Security Configuration Management (SCM) exists where IT security and IT operations meet. It has evolved over the years from a ‘nice to have’ to a ‘must-have.’
The last line of defence is on the endpoint, as network intrusion detection becomes less effective and as the attacks become more sophisticated.
One area where a good SCM solution should address is enforcing security frameworks, such as ISO 27002:2013, CIS Critical Security Controls, etc. And let’s not forget regulatory requirements, such as our good friend PCI DSS where those systems in scope have to meet those standards.
One of the key challenges in enforcing these standards and frameworks is the effort that is required to meet these best practices in the first place. Once the systems are compliant, maintaining that compliance can be a struggle.
Have you ever found yourself in the following scenario?
- You choose a framework(s) to become compliant in, or you have to be complicit to regulatory requirements.
- You invest in time and resources to get the systems in scope to meet these best practices and standards.
- Internal/External auditors (QSA) come in and are generally pleased, for the effort you have put in has paid off.
- 10 months pass, and you realise the auditors are due in soon.
- A huge amount of time and effort is required to get the systems that have ‘slipped’ out of compliance back into compliance in time.
After working for over 15 years in the information security industry, I can speak from experience that this is a common scenario.
So, what’s the solution? How can a good piece of SCM software help you here?
Tripwire Enterprise is a market-leading SCM solution that helps identify what systems are not compliant and help you get them back into compliance through automated and scripted remediation, saving countless money and hours, as well as keeping your risk posture consistent.
To provide more information on this subject, Tripwire is hosting a webinar on Wednesday 16th March 2016 at 10:00 AM called “Simplifying SCM.”
Join Tripwire experts Paul Edon, Director of Customer Services at Tripwire; Jeff Lawson, Director of Product Management; and me (Paul Norris), Senior Systems Engineer, as we show you how to:
- Adopt and implement a security hardening policy that will effectively harden your systems against attacks without breaking your budget.
- Rapidly repair configuration drift so you can continuously comply with industry or government regulations and product automated documentation that proves it.
- Provide prioritized lists of actions to improve your organization’s security and compliance posture.
Join this informative webinar and learn how to take the confusion out of Security Configuration Management.
Title image courtesy of ShutterStock