Cybersecurity professionals jobs would be much easier if configurations stayed put once they were aligned to a known and secure baseline state. Unfortunately for them, configurations naturally deviate from their once-secure state over time as system changes take place. This issueknown as configuration driftmeans the more time its been since your most recent scan, the less confident you can be about the exposure of your attack surface.
What kinds of changes lead to configuration drift? Product improvement being a never-ending project, application owners are regularly modifying apps and infrastructure to improve end-user experience. Some of these changes are harmlesswhile others push systems away from their secure baseline to dangerous effect.
Configuration security is one of the foundational elements required to build an effective defense against cyberattacks. From a policy point of view, establishing secure configurations sets you off to a good start (using CIS-hardened images, for example). However, maintaining them can be much more of a challenge.
Taking a look at a few concrete examples can help illustrate how easy it is for configuration drift to occur. Quick fixes that seem harmless at first glance can prove prohibitively hazardous. In other cases, the struggle lies in communicating evidence of a changes acceptability to auditors.
1. Introducing new ports
Lets say theres an innovative approach to improving an apps customer experience. One of the steps of implementing this approach is opening a new communication port for proprietary protocol use. The business team initiates a change ticket. They find the app working impeccably once the new port is opened on the servers and firewalls.
When its time for a security audit six months later, auditors point to this undocumented open port as a substantial issue because it doesnt match the security policy. Now the security team must spend a great deal of time attempting to trace back to the change in question and assess the acceptability of the associated risk. Even if the risk is deemed acceptable given the context, it took auditors too long to get adequate information to make this determination.
When security teams track configuration drift and document modifications to the known hardened baseline, its much easier to provide audit evidence without misusing valuable time.
2. Privilege escalation
Escalated privileges are one way IT professionals can introduce a lot of risk to their systems unknowingly. For example, if an app developer logs into a single server repeatedly, they might want to cut a corner by adding the users group to the user rights categories they need for added convenience.
This way, they can bypass the special admin credentials required to make a production change. Checking out admin credentials from the password vault can be time-consuming, and the developer is likely to think that its not a huge risk since its a single server as opposed to an entire domain.
However, privilege escalation for even a single server can prove riskier in terms of configuration drift than the added convenience is worth. Now, the security teams wont be able to know what has occurred until the servers next manual audit.
3. Cloud storage
Using a public cloud provider requires that youre fully aware of which security responsibilities are your own and which fall under the purview of the provider. Amazon Web Services (AWS) blocks all public access by default when a user creates a new bucket. This is advantageous from a security perspective, but it could be seen as a hindrance to efficiency by the IT team.
To streamline certain IT operations, this automatic block setting might be a tempting one to disable. This might be done by IT at the point of set-up, or it could occur around a temporary use case and be quickly forgotten without being switched back to the default setting. This could also be the result of a mistake in an automated script.
Whatever the reason, changing bucket access settings can create the type of configuration drift that leaves organizations highly vulnerable to a breach. Following security configuration management (SCM) best practices helps offset these types of risks. But more even important than establishing these processes is continuously monitoring them for drift from their approved configuration state.
There is a world of Secure Configuration Management guidance out there, but lets look at configuration management from a maturity model perspective. Depending on the maturity of your organizations security program, you may be in the manual, scanning, or near-real time state of configuration management maturity.
1. Manual configuration monitoring
Manual configuration monitoring is a major time drain, leading teams to avoid doing it on a regular cadence when other priorities seem more pressing. This can then lead to systems being left unwatched until a detected compromise gets someones attention or its time for a routine upgrade.
Compliance regulations mean that a subset of these systems may be included in the scope of an audit due to compliance requirements. When this is the case, security teams often try limiting the number of systems to be included in the audit. Then, only the non-compliance of those particular systems will be acted upon if detected during an audit (leaving other systems potentially exposed).
2. Using a solution that scans for compliance
The next level of configuration management maturity is using a solution that automatically scans for compliance at scheduled intervals. This is not nearly as tedious as the previous stage of maturity, but it does still require a hefty amount of interaction to create administrative credentials for the tool to scan with, as well as someone to schedule or run the scans when required and remediate the results. This is typically done once a month or once a quarter to try to get ahead of the audit process.
