Sunday, April 11, 2021
  • BSides Philly 2020 – Kelley Robinson’s ‘What If We Had TLS For Phone Numbers’
  • Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021
  • Three Years In: An Update on the Georgia Cyber Center
  • “You shouldn’t treat knowledge like it’s a competition”
  • Endpoint Isolation: Can endpoints be hardened while keeping users productive?

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Security Requires Immutability: Avoid Dynamic Environments with Change Management

Security Requires Immutability: Avoid Dynamic Environments with Change Management

by Tyler Reguly on March 24, 2019

When Shelley published his famous poem in 1816, he was telling us that the only constant in life is change. This was not a new concept, even then. Heraclitus proposed the same concept around 500 BCE with ‘Panta rhei’ (Life is Flux or everything changes). Even though we all know and understand this ancient concept, people still have difficulty with change.

When I was in high school, Sheryl Crow even tried to remind us with her hit song, A Change Would Do You Good. And she was right, a change would do some of us good. Mutability is a fact of life that we can’t avoid, and we need to embrace it because that change opens the door for many new possibilities.

The critical importance of immutability in cybersecurity

While this is a great life philosophy, mutability is not one of the major tenets of cybersecurity. In fact, the very opposite is true… we want immutability. A great example of this desire appears in a recent article from my colleague, Craig Young.

In the article, he discusses how important it is to democracy that voters have confidence that the vote they input with electronic voting be the same vote when it is counted. Voters want to know that their votes are immutable, and electronic voting without a human readable element removes that knowledge.

In this case, change is definitely not good.

The desire for immutability in cybersecurity is why IT has, for years, had the concept of a gold image. You create a single environment, ensure everything is properly configured and create a static copy from which you image all future machines. This way, you know that your PC setup is immutable from system installation to system installation.

No matter which technician works on deploying a new (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/security-immutability/

March 24, 2019March 24, 2019 Tyler Reguly Cyber Security
  • ← Where Next for Smart Cities?
  • Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, World’s Most Dangerous Malware →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Time to Retire a Cybersecurity Cliché
Breach Clarity Data Breach Report: Week of April 5
Mitigating Threats to the Application Layer
Secrets Detection: An Emerging AppSec Category
Tom Cruise, TikTok and Fraud: How to combat DeepFakes
Announcing ShiftLeft CORE — A Code Security Platform
Education In The Crosshairs Of Cyberattacks | Avast
Cyber Security for Critical Infrastructure: Challenges and Solutions
CERIAS – Frederick Scholl’s ‘Cybercrime: A Proposed Solution’

Upcoming Webinars

Tue 13

How to Build Safer Cloud-Native Applications

April 13 @ 3:00 pm - 4:00 pm
Wed 14

AppSec Risk: You Can’t Manage What You Can’t Measure

April 14 @ 1:00 pm - 2:00 pm
Thu 15

The Age of Collaborative Security

April 15 @ 11:00 am - 12:00 pm
Fri 16

Expect More From Your AppSec Vendor

April 16 @ 1:00 pm - 2:00 pm
Wed 21

Managing Open Policy Agent at Scale – Styra DAS

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Secrets Detection: An Emerging AppSec Category
Application Security AppSec Cloud Security Cybersecurity Data Security Endpoint Industry Spotlight Security Boulevard (Original) 

Secrets Detection: An Emerging AppSec Category

April 8, 2021 Mackenzie Jackson | 3 days ago 0
Breach Clarity Data Breach Report: Week of April 5
Cybersecurity Data Security Industry Spotlight Security Awareness Security Boulevard (Original) Threats & Breaches 

Breach Clarity Data Breach Report: Week of April 5

April 7, 2021 Kyle Marchini | 4 days ago 0
Smart IAM: The Key to Seamless Sign-Ons
Cybersecurity Identity & Access Industry Spotlight Mobile Security Network Security Security Boulevard (Original) 

Smart IAM: The Key to Seamless Sign-Ons

April 6, 2021 Dave Taku | Apr 06 0

Top Stories

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’
Analytics & Intelligence Application Security AppSec Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Facebook Sucks: Huge 500M-User Breach ‘Is Your Fault’

April 8, 2021 Richi Jennings | 3 days ago 0
Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL
Analytics & Intelligence Application Security Cybersecurity Data Security Endpoint Featured Identity & Access Malware Mobile Security News Security Boulevard (Original) Spotlight 

Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL

April 5, 2021 Richi Jennings | Apr 05 0
Ubiquiti Accused of Lying to Help Stock Price
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Identity & Access Incident Response IoT & ICS Security Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Ubiquiti Accused of Lying to Help Stock Price

April 1, 2021 Richi Jennings | Apr 01 0

Security Humor

via   the textual amusements of  Thomas Gx , along with the Illustration talents of  Etienne Issartia  and superb translation skillset of  Mark Nightingale  - the creators of   CommitStrip  !

CommitStrip ‘The Secret Of A Successful Code Review’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.