Gone are the days when security teams could focus all of their efforts on keeping attackers out of the network. There’s no inside or outside anymore. The modern network is porous; it allows greater numbers and types of devices to connect to it from all over the world.

This characteristic might serve organizations’ evolving business needs as they pursue their respective digital transformations. But it complicates their security efforts. Each and every one of those connections constitutes an attack vector through which a malicious actor could attempt to gain a foothold into the network. As they continue to accumulate, these attack vectors expand organizations’ attack surface.

That’s a problem. Once malicious actors are inside the network, traditional security solutions such as firewalls and IDPSes don’t do much good. Those attackers can then exploit that oversight to move laterally throughout the network in an attempt to steal access to and exfiltrate organizations’ sensitive information.

These issues raise an important question: how can organizations defend themselves against threats that make it inside their network?

SCM to the Rescue

Secure configuration management provides organizations with one option. As discussed in a previous blog post, SCM is a critical security control that enables security teams to monitor the desired state of the organization’s assets. This state more often than not disagrees with the default configurations available for POS terminals, laptops, tablets, applications and other network devices. Indeed, those settings tend to favor ease of installation rather than security.

Having documented that desired state for each IT asset, security teams can then use SCM to continuously monitor for deviations from a secure baseline configuration. These types of deviations are known as “configuration drift.” They may be accidental or malicious nature, and they might arise from internal or external changes within the organization. In (Read more...)