Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Why Security Configuration Management (SCM) Matters
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Why Security Configuration Management (SCM) Matters

4 years ago Irfahn Khimji
Why Security Configuration Management (SCM) Matters

In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM).

Faster breach detection

Today’s cyber threat landscape is extremely challenging. This is highlighted by the length of time it takes to detect a breach. The gap from a breach to detection is still lingering at 212 days, according to IBM. 212 days is around seven months, and that is a lot of time for your enemies to wreak havoc on your network.

So where does an organization start to “keep their enemies closer?” The SANS Institute and the Center for Internet Security recommend that once you inventory your hardware and software, the most important security control is secure configurations. Critical Security Control 4 says, “Establish and maintain the secure configuration of enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/IoT devices; and servers) and software (operating systems and applications).”

What is Security Configuration Management?

The National Institute of Standards and Technology (NIST) defines security configuration management (SCM) as “The management and control of configurations for an information system with the goal of enabling security and managing risk.”

Attackers are looking for systems that have default settings that are immediately vulnerable. Once an attacker exploits a system, they start making changes. These two reasons are why security configuration management tools are so important. SCM can not only identify misconfigurations that make your systems vulnerable but can also identify “unusual” changes to critical files or registry keys.

With a new zero-day threat revealed almost daily, signature-based defenses are not enough to detect advanced threats. To detect a breach early, organizations need to understand not just what is changing on critical devices but also be able to identify “bad” changes. SCM tools allow organizations to understand exactly what is changing on their key assets.

By setting a gold standard configuration for your systems and continuously monitoring for indicators of compromise, organizations can quickly identify a breach. Early detection of a breach will help to mitigate the damage of an attack. Using SCM to enforce a corporate hardening standard like CIS, NIST and ISO 27001 or a compliance standard like PCI, SOX, NERC, or HIPAA provides the ability to continuously harden systems to reduce the attack surface. Hardened systems provide less opportunity for the bad guys to launch a successful attack.

Your Security Configuration Management Plan in Action

Without a security configuration management plan, the task of maintaining secure configurations even on a single server is daunting; there are well over a thousand of ports, services and configurations to track. If you multiply those same ports, services and configurations across your entire enterprise of servers, hypervisors, cloud assets, routers, switches and firewalls, the only way to track all of those configurations is through automation.

A good SCM tool automates those tasks for you and provides deep system visibility at the same time. The moment your system becomes misconfigured, you should be notified and offered detailed remediation instructions in order to bring the misconfiguration back into alignment. There are four key stages to robust SCM:

1. Device discovery

First, you’ll need to find the devices that need to be managed. Ideally you can leverage an SCM platform with an integrated asset management repository. You will also want to categorize and “tag” assets to avoid starting unnecessary services. Engineering workstations, for example, require different configurations than finance systems.

2. Establish configuration baselines

You will need to define acceptable secure configurations for each managed device type. Many organizations start with the benchmarks from trusted establishments like CIS or NIST for granular guidance on how devices should be configured.

3. Assess, alert and report changes

Once devices are discovered and categorized, the next step is to define a frequency for assessments. How often will you run a policy check? Real-time assessments may be available but are not required for all use cases.

4. Remediate

Once a problem is identified, either it needs to be fixed or someone needs to grant an exception. You are likely to have too much work to handle immediately, so prioritization is a key success criterion. You will also need to verify that expected changes actually took place for the audit.

Additional considerations you won’t want to overlook when considering your security configuration management plan are:

  • Agent-based versus agentless scans: Avoiding blind spots in your IT environment typically involves a sophisticated combination of both agent-based and agentless scanning to make sure your entire environment is always configured properly.
  • High-visibility dashboarding: You’ll want user-selectable elements and defaults for technical and non-technical users. You should be able to only show certain elements, policies, and/or alerts to authorized users or groups, with entitlements typically stored in the enterprise directory.
  • Policy creation and management: Alerts are driven by the policies you implement in the system, so policy creation and management is also critical to adapt the solution to the unique requirements of your environment.
  • Alert management: Time is of the essence during any response, so the ability to provide deeper detail via drill down then provide information to an incident response process is critical. This allows administrators to monitor and manage policy violations which could represent a breach.

The security configuration management process is complex. But if you’re using the right SCM tool, the bulk of the work will be handled for you through automation. Using a corporate hardening standard and creating the baseline to identify changes to that standard is a great way to “keep your enemies closer.” Vito Corleone would be proud.

To learn more about how Tripwire can help you with Security Configuration Management, download our Security Configuration Management Buyer’s Guide.

The post ” Why Security Configuration Management (SCM) Matters” appeared first on TripWire

Source:TripWire – Irfahn Khimji

Tags: Cloud, Compliance, Critical Severity, High Severity, TripWire

Continue Reading

Previous HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains
Next Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

16 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

19 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

21 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

24 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT