Digital attackers can compromise a system in a matter of minutes. But it generally takes organizations much longer to figure out that anything has happened. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that more than half of large organizations took days or even months to detect a security incident. Such dwell time gave attackers all they needed to move throughout an infected network and exfiltrate sensitive data. The finding shared above raises an important question: how can organizations gain more timely insight into what’s happening on their networks? The answer lies in organizations investing in their security fundamentals. This blog post will focus in on one of those basic measures: secure configuration management (SCM). After providing a definition of this security control, the post will describe how SCM complements an organization’s security and compliance efforts before illuminating how it can fit within an overarching digital security strategy. https://www.youtube.com/watch?v=rLuC5lnpThU&feature=youtu.be
What Is SCM?
The National Institute of Standards and Technology (NIST) defines security configuration management as “the management and control of configurations for an information system to enable security and facilitate the management of risk.” At its heart, SCM is a digital security process that’s designed to harden digital systems against digital attacks. It can also help organizations shrink their respective attack surfaces. The purpose of SCM is to make sure an organization’s systems are properly configured to meet the organization’s security and compliance requirements. From a security standpoint, organizations need to minimize the existence of misconfigurations; malicious actors could weaponize a broken setting as an entry point into their network. This threat places the onus on organizations to define what a secure configuration baseline looks like for each of their assets and to then continuously monitor their assets for deviations. Any unexpected change could highlight the existence of a security issue. Simultaneously, organizations need to apply SCM to their compliance efforts, as many industry standards and regulations incorporate some form of this security fundamental. As such, organizations can use secure configuration management to reduce the time it takes for them to prepare for an audit. They can also use the control to obtain visibility into their post-audit compliance state. SCM can help track changes to the network and raise an alert if deviations occur. Such functionality enables the organization to return to their secure baseline state well ahead of their next audit date.
How SCM Fits into an Organizational Security Strategy
Secure configuration management does not stand alone as a security control. By design, it works together with and augments other security measures. The Center for Internet Control (CIS) recognizes this fact, which is why it listed SCM fifth in its list of top security controls:
- Inventory and Control of Hardware Assets: Organizations need to know which hardware assets are connected to the network.
- Inventory and Control of Software Assets: Beyond hard, it’s important to have an inventory of what embedded code, applications and services require protection.
- Continuous Vulnerability Management: Once organizations have an inventory of their hardware and software, they can scan those assets for security weaknesses and use their vulnerability management plan to prioritize fixes.
- Controlled Use of Administrative Privileges: To safeguard the network even further, organizations should control the types of resources to which employees, contractors and others have access depending on their work duties.
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers: Last but not least, organizations must maintain the secure baselines of their hardware and software assets.
To maximize their efforts, organizations should implement SCM in coordination with additional security best practices, as well. They should specifically focus on cultivating a partnership between SCM and three other security fundamentals: enterprise integrity, file integrity monitoring and log management.
Enterprise Integrity
Integrity is crucial to an organization’s digital security. As one of the main components of the CIA Triad, integrity ensures that nothing varies from its current or expected state in a way that harms the business. SCM can help organizations ensure the integrity of its assets, thereby laying the foundation for trust and reliability among the organization’s customers and partners.
File Integrity Monitoring
A vital part of validating integrity involves pairing SCM with robust change management processes like FIM. Indeed, organizations need to detect the changes that make a data breach possible; FIM does this by spotting alterations on files and system attributes that deviate from a secure baseline. The important thing is that the FIM solution be able to differentiate expected changes from unforeseen modifications in real time.
Log Management
All of an organization’s devices and applications produce network logs, or records of events that occurred in those assets. As networks become bigger and more complex, organizations could easily become overwhelmed with logs, thereby making it difficult for them to detect security incidents amid all the noise. With SCM, however, organizations can add context to those events and focus their security efforts on their high-value assets. For more information on SCM and its security benefits to the organization, please download Tripwire’s latest eBook “Mastering Configuration Management Across the Modern Enterprise: An Explorer’s Guide to SCM.”
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.