Baselining helps to apply a uniform level of security throughout your infrastructure. Baselining can be very beneficial to improving your security posture, as it enables you to have a reference point with regards to your security installations. This includes applying the minimum and uniform level of security across the board and then, based on priority, applying greater security measures to more sensitive systems.

How do you start with a baseline?

One of the easy ways to start when you are new to security is to look at several compliance frameworks and adopt the recommended best practices for security. Some of these frameworks can help you start your journey of securing your crown jewels. These include

NIST Cybersecurity Framework: A framework for managing cybersecurity risk. It provides a set of best practices for identifying, protecting, detecting, responding to, and recovering from cybersecurity threats.

ISO 27001: An international standard for information security management. It provides a framework for managing information security risks and implementing controls to mitigate those risks.

SANS 20 Critical Security Controls: A framework for managing cybersecurity risk. It provides a set of best practices for implementing security controls to mitigate cybersecurity threats.

Getting to the heart of the matter is using a benchmarking framework by the Centre for Internet Security (CIS). The CIS benchmark is considered the industry standard for securing networks and systems. It provides the following guidelines and best practices.

Configuration guidelines: Guidelines for setting up network devices, operating systems, and applications.
Security controls: Instructions for putting security measures like encryption, intrusion detection systems, and firewalls into practice.
Vulnerability management: Suggestions for finding and fixing vulnerabilities, such as vulnerability scanning and patch management.
Guidelines for detecting, containing, and eliminating security incidents are outlined in incident response.

The configuration guidelines provided by the CIS benchmark are more than sufficient in building a baseline to provide the minimum level of security to be applied across the board in your organizations. Three control categories provided by the CIS benchmark are.

Basic Security Controls: Recommendations for implementing basic security controls, such as configuring firewalls and implementing antivirus software.
Foundational Security Controls: Guidelines for implementing foundational security controls, such as configuring access controls and implementing encryption.
Organisational Security Controls: Recommendations for implementing organisational security controls, such as developing a security policy and establishing a security awareness program.

These configuration guidelines are used in building default configurations, golden images, and startup configurations to ensure that your entire digital estate has a uniform minimum configuration. This will improve your security posture and ensure that the minimum default is applied across the board.

Baselining can give you the following advantages:

– Simplifying your security implementation: for instance, having a hardened golden image with all security tools installed can help you avoid leaving some systems unprotected.
– Anomaly Detection. When you have a baseline for your traffic patterns and know what normal looks like, it will be much easier to detect anomalies in your environment.
– Baseline can help you automate some processes. Your detection capabilities can be enhanced by automating the known to flag the unknown.