An organization’s computer network is never fixed. It is constantly changing. To illustrate, as a company continues to grow, it might adopt a different mission that requires the installation of new endpoints onto its network. Additionally, with the detection of new exposures, security teams will need to update all critical devices running the vulnerable software.
A vulnerability management program can help orchestrate those and other changes. With the help of continuous scans and threat intelligence feeds, organizations can stay on top of the latest exposures, spot vulnerable areas in the network, and create a patching schedule based on the severity of each known vulnerability.
But vulnerability management programs can only go so far. Many vulnerability scanning tools are signature-based, which means they must know what they’re looking for if they are to detect it.
Those solutions don’t have the capability to spot zero-day vulnerabilities, flaws which the security community has yet to identify. Attackers can abuse those little-known issues to make changes to a vulnerable endpoint’s configuration and gain access to the corporate system.
To protect their networks, organizations can’t just know about approved configuration changes, such as a software update to patch a vulnerability. They need to track all modifications, including unauthorized ones initiated by an attacker.
But just how is an organization supposed to meet that requirement?
The answer is security configuration management (SCM), a topic which Tripwire discusses at length in its endpoint detection and response (EDR) resource Endpoint Security Survival Guide: A Field Manual for Cyber Security Professionals.
It’s a matter of fact that most endpoints’ default configurations are built for maximum availability and not security. Organizations can close that gap by hardening their network devices’ default configuration. Specifically, they can start with a prescriptive compliance policy.
From there, they can begin identifying unnecessary ports and services, as well as restricting elevated privileges to only those users who need them.
As that process continues to evolve, companies can reassess their security policies, develop standard operating procedures (SOPs) to manage the hardening of hardware and software, and begin to develop “secure gold images,” or standard security settings which organizations can use to replace an endpoint if that device is ever compromised.
The right security settings won’t come immediately. But by making numerous adjustments over time, organizations can find the right balance of security, availability, and performance that best suits their needs.
Interested in learning more about how SCM can protect your computer network? Download Tripwire’s EDR resource here.