Proactive Configuration Management: The Key to Good Cybersecurity

Proactive Configuration Management
The Key to Good Cybersecurity

Proactive Configuration Management: The Key to Good Cybersecurity

While industry continues to spend heavily on reactive measures and tools to guard against zero-day vulnerabilities, targeted attacks, and such, most attacks are enabled by weak controls, and insufficiently comprehensive configuration management practices.

Proactive Configuration Management: The Key to Good Cybersecurity 

In a mobile-first, cloud-first world, the attack surface has expanded past the traditional IT perimeter and enterprises need to manage identities and secured configurations to harden devices, govern and manage Shadow IT, and make sure sensitive information is safeguarded. 

Recent high-impact cybersecurity events indicate that one of the most common root-causes is insecurely configured IT infrastructure. While industry continues to spend heavily on reactive measures and tools to guard against zero-day vulnerabilities, targeted attacks, and such, most attacks are enabled by weak controls, and insufficiently comprehensive configuration management practices.  IBM x-force  has reported a “historic 424% jump in breaches related to misconfigured cloud infrastructure, largely due to human error” (Source: IBM X-Force Threat Intelligence Index  April 4, 2018).

Many enterprises, however, are behind the curve in protecting against, as well as remediating and recovering from rapid cyberattacks. This is mainly due to a poor understanding of how to assess their security posture against these types of attacks. Let’s take one of the numerous recent incidents (Code Spaces, USCENTCOM, Dow Jones, Accenture among others) and have a close look at the breach at Capital One recently. As a result of misconfigurations at the WAF and the Metadata server on AWS, over 106 million credit applications were exposed.  AWS has maintained that this was not their fault; the security configurations that the credit card company failed to design into their security profiles were known for at least two years (Owasp 2017).  At Accenture, at least five of their AWS storage buckets were unprotected with passwords, and unencrypted, but contained highly sensitive keys whose loss could have impacted thousands of Accenture clients. 

The real question is: how was this allowed to happen, particularly in technologically astute and process sensitive companies? We know that the problem in this case studywas a Security Configuration design failure.  The problem at Accenture was a configuration management run-time failure; they failed to ensure that as-running = as-designed.  

Prioritize and protect mission critical assets with the help of our expert cybersecurity team

It is clear that there are numerous controls that are available in IT infrastructures (especially in the cloud) to guard against such exposures. But using these controls comprehensively, and continuously is critical.  All elements are important. 

Comprehensive configuration means that all available controls are applied to all assets, regardless of whether they are in any particular cloud, in on-premises IT, or virtualized infrastructures. Capital One failed to do this at the design stage. 

Continuous configuration management means going beyond quarterly audits. The smaller the time interval between configuration checks, the lower the cumulative cyber risk. Developers and operations teams routinely bypass controls to get their job done, but catching these changes and correcting them automatically is critical to risk reduction.  Accenture failed to detect & then remediate misconfigurations during the transition from development to production.

A subscription-based security configuration management solution simplifies and automates the process of consistently applying critical controls derived from international standards, regulations, and best practices, comprehensively to your hybrid IT infrastructures (across all public and private clouds, an on-premises elements), continuously over the entire infrastructure lifecycle. 

In a cloud-first world, it is important to invest in a comprehensive configuration management solution that automates security and compliance whilst reducing cyber risk and remediation cost at the same time. Based on recent cybersecurity incidents indicate that one of the most common root-causes is improperly configured IT infrastructure. While industry continues to spend heavily on reactive measures and tools to guard against zero-day vulnerabilities, targeted attacks, and such, most attacks are enabled by weak controls, and insufficiently comprehensive configuration management practices.  

Get in Touch to Build Your Cybersecurity Strategy

To learn more about how we can secure your data visit our website for more information about our Managed Security offerings.

Contact us
  • Wednesday 11 September 2019

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan Director, Security Practice & CISO

Software Portfolio Management

Related Articles

achieving-an-agnostic-approach-to-cybersecurity
  • 29 October 2019
  • Bala Sethunathan
  • Managed Security
  • Cyber-Security, Security, Cloud

Achieving a Holistic Approach to Cyber-Security

Experts are recommending organizations to take a holistic approach to cyber-security. Learn about the specific controls you can put in place to protect your business in the new era of threats

How to Prepare for Exchange 2010 End of Support
  • 24 October 2019
  • Dan Ortman
  • Publisher Advisory, Managed Security
  • Office 365

How to Prepare for Exchange 2010 End of Support

Exchange 2010’s end of support is occurring on October 13th, 2020. Learn more about your organization’s best possible options for upgrade today.

4 Reasons Every Organization Needs Cloud Security
  • 23 October 2019
  • Bala Sethunathan
  • Managed Security
  • Cyber-Security, Cloud, Security

4 Reasons Every Organization Needs Cloud Security

While many organizations may believe a cloud environment can be deployed within their existing security infrastructure, this isn’t the case. Let’s take a closer look at four reasons why cloud security is essential to your organization.