Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Stop Wasting Your Time and Money with a “Checkbox” SCM Solution
  • Data Breach

Stop Wasting Your Time and Money with a “Checkbox” SCM Solution

5 years ago David Bisson
Stop Wasting Your Time and Money with a “Checkbox” SCM Solution

By now, we know a lot about secure configuration management (SCM). We know the way it works, the integral processes of which it consists, the areas of your IT infrastructure that it can help secure as well as the different types of best practice frameworks and regulatory compliance standards with which it can help you to maintain compliance. All we’re missing is how to procure and deploy an effective SCM solution.

The word “effective” is key here. What you don’t want is a “checkbox” SCM tool that doesn’t meet all of your requirements. Sure, it might help you pass an audit if the auditor doesn’t dig too deeply, but it’ll likely lack support for specialized policies such as the National Institute of Standards and Technology (NIST) and the Payment Card Industry (PCI). It might also not have sufficient content or reporting capabilities to effectively scale across your enterprise.

Ultimately, checkbox SCM solutions are a waste of money. You want a tool that complexly supports your business needs. That’s why you need to approach the purchase of an SCM solution in a methodical way. This process should involve assessing your environment, asking SCM vendors certain key questions and keeping important deployment considerations in mind.

Assessing Your Environment

You should look at your IT and/or OT environment before you formulate a SCM strategy. In particular, you should investigate the following components of your environments to determine what type of tool will work best:

  • Hardware: You need to know what types of hardware a SCM solution requires to run properly. Does the prospective tool support the hardware found in your environment? If not, is it worth aligning your hardware to the solution in terms of money, time and business objectives? Along those same lines, can the tool scale as the business grows?
  • Location: You might not have your assets in one place. Perhaps you have a distributed environment, or perhaps you’re using a hybrid cloud model in which some of your assets are stored on premises and others are located in the cloud. Does the proposed tool support your assets regardless of location? And does it support all the major cloud vendors?
  • Third-Party Tools: Does your environment rely on third-party tools such as threat intelligence sources, patch management apps and SIEM tools? If so, you want to make sure that a proposed SCM tool comes with the option of integrating with them.
  • Internal Skills: Your organization might have admins who wear several hats including for security, or you might have a dedicated security team. Who do you want to own the SCM solution? Do you have enough internal expertise to manage the tool? If not, you might want to look into investing in a managed offering.

Engaging with an SCM Vendor

Once you’ve confirmed that a SCM tool will work with your environment, you can ask more detailed questions about how the solution works. In particular, you should consider asking the SCM vendor the following questions:

  1. What security controls are available for endpoint management through your solution? Are the policies for those controls managed through your console?
  2. What devices and apps does your product support?
  3. What best practice frameworks and/or regulatory compliance standards are supported?
  4. What kinds of reports can I create by default? How can I create a custom report?
  5. Do you have an in-house research team? How do they support your SCM solution?
  6. Are temporary devices supported by the tool?
  7. How do we optimize your management console? What does it need to run, what hierarchal management does it support and how customizable is it?
  8. How have you secured your solution? Is it supported by strong authentication? Pentests? A secure software development process?
  9. What is the scope of the solution upon purchase? How many devices can I protect with an initial license purchase? Is it possible for it to scale up?
  10. Do you have training and/or professional services available?

What to Keep in Mind for Deployment

Once you’ve chosen and purchased a license for the SCM tool, you can get into the work of deploying it. This effort should begin by preparing the hardware that’s needed to run the SCM tool. This will save time and money when the vendor’s professional services team or your internal folks start their work. You also want to make sure you know the tool’s port and service requirements to get everything up and running with the network team.

From there, you want to make sure subject matter experts are available for all applications into which you’ll be integrating the SCM tool. It’s then that you can get to work deploying the solution. You can do this either by educating your internal teams or by using professional services offered by the vendor to help you deploy or even remotely run the solution.

To learn more about the benefits of SCM, download Tripwire’s latest eBook “Mastering Configuration Management Across the Modern Enterprise: An Explorer’s Guide to SCM.”

For information on how Tripwire’s products can help support your organization’s SCM efforts, please download this Tripwire Enterprise datasheet.

FURTHER READING ON SCM:
  1. SCM: Understanding Its Place in Your Organization’s Digital Security Strategy
  2. 4 Areas of Your IT Infrastructure that SCM Can Help to Secure
  3. SCM in Practice: How to Strengthen Your Organization’s Security Processes
  4. Gearing Your Compliance Efforts to Your Next Audit Using SCM

The post ” Stop Wasting Your Time and Money with a “Checkbox” SCM Solution” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Cloud, Encryption, Finance, Goverment, TripWire

Continue Reading

Previous A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
Next How social media is used to commit financial fraud

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

6 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

2 days ago [email protected] (The Hacker News)

Recent Posts

  • Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
  • eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
  • Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT