Happy 2018, everyone!

With the start of a new year, everyone makes resolutions that they may or may not be able to keep. One of the most common New Year’s resolutions (and arguably the most difficult to keep) is to exercise, get healthy, and/or lose weight.

This is a common thread in businesses, as well, as we see many organizations make the resolution to trim the fat, cut budgets, and do more with less. Well, this year, this is something we can actually do. The best way to do this is not to reinvent the wheel.

Rather, let’s look at an industry best practice that can provide great return on our investment!

The Center for Internet Security maintains their Top 20 Critical Security Controls. You likely have heard me (and many others) talk about these controls. They are a great way to organize a security team’s time and budget in the most effective way with the most amount of return.

The top four focus on asset discovery, vulnerability management, and configuration management. The key areas I want to focus on in this blog are CSC#3 – Secure Configurations for Hardware and Software and CSC#11 – Secure Configurations for Network Devices. These two controls say that an organization should focus on configuring securely and maintain those configurations on their applications, servers, workstations, and network devices.

Why are secure configurations so important?

Imagine wanting to secretly enter a building without using the front door. What would you do?

If you saw some of the holiday spy movies, one of the first things on your list would be to get the blueprints of the building. Having the blueprints gives you the opportunity to find the weakest points of entry into the building as well as how to get from that point (Read more...)