Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • What Is SCM (Security Configuration Management)?
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

What Is SCM (Security Configuration Management)?

5 years ago Chris Orr
What Is SCM (Security Configuration Management)?

The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their security budgets would shrink by the end of 2020 but that they’d be asking for significant increases in 2021.

These findings beg the question: where should CISOs be directing their security asks for 2021 and beyond?

Foundational Controls as an Answer

Network security begins with asset discovery. This foundational control advises organizations to develop an inventory of all authorized and unauthorized hardware, software and other devices. Using that information, IT security personnel can track and correct all authorized devices and software. They can also deny access to unauthorized and unmanaged products as well as prevent unapproved software from installing or executing on network devices.

Where Security Configuration Management Comes In

Once enterprises have discovered all their assets, they can move on to security configuration management (SCM). NIST’s SP 800-128, entitled “Guide for Security-Focused Configuration Management of Information Systems,” explains that organizations use SCM to ensure the integrity of their products and systems. This security control accomplishes that aim by establishing, managing and remediating deviations from configurations for those assets.

IT security and IT operations meet at SCM because this foundational control blends together key practices such as mitigating known security weaknesses using vulnerability assessments, evaluating authorized hardware and software configurations as well as using security processes and controls to automate remediation. Towards that end, organizations can leverage a software-based SCM solution to reduce their attack surfaces by proactively and continuously monitoring and hardening the security configurations of their environment’s operating systems, applications and network devices.

Security configuration management and Compliance

Security configuration management doesn’t just serve organizations’ digital security requirements. Compliance auditors can also use security configuration management to monitor an organization’s compliance with mandated policies. These standards range from international standards such as the ISO 27000 series to industry-specific requirements like the Payment Card Industry’ Data Security Standard (PCI DSS), a regulation which applies to just about anyone who handles branded credit cards or government regulations like the United States’ Sarbanes-Oxley Act (SOX) or the Monetary Authority of Singapore (MAS).

Security configuration management consists of four steps. The first step is asset discovery, as I described above. Organizations can use active discovery to manually try to find all of their connected hardware and software, but this method of discovery doesn’t account for the possibility of shadow IT. Consequently, organizations should consider using passive discovery to discover assets that might be otherwise hidden from the IT department.

Next, organizations should define acceptable secure configurations as baselines for each managed device type. They can do so by referring to their security policies. Alternatively, they can consider using guidance published by the Center for Internet Security (CIS) or the National Institute of Standards and Technology (NIST).

From there, they can assess their managed devices according to a predefined frequency that’s specified in their security policy. It’s not enough for organizations to determine that there’s an issue with their assets’ security configurations, however. When they spot a deviation from an approved secure baseline, organizations then need to make sure there are processes in place in order to make sure someone fixes the problem or grants it an exception on a timely basis.

Strategic security configuration management

Many SCM solutions come with additional features that organizations can use to better protect their networks. Here are a few considerations of which enterprises should remain aware:

  • OS and Application Support: If they intend to get the most out of security configuration management efforts, companies must make sure their solution provides support for every operating system and application they use in their environment. Failure to do so could leave some of their assets uncovered. This would undermine organizations’ visibility of the network, thereby impeding their ability to prevent attackers from abusing a misconfiguration for malicious purposes. 
  • Policy Flexibility: The best types of SCM solutions offer numerous policies and configurations. Such options allow organizations to adjust the tool to their own evolving requirements as they continue to undergo their digital transformations. Along that same vein, companies should also have the option of customizing preset policies, defining new policies and adding new baseline configurations and/or benchmarks as their needs change.
  • Scalability: Organizations should make sure they can customize the frequency, impact and scope of their security configuration management solution’s scanning protocols. That flexibility should include the ability to strategically distribute scanners around the network so as to not needlessly tax their endpoints and to prioritize their security efforts. It should also come with the ability to manage remote devices such as by issuing alerts when one product requires assessment but has not connected to the network in some time.
  • Closure of the Operational Loop: Companies can choose to manually act on their SCM’s solutions by reporting configuration issues to the help desk. Even so, it’s advantageous for a company to invest in a solution that automatically reports those issues and in so doing closes the operational loop. Otherwise, organizations could neglect to report an issue and leave themselves open to attackers exploiting a misconfiguration. Organizations should also look for functionality that reduces false positives such as when someone has granted an authorized exception. The last thing organizations want to do is waste time on investigating an issue that doesn’t constitute a digital threat as well as neglect committing time and resources to actual security problems.

SCM from Tripwire

To help companies with security configuration management, Tripwire has created the Configuration Compliance Manager. This agentless solution profiles and discovers all assets on the network, assesses and audits the compliance of network infrastructure devices and other key systems as well as yields crucial data about what patches are still missing on both IT and OT devices. In doing so, the solution can reduce organizations’ audit readiness costs by up to 40%.

To learn more about Tripwire’s Configuration Compliance Manager, click here.

Additional information on SCM can be found in this free e-book. You can also learn about some of the other foundational network security controls you should look for when purchasing a new solution by downloading this whitepaper.

The post ” What Is SCM (Security Configuration Management)?” appeared first on TripWire

Source:TripWire – Chris Orr

Tags: Compliance, Coronavirus, COVID-19, Goverment, TripWire

Continue Reading

Previous SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack
Next Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

1 hour ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

20 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

1 day ago [email protected] (The Hacker News)

Recent Posts

  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
  • Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
  • AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT