Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Foundational Controls Make the Hard Things Easier to Do
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Foundational Controls Make the Hard Things Easier to Do

6 years ago Dean Ferrando
Foundational Controls Make the Hard Things Easier to Do

Let’s begin with a short story. Imagine that we have two large organizations in the public sector. These entities are very similar. Both are on the receiving end of cyber threats. Both adhere to multiple compliance standards. And both need to ensure that their IT systems are functioning and working as planned.

But they’re not entirely the same. Take Organization A, for example. This company has recently suffered a data breach, and its IT team is trying to figure out what happened and to plug holes. The organization is also working towards GPG 13 compliance while also trying to be PCI compliant; it needs to schedule a review of PCI policies towards that end.

Finally, the organization is struggling with the availability of its business-critical systems. Its teams keep trying to establish the root cause of this availability issue. However, doing so is proving to be time-consuming because the business processes involved suffer from a lack of accountability.

It’s an entirely different story for Organization B. This company has always been compliant, and it’s not worried about drift. When its business systems fail, it’s much easier for Organization B to figure out what happened and to quickly restore service.

All of this begs the question: how is it possible that Organization B is vastly different from Organization A? The answer is that the former is using foundational controls and the latter isn’t.

What Are Foundational Controls?

Foundational controls are basic measures that should ideally form the basis of any organization’s IT security posture. As such, they should constitute the foundation on which an organization bases the rest of its IT security strategy.

Let’s look at an example. In 2008, the SANS Institute developed a specific set of foundational controls before transferring them to the Center for Internet Security (CIS) in 2015. Today, these 20 security measures represent the starting point for organizations regardless of their size or type. Any organization can reduce their risk of a digital attack by 85% via implementing the first five CIS controls. If they implement all 20 controls, they could reduce their risk by as much as 94%.

Waking Up to the Benefits

Organizations clearly have a lot to gain in implementing security measures such as the CIS foundational controls. But if these defensive actions are so basic, why haven’t all organizations implemented them yet?

My belief is that organizations are undergoing a change in mindset. For a while, security was not a necessity for many organizations. That changed in a short amount of time when hacks, data breaches and malware attacks became more of the norm. Unfortunately, organizations focused much of their investment on preventative tools to stem the tide of attacks.

Only now are organizations beginning to evaluate the impact of their decisions. In the process, they’re realizing that they spent a lot of time and money solely on fighting fires. They now see that they failed to implement the security basics.

It’s Not Too Late

Fortunately, it’s never too late for organizations to implement foundational controls. Solution vendors such as Tripwire have tools that leverage these security measures to defend their customers. Typically, these controls fall into one of four categories: discovery, secure configurations, vulnerability management and log management.

Discovery

This foundational control is all about what’s knowing on the network. Internet-connected devices are increasingly dynamic in nature. Virtual devices are constantly spinning up and down, for instance, and IP addresses are changing quickly. This makes it difficult to monitor and detect endpoints as they appear and disappear from the network.

That’s a problem. If they can’t monitor their endpoints, organizations can’t ensure whether all of their devices are compliant. They also won’t able to identify what shouldn’t be on the network and pinpoint how unneeded devices/unpatched software might be expanding their attack surface.

Secure Configurations

The vast majority of devices are insecure by default. Acknowledging this fact, organizations can leverage secure configurations to harden their devices and baseline their assets. Doing so will help them to detect changes and understand why those alterations might be good or bad. In the process, they’ll be able to distinguish a data breach from business as usual.

They can also determine when the bad change occurred. The issue here is that it takes time and resources to figure out what happened and to return affected systems to normal. Attackers can prey upon organizations in that span of time.

Vulnerability Management

All unpatched devices and software are effectively an open door to an organization’s sensitive data. Of course, organizations need to direct their attention to patching these vulnerabilities. But the problem is that there are oftentimes too many vulnerabilities to patch and too few people to patch those security weaknesses.

Organizations therefore need a vulnerability management plan to help them to fix the biggest vulnerabilities first. One of the ways they can do that is by prioritizing each security flaw based upon the potential impact of a successful attack. Additionally, organizations also need to be aware of the types of vulnerabilities that attackers are attempting to exploit. Threat intelligence into the latest attack campaigns can shed some light on these malicious efforts.

Log Management

Last but not least, organizations need logging in order to detect and investigate an incident. The problem is that logging is oftentimes turned off or manipulated, meaning that organizations don’t have the necessary information about an incident. Even when logging is enabled, vital information into a security incident could elude an organization, as logging solutions tend to create lots of information and alerts that take time for someone to analyze.

Fortunately, correlation and aggregation can alleviate some of the costs involved with logging. These processes can help give to organizations the necessary data that they need to figure out what happened. They can then leverage that same data to strengthen their security posture.

Building up the Basics

The motivation behind implementing foundational controls is simple: by doing the easy things well, the harder things become easier. In other words, by investing in foundational controls and making sure they’re enacted properly, organizations can reduce the difficulty involved with managing other aspects of their digital security. For information on how Tripwire’s solutions leverage foundational controls to keep customers safe, click here.

 

The post ” Foundational Controls Make the Hard Things Easier to Do” appeared first on TripWire

Source:TripWire – Dean Ferrando

Tags: Critical Severity, Exploit, Finance, Goverment, TripWire, Vulnerability

Continue Reading

Previous Nationwide Facial Recognition Ban Proposed By Lawmakers
Next Vancouver Man Sentenced to Federal Prison for Developing DDoS Botnets

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

3 days ago [email protected] (The Hacker News)

Recent Posts

  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
  • CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
  • Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
  • China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT