In The Godfather Part II, Michael Corleone says. “There’s a lot my dad taught me in this room. He taught me: Bring your friends closer, but your enemies closer.” Vito Corleone This lesson, which he taught his son Michael, applies to IT as well. Security configuration management (SCM).
Faster violation detection
The situation of cyber threats today is very difficult. This is highlighted by the length of time it takes to detect a violation. The gap from violation to detection still remains in 212 days. According to IBM.. 212 days is about 7 months, which is a lot of time for the enemy to bring havoc to the network.
So where does the organization “keep the enemy close”? The SANS Institute And that Internet Security Center Once you’ve inventoryed your hardware and software, it’s a good idea to have a secure configuration for your most important security controls. Important security management 4 “Establish and maintain secure configurations of enterprise assets (end-user devices, including portable and mobile, network devices, non-computing / IoT devices, and servers) and software (operating systems and applications).”
What is security configuration management?
National Institute of Standards and Technology (US National Institute of Standards and Technology)NIST) Definition Security configuration management (SCM) As “Management and control of information system configuration for the purpose of realizing security and managing risk”.
Attackers are quickly looking for systems with vulnerable default settings. When an attacker abuses the system, it begins to make changes.These two reasons are the reasons Security configuration management tool It’s very important. Not only can SCM identify configuration errors that make your system vulnerable, but it can also identify “abnormal” changes to important files or registry keys.
Signature-based defenses are not sufficient to detect advanced threats, as new zero-day threats are revealed almost every day. To detect breaches early, organizations need to be able to identify “bad” changes as well as understand what is changing on critical devices. With SCM tools, organizations can understand exactly what is changing in their key assets.
By setting up a gold standard configuration for the system and continuously monitoring the traces of intrusions, organizations can quickly identify breaches. Early detection of violations can help mitigate the damage caused by an attack. Use SCM to implement corporate strengthening standards such as CIS. NIST And ISO 27001 or compliance standards such as: PCISOX, NERCAlso HIPAA It provides the ability to continuously strengthen the system and reduce the attack surface. The enhanced system reduces the chances of a malicious user to succeed in an attack.
Running security configuration management plan
none Security configuration management Planning makes it difficult to maintain a secure configuration even on a single server. There are well over 1,000 ports, services, and configurations to track. These same ports, services, and configurations, servers, hypervisors, Cloud For assets, routers, switches and firewalls, automation is the only way to track all these configurations.
Great SCM tools automate these tasks while providing detailed system visibility. At the moment the system is misconfigured, you need to be notified and provide detailed repair instructions to restore the misconfigured configuration to its original position. Robust SCM has four important stages.
1. Device detection
First, you need to find the device you need to manage. Ideally, you can take advantage of the SCM platform with an integrated asset management repository. You can also categorize and “tag” assets to avoid launching unwanted services. For example, engineering workstations require a different configuration than the financial system.
2. Establish a configuration baseline
You must define an acceptable and secure configuration for each type of managed device.Many organizations have CIS or NIST Detailed guidance on how to configure the device.
3. Evaluate, warn and report changes
Once the device is detected and categorized, the next step is to define the frequency of evaluation. How often do you perform policy checks? Real-time assessments may be available, but not required for all use cases.
Once the problem is identified, you need to fix it or someone can allow the exception. Prioritization is an important success criterion, as it is likely that there is too much work to do right away. You also need to make sure that the expected changes have actually been made for the audit.
Here are some additional considerations you shouldn’t miss when considering your security configuration management plan:
- Agent-based and agentless scans: To avoid blind spots in an IT environment, you typically combine both agent-based and agentless scans to ensure that your entire environment is always properly configured.
- Highly visible dashboard: Technical and non-technical users need user-selectable elements and defaults. You need to be able to see only certain elements, policies, and alerts for authorized users or groups. Credentials are usually stored in the enterprise directory.
- Creating and managing policies: Alerts are driven by the policies that you implement in your system, so policy creation and management is also important for adapting your solution to the unique requirements of your environment.
- Alert management: Time is important for every response, so the ability to provide more detailed information through drilldowns and inform the incident response process is important. This allows the administrator to monitor and manage policy violations that may represent a violation.
The security configuration management process is complex. However, if you use the right SCM tools, most of the work is done by automation. Using corporate enhancement standards and creating a baseline to identify changes to those standards is a great way to “close your enemies.” Vito Corleone will be proud.
Learn more about how Tripwire can help you manage your security configuration. Security Configuration Management Buyer’s Guide..
Why Security Configuration Management (SCM) is Important
https://www.tripwire.com/state-of-security/featured/why-security-configuration-management-matters/ Why Security Configuration Management (SCM) is Important