Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Compliance – The Invisible Hand of Cybersecurity
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Compliance – The Invisible Hand of Cybersecurity

5 years ago Mitch Parker
Compliance – The Invisible Hand of Cybersecurity

Have you ever worked with a company that operates as “close to broken” as reasonably possible? Companies that follow that mindset usually do not have the most robust security practice, and they certainly will walk very close to the edge of compliance.

Even if you don’t work in such a dysfunctional enterprise as described above, many companies still do not appreciate the interconnection of security and compliance. Both are often considered cost centers, and that paints a scowl on the face of many Chief Financial Officers. However, there is a different way of looking at compliance (or its negative counterpart, non-compliance).

We can divide compliance into the categories of obvious and not-so-obvious costs.

The obvious costs are easy to understand:

  • Track – Keeping a close watch on the requirements to maintain compliance
  • Mitigate – Correcting any deficiencies
  • Fines – Monetary penalties for compliance failure

Some of the hidden costs include:

  • Additional internal audits – To verify that everything is in order as well as the costs of reworking
  • Business disruption – Due to a regulator lockdown of a business unit or the entire organization,
  • Productivity loss – The time employees need to focus on remediation
  • Brand loss – Due to bad media coverage, and this leads to customer erosion

These costs ensure that your organization is equipped with the correct resources that are required to maintain and confirm there are no compliance slips. The biggest hidden cost, though, is the loss that is not accounted for due to non-standardized operating procedures and a lack of standardized control.

In information technology, this is known as secure configuration management.  An organization may be operating at lower efficiency without being noticed until regulatory compliance audits unravel the cracks in the IT ecosystem. This is the “close to broken” setting mentioned earlier.

Easing the burden

Fortunately, the journey to compliance need not be a burdensome task. For example, in the banking industry, digital checking mechanisms enable institutions to track all the risks and ensure compliance by applying the appropriate controls. Comprehensive dashboards are used to ensure that banks can effectively monitor and mitigate compliance issues before they cross into non-compliant territory.

To reduce business risk by ensuring systems are properly configured or hardened to meet with your internal regulatory and legislative compliance standards, Secure Configuration Management is a must.

A secure configuration management tool combines network monitoring and Endpoint Protection methodology to compare monitored systems against an approved configuration baseline or a golden image. Deviation from this baseline, known as test failures, can usually be corrected with little or no human intervention. Secure configuration management is truly a need-to-have based solution.

Secure configuration management offers benefits to organizations, not only from the cost-avoidance standpoint of non-compliance but also from increased organizational efficiency and agility. 

Secure Standard = Enhanced Security

There are added security benefits of having a secure standard.

All security professionals are familiar with the Common Vulnerabilities and Exposures (CVE) system, which provides a reference-method for publicly known information-security vulnerabilities and exposures. Along with that, The National Cybersecurity Federally Funded Research and Development Centers (FFRDC), operated by The MITRE Corporation, maintains a system dedicated to complex cybersecurity problems.

The vulnerabilities that are tracked by CVE and FFRDC aren’t targeted at your individual organization; they are just common susceptibilities that are easily exploited. This is why it is important to maintain baselines against these known weaknesses. Rapid response mechanisms can prevent your organization from exposure to any exploits that are tracked through CVE and MITRE. Setting and maintaining a configuration standard results in enhanced security.

Not All Attacks Are Random

It is important to note that while many vulnerabilities are “common,” there is a more critical aspect of maintaining compliance to protect your organization. The largest segments of attack types are targeted. This type of attack means your organization is singled out, and the attacker has a specific interest in your business or your intellectual property.

A targeted attack takes time and planning, sometimes months, to lay the groundwork and prepare. Attackers still use commodity techniques to probe the systems in your organization, looking for the best path to exploit, but their methods are specifically tailored to your infrastructure, your processes and your personnel. The main reason that targeted attacks are effective is because organizations struggle to follow basic security practices and properly institute measurable security policies.

Could you imagine how much less risk your organization would have if you could eliminate 99.99% of attacks?

How Tripwire Can Help

Tripwire makes compliance to security standard easier with the broadest set of compliance and security policies that accelerate securing your infrastructure and knowing where the weak points are. We update these policies as standards change and allow you to customize the test and assessment results to better meet your individual needs, as you get a giant head-start on your security policy and framework as well as the flexibility to make it your own.

Tripwire covers your infrastructure. Companies have an individual, unique infrastructure, consisting of legacy applications, older operating systems and hardware that may be antiquated. This doesn’t mean it isn’t valuable, and you should be able to get the same amount of protection and monitoring for these older systems as the rest of your systems.

Tripwire monitors almost any asset that you have, detecting changes in real time. Imagine if you could immediately catch configuration drift in your security configurations, giving you a chance to remediate and respond to those changes and to then re-assess the overall impact to your security posture within seconds.

This immediacy eliminates the old days of doing scheduled scans and then spending weeks manually fixing all configuration changes to return you back in alignment with your security policy. The best practice would be to do continuous assessment in real time and then fix the drift, keeping systems in a secure state. We help you categorize and fix deviations from your baseline, as remediation can be very expensive, and it isn’t always known if a change results in an increase or a decrease in risk.

Let us be a key part of your enterprise ecosystem to keep you compliant and secure. To find out more, or to request a demonstration, visit our full product line here.

The post ” Compliance – The Invisible Hand of Cybersecurity” appeared first on TripWire

Source:TripWire – Mitch Parker

Tags: Critical Severity, Exploit, TripWire

Continue Reading

Previous Newest Intel Side-Channel Attack Sniffs Out Sensitive Data
Next Ghidra 101: Loading Windows Symbols (PDB files)

More Stories

  • Data Breach

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

4 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

4 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach

When Cloud Outages Ripple Across the Internet

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

13 hours ago [email protected] (The Hacker News)

Recent Posts

  • [Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate
  • Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
  • When Cloud Outages Ripple Across the Internet
  • APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
  • Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT