As I discussed in a previous blog post, a key security control known as file integrity monitoring (FIM) helps organizations defend against digital threats by monitoring for unauthorized changes to their system state. But that's only half the battle. A change could be authorized but still create new security risk. Organizations need to watch for these types of events.
That's where another foundational security component comes in.
Security configuration management (SCM) allows an organization to monitor for misconfigurations and other configuration changes with security implications. Whether consisting of manual processes or automated technology solutions, SCM fulfills two crucial needs of all types of businesses: reduce risk by assuring secure configurations are in place and ensure compliance with regulations. It's therefore no wonder nearly every security framework, best-practice, and regulation comes bakes in some form of SCM.
There are two use cases for SCM. The first, assessment, measures a system's current state against a set of secure configuration policies. The latter is a desired group of security settings and as such serves as an excellent reference point against which organizations can establish their overall state of compliance and acceptable level of risk. When assessment is complete, companies can follow up with continuous monitoring. This second use case of SCM is ideal for detecting, prioritizing, and responding to instances of configuration drift.
Integration with FIM, remediation workflows, and secure configuration policies improves the effectiveness of a SCM solution. But such convergence overlooks a chief consideration: how do organizations determine which assets they should monitor using SCM?
To get to the bottom of that concern, Tripwire has published Security Reference Architecture: A Practical Guide to Implementing Foundational Controls. The resource uses the key objectives of security configuration management, i.e. reducing the attack surface and ensuring compliance, to help organizations determine their SCM asset coverage and monitoring. Companies can make these decisions using a variety of key drivers for prioritization, including applicable regulations, risk, business functions, and the presence of sensitive data, as well as readiness of the asset, group of assets, and/or part of the organization. The publication also identifies key metrics and criteria companies can use to measure the effectiveness of their SCM solution across five different business categories.
Organizations can learn more about how they can use security configuration management to reduce security risk and respond to configuration drift by downloading Tripwire's guide here. They can also download a free eBook on SCM here.