In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development.
When it comes to the cloud, most organizations’ futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and public and private clouds.
At the same time, as enterprises continue to adopt DevOps practices, security teams will need to try to keep up with new processes and technologies that introduce different kinds of risks and challenges. That task includes maintaining visibility of containers and their contents.
The implementation of a consistent set of security controls across hybrid cloud assets, DevOps systems, and container contents is needed to maintain strong security postures in increasingly more complex environments. Organizations should focus on four security controls in particular:
1. Security Configuration Management
Secure configuration management (SCM) assures systems are set up and maintained so as to minimize risk while still supporting the essential business functions of the system. In small organizations, SCM can seem simple, but it’s quite complicated for enterprises that operate larger, more complex technology environments consisting of numerous systems, asset owners, and applications, all of which have differing configuration states and business requirements. For this reason, enterprises should consider investing in technology that automates the assessment, monitoring, and management of configurations across all systems.
2. File Integrity Monitoring
File integrity monitoring (FIM), perhaps better described as “system integrity monitoring,” helps determine if systems are still in a secure, trusted state and what changed if they are not. At the heart of FIM is a broad process; it’s not just about monitoring changes for files but also the integrity of registries, databases, and applications. Additionally, a good FIM or system integrity monitoring program should be able to sort through and prioritize those changes to help you build an actionable workflow for addressing them.
3. Vulnerability Management
On-going exploits of known vulnerabilities show that vulnerability management (VM) is still a challenge for many organizations. Most large organizations have some form of VM in place, but a lot of VM programs demand time and manual effort from their teams. As a result, it’s a matter of VM programs maturing and incorporating more automation. Some specific issues to answer when maturing your VM program include determining what assets need to be scanned, where those scan engines should be deployed on the network, and if they’re using credentialed scans.
4. Log Management
Sifting through mountains of log and event data can get overwhelming. In today’s environment, what you really need is log intelligence with security analytics and forensics for rapid response. Although almost every organization we work with has some log management system in place, there’s often a lack of actionable information coming out of those systems to help reduce risk or prevent breaches. Although just collecting the logs may be a valuable way to improve compliance, organizations should explore use cases that will help reduce risk and enable them to proactively identify potential issues.
Tripwire and Foundational Security Controls
Tripwire offers numerous solutions that promote the four controls described above. With Tripwire Log Center, organizations can ensure that all desired log data is captured and retained. Tripwire Configuration Compliance Manager helps companies make sure their systems are securely configured.
FIM finds its home in Tripwire Enterprise, a solution which applies system integrity monitoring to files, directories, registries, configuration parameters, DLLs, ports, services, protocols, and other assets. Finally, Tripwire IP360 helps organizations prioritize known and applicable vulnerabilities based upon their business requirements.
To learn more about Tripwire’s solutions and how they can help your business implement foundational security controls, click here.
This blog post was inspired by a conversation between Edward Amoroso, Founder and CEO of TAG Cyber, and Dave Meltzer, CTO of Tripwire.