Two of the 6 basic security controls, according to the Center for Internet Security, are focused on the current state of your assets. Assessing the state of your assets has been a priority for years, but the old means aren’t as effective in modern infrastructure as they were on legacy systems. These two critical controls – Continuous Vulnerability Management and Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers – are a foundational part of any security program, but you’ll run into implementation challenges if you simply drag legacy tools into a cloud environment. That’s why osquery, a light weight and cloud friendly universal agent, is quickly becoming the go-to for helping to secure cloud workloads, in part through the effective application of these two critical controls. Let’s explore how.
Critical Control #3: Continuous Vulnerability Management
Forgive my pedantry here, but continual vulnerability management, or scanning your network once per quarter and dumping a giant report on IT’s desk, was the bare minimum to satisfy regulators for years. Continuous vulnerability management, as CIS [and any security expert] suggests, requires a lot more. It’s a constant cycle of:
- collecting the state of your systems,
- assessing that state to identify which known vulnerabilities are present, and
- prioritizing the identified vulnerabilities which demand immediate remediation.
The big reason to highlight this differentiation for cloud workloads is that old assumptions that your servers remain the same for many months are no longer relevant. New methods are needed to (Read more...)
