Gone are the days when security teams could focus all of their efforts on keeping attackers out of the network. There’s no inside or outside anymore. The modern network is porous; it allows greater numbers and types of devices to connect to it from all over the world.
This characteristic might serve organizations’ evolving business needs as they pursue their respective digital transformations. But it complicates their security efforts. Each and every one of those connections constitutes an attack vector through which a malicious actor could attempt to gain a foothold into the network. As they continue to accumulate, these attack vectors expand organizations’ attack surface.
That’s a problem. Once malicious actors are inside the network, traditional security solutions such as firewalls and IDPSes don’t do much good. Those attackers can then exploit that oversight to move laterally throughout the network in an attempt to steal access to and exfiltrate organizations’ sensitive information.
These issues raise an important question: how can organizations defend themselves against threats that make it inside their network?
SCM to the Rescue
Secure configuration management provides organizations with one option. As discussed in a previous blog post, SCM is a critical security control that enables security teams to monitor the desired state of the organization’s assets. This state more often than not disagrees with the default configurations available for POS terminals, laptops, tablets, applications and other network devices. Indeed, those settings tend to favor ease of installation rather than security.
Having documented that desired state for each IT asset, security teams can then use SCM to continuously monitor for deviations from a secure baseline configuration. These types of deviations are known as “configuration drift.” They may be accidental or malicious nature, and they might arise from internal or external changes within the organization. In any of those scenarios, they leave systems more vulnerable by taking them out of their secure state. Security teams must therefore be vigilant for configuration drift so that they can take remediation steps to return a monitored asset to its given baseline as quickly as possible.
SCM Throughout the Organization
For SCM to be effective, security teams want to make sure they can monitor and manage all critical computing resources including remote users’ laptops, physical servers, network devices and/or cloud-based assets. They therefore need to make sure that they have the capabilities to implement SCM throughout the organization. Provided below are some recommendations on how security teams can implement SCM for three different types of scenarios: cloud-based assets, industrial environments and remote work.
SCM in the Cloud
Most organizations’ assets are not stored in one type of environment. Indeed, organizations commonly use both on-premise and cloud environments to adapt to their evolving needs. Unfortunately, these “hybrid” networks add complexity to the attack surface. Hybrid models necessitate that organizations secure their assets across multiple types of environments, which might include the offerings of more than one cloud service provider. This makes it difficult for some security solutions to uniformly work across the entire hybrid network.
With that said, organizations can secure their hybrid networks by focusing on security fundamentals such as SCM. They can specifically use automated tools to conduct the same level of configuration monitoring in the cloud as they do across physical systems. In the cloud, they should direct this monitoring to accord with the duties they hold under the Shared Responsibility Model with their cloud service provider.
Industrial environments are a bit more complicated to secure as they incorporate both OT assets and IT systems. As such, they contain a growing number of Industrial Internet of Things (IIoT) devices that use the web to carry out crucial industrial functions. This connectivity expands the attack surface, as it potentially exposes once-isolated OT assets like operational workstations, SCADA equipment and programmable logic controllers to the Internet.
To secure all of these industrial devices, security teams must first correctly configure them. They must then follow the model they implemented with the employer’s IT infrastructure and continuously monitor those devices’ configurations. The last thing they want to do is disrupt the functionality of those assets in some way, so security professionals should strive to perform that monitoring in a way that doesn’t interfere with each device’s operability.
Remote Work and SCM
Last but not least, security teams need to make sure that their organization’s secure configuration management strategy extends to remote workers. That’s a must in light of the fact that most organizations shifted to a majority remote workforce in response to COVID-19.
Security teams can best apply SCM to the organization’s remote workforce by first building an inventory of all assets that need protecting. Those devices don’t just include employees’ laptops; they also include the authentication infrastructure and the helpdesk that facilitate the possibility of remote work, for instance. Once they have that inventory, security teams can deploy SCM tools to all of the components involved. This will help to mitigate digital threats introduced by remote connectivity.
Keeping It All in Perspective
Security teams need not feel overwhelmed by implementing SCM across all the different segments of their organization’s infrastructure. All they needed to do is start with a risk management perspective in mind. From there, it will be relatively straightforward for them to prioritize their efforts and move from one environment to the next.
For more information on how to apply SCM to your organization’s infrastructure, please download Tripwire’s eBook.
FURTHER READING ON SCM:
- SCM: Understanding Its Place in Your Organization’s Digital Security Strategy