Digital attackers can compromise a system in a matter of minutes. But it generally takes organizations much longer to figure out that anything has happened. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that more than half of large organizations took days or even months to detect a security incident. Such dwell time gave attackers all they needed to move throughout an infected network and exfiltrate sensitive data.

The finding shared above raises an important question: how can organizations gain more timely insight into what’s happening on their networks?

The answer lies in organizations investing in their security fundamentals. This blog post will focus in on one of those basic measures: secure configuration management (SCM). After providing a definition of this security control, the post will describe how SCM complements an organization’s security and compliance efforts before illuminating how it can fit within an overarching digital security strategy.

What Is SCM?

The National Institute of Standards and Technology (NIST) defines security configuration management as “the management and control of configurations for an information system to enable security and facilitate the management of risk.” At its heart, SCM is a digital security process that’s designed to harden digital systems against digital attacks. It can also help organizations shrink their respective attack surfaces.

The purpose of SCM is to make sure an organization’s systems are properly configured to meet the organization’s security and compliance requirements. From a security standpoint, organizations need to minimize the existence of misconfigurations; malicious actors could weaponize a broken setting as an entry point into their network. This threat places the onus on organizations to define what a secure configuration baseline looks like for each of their assets and to then continuously monitor their assets for deviations. Any unexpected change could (Read more...)