Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Secure Your Configurations with Tripwire’s Configuration Manager
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Secure Your Configurations with Tripwire’s Configuration Manager

4 years ago Raymond Kirk
Secure Your Configurations with Tripwire’s Configuration Manager

As cybersecurity professionals, we are always impressing the importance of patch management as one of the best ways to protect systems against vulnerabilities. Sometimes, the vulnerabilities are never fully exploited. Regardless of the threat possibility, patching is one of the easiest ways to ensure the minimum level of security in an organization. The best part about patching a system is that it is very easy to see the status of the patch level as compared to the manufacturer’s recommendations.

Configuration Management

One of the areas of security that is more easily overlooked is configuration management. If a system’s configuration is changed, it can often go unnoticed, as there are often no alarms that would be set off, no manufacturer’s warning, and no standard level that is recommended. This is why configuration management is so important towards understanding if any configuration drift has occurred. Configuration management is applicable not only to security professionals but also to all areas of IT management as well as to DevOps.

Contextualizing the Problem

According to one source, some organizations have admitted to a large number of known misconfiguration discoveries. More worryingly, some have reported that there are probably unknown misconfigurations, as well. This is the new “low hanging fruit” for cloud-based attacks as well as for malicious techniques like exploiting unsecured storage containers, crypto-jacking, and discovering exposed sensitive databases. That’s probably why Gartner predicted that misconfigurations would account for 80% of cloud breaches by 2020, as reported by Forbes.

Misconfigurations in the cloud are already having an impact, however. We’ve already seen attackers leverage them against big targets like Equifax and Microsoft Azure. We’ve also seen data breaches tied to cloud misconfigurations carry quite a price tag. As reported by TechRepublic, 196 such incidents exposed more than 33 billion records and cost organizations an estimated $5 trillion worldwide in 2018 and 2019.

More Recent Changes

Then came the events of 2020. Over the last year, we have seen a huge spike in ransomware attacks on businesses and government agencies – so much so that there has been an Executive Order directly related to cybersecurity. This Order requires businesses that do business with the government to implement controls that augment their cloud security so that they can better defend against ransomware and other digital threats.

This raises the following question: how can organizations reduce their cloud misconfigurations?

Well, the National Institute of Standards and Technology (NIST) has released guidance that specifically addresses security-focused configuration management. But many organizations don’t have the internal expertise to carry out these recommendations on their own. Fortunately, there’s another way to protect configurations for both on premise and cloud-based environments, and that’s with the use of a configuration management tool. 

Where Tripwire Comes In

Tripwire Configuration Manager offers an intuitive interface with includes graphical dashboards, which draw attention to key areas of interest, emphasizing focal points that are prioritized based on severity. Configuration Manager is particularly effective because it enables users to monitor their IaaS account configurations against CIS benchmarks. This makes remediation tasks that much easier for system administrators as well as security teams, thus helping to protect from configuration drift.

.

Configuration Manager integrates smoothly with popular third-party applications, adding robust methods to secure your environment. The ability to connect to any third-party SaaS product adds the flexibility to create policies and rules to include their configurations, as well. This helps an organization to gain full visibility and save time and effort by keeping a company’s SaaS application configurations front and center.

Configuration manager prides itself not only on its ease-of-use but also its quick implementation. The “Getting Started” guide points you in all the right directions to attain maximum usability of the product for optimal benefit, from account setup to viewing results and most importantly to remediating issues.

The immediate benefit businesses gain by using Configuration Manager is the ability to have visibility across multiple different cloud environments in one location.  With this view, a security team can tackle the most important issues with detailed instructions on how to remediate those issues. The product also includes reports that can be exported and shared through all levels of the C-Level chain and even be used for audit evidence. This provides a perfect summary of your organization’s security posture as well as proof of security readiness.

Careful configuration management is the new focus for many organizations. Unfortunately, it is also the new focus for many cybercriminals. The best way to be sure that your organization is using the best secure configurations is by following reliable guidance and streamlining that process with a trusted tool from a leading security company.

Learn more about Tripwire’s Configuration Manager here. To set up a free trial, click here.

The post ” Secure Your Configurations with Tripwire’s Configuration Manager” appeared first on TripWire

Source:TripWire – Raymond Kirk

Tags: Cloud, Encryption, Low Severity, Malware, Microsoft, Ransomware, TripWire

Continue Reading

Previous Tripwire Experts Offer Point of View on Zero Trust at EO’s 6-Month Milestone
Next GoDaddy Data Breach Exposes Over 1 Million WordPress Customers’ Data

More Stories

  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

2 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Vulnerabilities

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

21 hours ago [email protected] (The Hacker News)
  • Vulnerabilities

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

23 hours ago [email protected] (The Hacker News)
  • Cyber Attacks

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

23 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

2 days ago [email protected] (The Hacker News)

Recent Posts

  • LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
  • China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
  • Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
  • Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
  • ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT