We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS controls as they provide a critical baseline for maintaining our security framework and keeping up our integrity monitoring processes.

To understand the utility of integrity monitoring, let’s review some questions that we might ask ourselves in order to evaluate a network firewall’s configuration:

  • What was the last known good configuration?
  • What were the settings of the operating system on the device at the last known good configuration?
  • What are the file types and executables on this device?
  • What are the patching procedures, and how are they reconciled?
  • Is it automated? Are exceptions to the environments? If yes, how are they addressed?
  • Is the software regularly updated, and how is the integrity measured and validated?
  • Who has access to the device, and have they made changes to it?
  • Who has made changes, and are all changes incorporated into an SCM or a CM Systems/Process?
  • How much time is the above taking, and how accurate is it?

These considerations also need to be broken down into costs which either a VP of operations or a CISO consider to have major importance to the company. Doing this takes time and money. For instance, if it takes an FTE 10 hours per week to address the organization’s firewall infrastructure, without taking into consideration the skills-gap, hiring, wages and the talent pool, then what about the rest of the security environment?

It’s also crucial to keep the following questions in mind:

  • How accurate is the process?
  • Are their assumptions built into the above model?
  • What are the known points that are tied into the company’s (Read more...)