





To learn more, please watch our on-demand webinar discussing how Lumeta’s Network Situational Awareness solutions address the SANS Top 20 Critical Security Controls. (Please note: This webinar was recorded prior to the Controls’ move from SANS to CIS. Stay tuned … we will hold a new, updated webinar in 2016.)