Similarly to the previous stage, this stage can be limited in terms of which systems are covered by the processscans may be limited within a compliance zone. The systems outside that zone can become left behind and only checked when compromise or the need for an upgrade takes place.
The Center for Internet Security (CIS) advises in Critical Security Control #5 that all systems need to be provisioned with secure configurations and that configurations need to be maintained on an ongoing basis as changes occur over time.
3. System monitoring in near-real time
The next level of maturity is reached when the scanning process is closer to real-time rather than intermittently scheduled scans. This requires the provisioning of a lightweight agent for system monitoring without the requirement login credentials or OS auditing. The agent must be deployed on all systems via embedding into images or inclusion into processes of automated tools like Puppet or Chef.
When new changes occur that result in configuration drift, a remediation process can be initiated. One example of this is the automated creation of incident tickets or alerts sent to the security operations center (SOC) over the security incident and event management (SIEM) tool. Organizations like CIS offer proven guidelines for system configurations that actively reduce your attack surface, called benchmarks.
CIS recommends tracking the following metrics to accurately measure this data:
1. What is the percentage of business systems that are not currently configured with a security configuration that matches the organizations approved configuration standard ?
2. What is the percentage of business systems whose security configuration is not enforced by the organizations technical configuration management applications (by business unit)?
3. What is the percentage of business systems that are not up-to-date with the latest available operating system software security patches?
4. What is the percentage of business systems that are not up to date with the latest available business software application security patches?
5. What is the percentage of business systems not protected by file integrity assessment software applications?
6. What is the percentage of unauthorized or undocumented changes with security impact?
Avoiding configuration drift is an ongoing process, and one in which you can raise your organizations configuration management maturity level steadily over time to optimize for maximum effectiveness and efficiency. Benchmarks from organizations like CIS are a great focus for security and business teams to collaborate around so that configuration drift is altogether avoided or remediated swiftly.
Tim Erlin, VP, Product Management & Strategy, Tripwire
See the original post here:
Proven ways to stay ahead of configuration drift - ITProPortal
- Cyber security and the Internet of Things - Lexology - November 16th, 2020
- Save over $6,400 off this Complete InfoSec & Business Continuity Bundle - Neowin - November 16th, 2020
- Official Government Cybersecurity Guidance Offers Six Focus Areas for Banks of All Sizes - Lexology - November 16th, 2020
- Internet Security Audit Market is Expected to Exhibit an Upward Growth Trend Across Widespread Verticals | Affluence - The Think Curiouser - November 16th, 2020
- Internet Of Things Security Market 2020: Global Opportunities, Regional Overview, Top Leaders, Size, Revenue and Forecast up to 2020 2026 - The Daily... - November 16th, 2020
- Internet of Things (IoT) Security Technology Market Size 2020 | Opportunities, Regional Overview, Top Leaders, Revenue and Forecast to 2027 -... - November 16th, 2020
- 6 security shortcomings that COVID-19 exposed - CSO Online - November 16th, 2020
- iboss Named Finalist for Best Network Security Solution in the 2020 ASTORS Homeland Security Awards - PR Web - November 16th, 2020
- Microsoft: Move Away From Phone-based Multi-factor Authentication - TechDecisions - November 16th, 2020
- Global Cable Operator Markets, 2020-2025 by Technology, Residential Services (Wireless, Internet, Entertainment, Security, Home Automation, and IoT... - November 16th, 2020
- Why fintech security must never be an afterthought Wall Street Call - Reported Times - November 16th, 2020
