Focus your initial security control creation on high-impact assets and undetected technologies to achieve an optimal level of visibility into your internet-facing environments. Instead of modeling every implemented security measure focus instead on the top ten list of controls that fit the following criteria:
High-Impact: Controls protecting your most critical, internet-facing applications (for example, the Network Gateway Firewall for your primary e-commerce site, the Security Agent solution for your production workloads).
High-Noise: Controls that suppress the largest volume of low-to-medium-priority findings (for example, a host-based firewall that blocks certain ports).
Once you have identified the top ten measures you would like to classify as Security Controls, follow the steps below to manually classify them:
Navigate to → → and select Create Security Control.
Enter the required details in the New Security Control panel. Learn more about all the available options for the Control Category and Control Type fields.
Click on the applicable technology Vendor from the drop-down list.
Select an Associated Asset from the drop-down for all agent-based workloads. As a best practice associate each control with one or more Asset Groups. New assets added to a group will have the Security Control automatically applied to it after the initial Discovery period.
Note
Discovery and Security Control application for new and updated assets may experience some latency.
Select a Provider from the drop-down list of cloud service providers.
Choose Associated Networks when asset-level identification is not possible. Use this option to map controls to on-prem data center subnets or entire cloud VPCs/VNets that you know are protected by a single perimeter control. The network objects are drawn from cloud V-Nets (Azure, EC2, Google).
Click Save to complete the Security Control creation process.