04. June 2010 · Comments Off on SANS Twenty Critical Controls · Categories: Palo Alto Networks, Security Management, Security-Compliance

An important part of Cymbel’s approach to IT Security and Compliance leverages the SANS Twenty Critical Controls for Effective Cyber Defense: Consensus Audit Guidelines (20CC). We have embraced 20CC for the following reasons:

  • Comprehensiveness – All the major critical IT Security functions are covered.
  • Credentials – The document was generated by a strong group of experienced security professionals from government and industry.
  • Concreteness – The document provides very specific recommendations.
  • Automation – Fifteen of the twenty controls are readily automated.
  • Metrics – One or more simple, specific, measurable tests are provided to assess the effectiveness of each recommended control.
  • Phases – Each of the twenty controls have sub-controls which can be implemented in phases. In fact, each control describes at least one “Quick Win.” This lessens the potentially overwhelming nature of other security models.
  • Brevity – The current version of the document is only 58 pages as compared to other approaches which are spread over multiple books.
  • Price – The document is free.

If there is any weakness to the 20CC, it’s the consensus nature of it. However, in our opinion this weakness is only reflected in its understandable unwillingness to recommend a solution that would inure to the benefit of a single manufacturer. This is particularly reflected in the “Boundary Defense” control which recommends stateful inspection firewalls and separate Intrusion Prevention Systems.

For boundary defense, Cymbel recommends the only next-generation firewall on the market – Palo Alto Networks. That’s not just us saying it. Gartner said it in its 2010 Enterprise Firewall Magic Quadrant.

I would love to hear your opinions on the SANS Twenty Critical Security Controls.

04. June 2010 · Comments Off on Cymbel’s new website launch · Categories: Security-Compliance

Today, we at Cymbel are launching our new website. The purpose of the new site is to better express our vision and mission as a company to our existing clients and to potential clients considering Cymbel to help them meet security and compliance objectives.

Cymbel is an IT Solutions Provider, 100% focused on security and compliance. We were founded in 2000 and have just entered our eleventh year in business.

I can boil down our mission to seven words – help our clients rethink defense-in-depth. We are witnessing major changes in technology, threats, the economy and our clients’ business needs and compliance requirements. Due to these changes, the traditional approach to defense-in-depth is simply not effective. We have developed a next-generation architecture focused on applications, users, and data.

I would like to remind readers that this site is a work in progress. We decided to launch today because we felt we were far enough along that our clients and potential clients would benefit. We will continue making improvements in content and infrastructure.

Finally, we made sure that it’s easy for you the reader to provide feedback to us. If you would like more information on a topic or product, or if you disagree with any of  our opinions, we would love to hear from you.