In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM).
Faster breach detection
Today’s cyber threat landscape is extremely challenging. This is highlighted by the length of time it takes to detect a breach. The gap from a breach to detection is still lingering at 205 days, according to Mandiant. Two hundred five days is nearly seven months, and that is a lot of time for your enemies to wreak havoc on your network.
So where does an organization start to “keep their enemies closer?” The SANS Institute and the Center for Internet Security recommend that once you inventory your hardware and software, the most important security control is secure configurations.
What is Security Configuration Management?
The National Institute of Standards and Technology (NIST) defines security configuration management as “The management and control of configurations for an information system with the goal of enabling security and managing risk.”
Attackers are looking for systems that have default settings that are immediately vulnerable. Once an attacker exploits a system, they start making changes. These two reasons are why security configuration management tools are so important. SCM can not only identify misconfigurations that make your systems vulnerable but can also identify “unusual” changes to critical files or registry keys.
With a new zero-day threat revealed almost daily, signature-based defenses are not enough to detect advanced threats. To detect a breach early, organizations need to understand not just what is changing on critical devices but also be able to identify “bad” changes. SCM tools allow organizations to understand exactly (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Brian Jackson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-configuration-management/why-security-configuration-management-matters/