Today's Modern Workforce requires a different approach to Cybersecurity and securing workstations then it did just five years ago.

This is why CIS Safeguard 4.5 is so important, as it requires the implementation and management of a host-based firewall or port-filtering tool on end-user devices. It also requires a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.

The good thing is most default configurations like Windows Defender Firewall in Windows 10 will block everything unless there's an exception rule created - so by even just enabling the default configuration. The issue comes into play if you start customizing and forget to ensure there is still a default-deny rule placed in your custom settings.

The majority of the Remote Monitoring and Management Tools (RMMs) including Microsoft Intune provide the ability to configure these settings and most will alert you if the setting changes (if enabled).

I would recommend ensuring your Windows Defender Firewall with Advanced Security log is enabled and configured so you can have a historical record of when the firewall was disabled/enabled/etc. Tools like Netwrix Corporation or Liongard may provide you a third-party method of tracking these changes as well.

The historical record is important as you want to be able to prove to an auditor that you have the policy and automation setup to establish the firewall, but also the historical records showing it continues to stay active and protecting your end users.

I want to personally thank you for following along and if you learned something new or found this content to be valuable please like and share. Since I have started this journey I am seeing more education around CIS Security and its framework throughout the industry.