Monday, September 25, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Data Breaches from MOVEit Zero-Day Still Piling Up
  • More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator
  • Randall Munroe’s XKCD ‘Urban Planning Opinion Progression’
  • Takeaways for Businesses in the Rapidly Evolving Data Security and Privacy Landscape
  • What is digital trust, and why is it at risk
Security Bloggers Network 

Home » Security Bloggers Network » Security Requires Immutability: Avoid Dynamic Environments with Change Management

SBN

Security Requires Immutability: Avoid Dynamic Environments with Change Management

by Tyler Reguly on March 24, 2019

When Shelley published his famous poem in 1816, he was telling us that the only constant in life is change. This was not a new concept, even then. Heraclitus proposed the same concept around 500 BCE with ‘Panta rhei’ (Life is Flux or everything changes). Even though we all know and understand this ancient concept, people still have difficulty with change.

AWS Builder Community Hub

When I was in high school, Sheryl Crow even tried to remind us with her hit song, A Change Would Do You Good. And she was right, a change would do some of us good. Mutability is a fact of life that we can’t avoid, and we need to embrace it because that change opens the door for many new possibilities.

The critical importance of immutability in cybersecurity

While this is a great life philosophy, mutability is not one of the major tenets of cybersecurity. In fact, the very opposite is true… we want immutability. A great example of this desire appears in a recent article from my colleague, Craig Young.

In the article, he discusses how important it is to democracy that voters have confidence that the vote they input with electronic voting be the same vote when it is counted. Voters want to know that their votes are immutable, and electronic voting without a human readable element removes that knowledge.

In this case, change is definitely not good.

The desire for immutability in cybersecurity is why IT has, for years, had the concept of a gold image. You create a single environment, ensure everything is properly configured and create a static copy from which you image all future machines. This way, you know that your PC setup is immutable from system installation to system installation.

No matter which technician works on deploying a new (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/security-immutability/

March 24, 2019March 24, 2019 Tyler Reguly Cyber Security
  • ← Where Next for Smart Cities?
  • Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, World’s Most Dangerous Malware →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Thu 28

A Guide to Smart Dependency Management

September 28 @ 12:00 pm - 1:00 pm
Oct 03

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

October 3 @ 11:00 am - 12:00 pm
Oct 11

ASPM: Leveling the AppSec Playing Field

October 11 @ 1:00 pm - 2:00 pm
Oct 16

Shadow Access: Where IAM Meets Cloud Security

October 16 @ 3:00 pm - 4:00 pm
Oct 17

Securing Cloud-Native Applications Across the Software Development Life Cycle

October 17 @ 11:00 am - 12:00 pm
Oct 18

Live Workshop on ‘SCA 2.0’: Using Runtime Analysis to Find High-Risk SCA Vulnerabilities

October 18 @ 12:00 pm - 1:30 pm
Oct 19

Managing Security Posture and Entitlements in the Cloud

October 19 @ 1:00 pm - 2:00 pm
Oct 24

When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

October 24 @ 11:00 am - 12:00 pm
Oct 24

Reporting From the Pipeline: The State of Software Security in DevOps

October 24 @ 1:00 pm - 2:00 pm
Oct 30

Zero-Trust

October 30 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

How Threat Hunting can Strengthen Your Cybersecurity Posture
GitLab Releases Urgent Security Updates for Critical Flaw
Gaming, Financial Services Apps Under Attack
China Accuses US of Years of Cyber-Spying, Malware Campaigns
Don’t Ignore Data Sovereignty
Helpdesk Telephone Attack: How to Close Process and Technology Gaps
Improve Your Organization’s Cloud Infrastructure with PeoplActive’s Cloud Consulting Services
A Guide to Understanding the Three CMMC Levels
Email Intelligence Dashboard
The Role of AI and Machine Learning in Strengthening Cloud Security

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator
Analytics & Intelligence API Security Application Security AppSec Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Insider Threats Malware Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Social Engineering Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator

September 25, 2023 Richi Jennings | 3 hours ago 0
Google: Chromebooks Will Get 10 Years of Software, Security Updates
Application Security Cybersecurity Data Security Endpoint Featured Industry Spotlight Malware Mobile Security Network Security News Security Boulevard (Original) Spotlight 

Google: Chromebooks Will Get 10 Years of Software, Security Updates

September 19, 2023 Jeffrey Burt | Sep 19 0
Group Allegedly Behind MGM, Caesars Attacks is Fairly New to Ransomware
Cloud Security Cybersecurity Data Security Featured Identity & Access Industry Spotlight Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches 

Group Allegedly Behind MGM, Caesars Attacks is Fairly New to Ransomware

September 18, 2023 Jeffrey Burt | Sep 18 0

Top Stories

Data Breaches from MOVEit Zero-Day Still Piling Up
Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Data Breaches from MOVEit Zero-Day Still Piling Up

September 25, 2023 Jeffrey Burt | 1 hour ago 0
Qakbot Takedown Resembles Hack Back, Will Botnet, Malware Be Resurrected?
Analytics & Intelligence Application Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Qakbot Takedown Resembles Hack Back, Will Botnet, Malware Be Resurrected?

September 25, 2023 Teri Robinson | 8 hours ago 0
China Accuses US of Years of Cyber-Spying, Malware Campaigns
Cybersecurity Data Security Featured Identity & Access Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

China Accuses US of Years of Cyber-Spying, Malware Campaigns

September 22, 2023 Jeffrey Burt | 3 days ago 0

Security Humor

Ahmed El-Tantawy

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.