- Global Internet Security Market Share, Quantitative Analysis, Drivers & Restraints, Future Trends and Forecast Research Report 2026 by Global... - November 10th, 2020
- Internet Security Software Market Size, Share, Types, Products, Trends, Growth, Applications and Forecast 2020 to 2027 - TechnoWeekly - November 10th, 2020
- How the Internet of Things Security Infrastructure in India can be improved? - Analytics Insight - November 10th, 2020
- Global Internet of Things Security Market 2025 Potential Scope for Growth in This Pandamic: Check Point Security Software Technologies, Cisco Systems,... - November 10th, 2020
- What is a RAT? How remote access Trojans became a major threat - CSO Online - November 10th, 2020
- China's largest hackathon sees Windows 10, iOS 14, Chrome, and more hacked - TechSpot - November 10th, 2020
- How governments, companies can address evolving needs of increasing tech-savvy Filipinos - Philstar.com - November 10th, 2020
- Global IT Security Market 2020 Growth Potential, Production, Revenue And COVID-19 Impact Analysis 2025 - The Think Curiouser - November 10th, 2020
- Internet of Things (IoT) Security Market Will Generate Massive Revenue In Future A Comprehensive Study On Key Players - TechnoWeekly - November 10th, 2020
- Global Internet Security Market 2020 | Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Top Companies:... - November 8th, 2020
- Misinformation, not vote tampering, is our most critical election threat - SecurityInfoWatch - November 8th, 2020
- Top 7 Ways to Hide Your IP Address in 2021 - Techstory - November 8th, 2020
- Internet Security Software Market Current and Future Trends, Leading Players, Industry Segments and Regional Forecast By 2029 - Eurowire - November 6th, 2020
- Know Your Role: You Are Part of the Security Team - ClearanceJobs - ClearanceJobs - November 6th, 2020
- 'This is how it was all supposed to work': The EI-ISAC readies for Election Day - StateScoop - November 6th, 2020
- Two reasons your Wi-Fi is slow, and how to fix them - CNET - November 6th, 2020
- Keeping Yourself Safe on the Internet at University - TechBullion - November 6th, 2020
- IT Security Spending in Government Market Expected to Flourish By 2025 with Top Key Players- IT Security Spending in Government are: Check Point... - November 6th, 2020
- Arson, water damage: Paper ballots are fragile. But there's a reason we don't vote online - CNET - November 6th, 2020
- Live News Streaming Figures for #Election2020 Highlight Misinformation Threat - Infosecurity Magazine - November 6th, 2020
- Florida Invests in Security Controls Ahead of #Election2020 - Infosecurity Magazine - November 6th, 2020
- How to Organize Employees to Cooperate in Threat Mitigation - Infosecurity Magazine - November 6th, 2020
- The best antivirus protection for Windows 10 in 2020 - CNET - November 2nd, 2020
- Internet Security Firewall Market to Reap Excessive Revenues by 2020-2029 - Eurowire - November 2nd, 2020
- Global Internet Security Market Expected to reach highest CAGR in forecast period :HPE, IBM, Intel, Symantec, AlienVault - TechnoWeekly - November 2nd, 2020
- Poll shows that many feel more vulnerable to online threats during the pandemic - Wiltshire 999s - November 2nd, 2020
- Internet of Things (IoT) Security Market To Witness Significant Growth By 2020-2028 - TechnoWeekly - November 2nd, 2020
- Post-2020 election, Covid vaccine is biggest disinformation threat on the internet: Former Facebook security chief - CNBC - November 2nd, 2020
- Internet of Things (IoT) Security Market Demand (2020-2026) | Covering Products, Financial Information, Developments, Swot Analysis And Strategies |... - November 2nd, 2020
- Career in cybersecurity or ethical hacking: Where to study, starting salary and job interview questions - India Today - November 2nd, 2020
- Internet Of Everything (IoE) Market Status and Trend: Top Key Players, Industry Dynamics, And Regional Scope 2020 - Aerospace Journal - November 2nd, 2020
- Security Pros Have Role in Combatting Disinformation - Infosecurity Magazine - November 2nd, 2020
- How Safe Is the US Election from Hacking? - The New York Review of Books - November 2nd, 2020
- Internet watchdog warns of rise in scammers' activity - New Zealand Herald - November 2nd, 2020
- Homeland Security notified after hackers leak names of local residents who reportedly submitted invalid ballots - iFIBER One News - November 2nd, 2020
- Global Internet of Things Security Market Expected to reach highest CAGR in forecast period :Check Point Security Software Technologies, Cisco... - November 2nd, 2020
- Network Security: Don't Trust And Verify - IT Jungle - October 23rd, 2020
- Akamai Reveals State of Internet: Threats to Retailers - Solutions Review - October 23rd, 2020
- Verisign Reports Third Quarter 2020 Results | Business | The Daily News - Galveston County Daily News - October 23rd, 2020
- Global Internet Security Software Market Analysis, Drivers, Restraints, Opportunities, Threats, Trends, Applications, And Growth Forecast To (2026). -... - October 23rd, 2020
- Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices - GlobeNewswire - October 23rd, 2020
- Cybersecurity and a potential Biden White House: Past tech priorities resurrected - SC Magazine - October 23rd, 2020
- Virgin Media has an important new feature, but switching it on will cost you - Express - October 23rd, 2020
- WISeKey and OpSec Security Partnership Establishes Trust Between Brands and their Customers through Improved Customer Engagement - GlobeNewswire - October 23rd, 2020
- Internet Of Things Iot Security Market Economic Perspective And Forecast To 2027 - PRnews Leader - October 23rd, 2020
- Why cybercriminals have 'Gone Vishing' during the COVID-19 Pandemic - Bdaily - October 23rd, 2020
- Insights on the Digital Security Control Global Market to 2027 - Strategic Recommendations for New Entrants - GlobeNewswire - October 17th, 2020
- More than 25% of Cypriots concerned about internet security - Cyprus Mail - October 17th, 2020
- 5 things you can do to secure your home office without hiring an expert - We Live Security - October 17th, 2020
- Beyond Speed and Reliability: Security Is a New Differentiator - Security Boulevard - October 17th, 2020
- Nationwide and Generali Global Assistance Partner to Enhance Identity Theft Protection - Insurance News Net - October 17th, 2020
- Global Internet of Things (IoT) Security Product Market 2020 Impact of COVID-19, Future Growth Analysis and Challenges | Cisco Systems, Inc, IBM... - October 17th, 2020
- Is BlackBerry (TSX:BB) Stock a Buy on the Latest News? - The Motley Fool Canada - October 17th, 2020
- Global Internet of Things or IoT Security Market to Reach $22 Billion+ Valuation by 2027, Largely Due to Blockchain Adoption - Crowdfund Insider - October 17th, 2020
- Internet Security Market with COVID-19 Recovery Analysis 2020 | Rapid Adoption of BYOD Policy to Boost Market Growth | Technavio - Business Wire - October 8th, 2020
- Tenable and the CIS Enter Partnership to Bolster Cyber Hygiene - AiThority - October 8th, 2020
- How to Build Smart Banks that Connect Customers with Modern DX - AiThority - October 8th, 2020
- #NCSAM: Is Connected Ever Going to be Protected? - Infosecurity Magazine - October 8th, 2020
- Cyber Security Awareness Month is here! - We Live Security - October 2nd, 2020
- Internet security Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - October 2nd, 2020
- Latest Report on Global Internet of Things (IoT) Security Market Analysis, Growth, Opportunity and Regional Insights 2026 - The Daily Chronicle - October 2nd, 2020
- Remarks by Henrietta Fore, UNICEF Executive Director, at Security Council meeting on universal connectivity & access to digital technology in... - October 2nd, 2020
- Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion) - Inside Higher Ed - October 2nd, 2020
- COVID-19 Update: Global Internet Security Audit Market is Expected to Grow at a Healthy CAGR with Top players: Symantec, Intel Security, IBM, Cisco,... - October 2nd, 2020
- Internet Security Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top Players: HPE,... - September 30th, 2020
- The Top Internet of Things (IoT) Authentication Methods and Options - Security Boulevard - September 30th, 2020
- How Trusted Internet Connections Is Focusing Telework with TIC 3.0 - FedTech Magazine - September 30th, 2020
- Is your business looking for an extra layer of security - here's why a VPN may be the answer - TechRadar - September 30th, 2020
- A business connected to the cloud needs cloud-ready security, connectivity - Techgoondu - September 30th, 2020