Page 46 - CDM Cyber Warnings February 2014
P. 46
the fire escape window to water the potted hydrangea tell the SCM system about the new asset and ask it to
sitting out there but forget to close it afterwards: perform an on-the-spot configuration assessment.
configuration drift. I enable Telnet to maintain or update
● Similarly, security configuration management systems
a server and then forget to disable it afterwards:
configuration drift. are evolving intelligent ways to classify assets: by busi-
ness unit, by system owner, by critical application,
A primary weakness of our House Analogy is actually even by the type and criticality of data stored on the
useful here, as it shows us the critical need for automation. system. This helps manage and prioritize their own
In real life, most people have one house. But most risks, but when shared with a vulnerability manage-
organizations have hundreds—if not many many ment system also helps clarify and prioritize remedia-
thousands—of servers, desktop systems, laptops and tion efforts.
devices. These represent an almost inexhaustible supply of
attack surface and potential beachheads. How can we win ● Both of these systems are being used extensively by
a war at this scale� SIEM systems as a foundational source of security
information: In the first case, correlating known vul-
Automation requires us to not only create continuous, nerabilities with detected threats, and in the second
ongoing routines to assess states across this vast array of case using sudden configuration changes (Why is the
targets, but it also requires us to make allowances for the �Telnet should not be enabled � test suddenly failing� )
constantly changing conditions that give meaning and to power real-time threat intelligence models.
relevance to risk. In the case of our house, it�s useful to
know that over the last two years the leafy maple out back SC Magazine summed up these needs in a prescient review
has grown a large solid branch that�s close enough to an of policy management systems—what we�ve called
upstairs bedroom for a tall thief to reach the window. And �security configuration management� systems in this
the inverse is sometimes true: if the old kitchen window article—way back in 2010: �The only reasonable answer to
was painted shut twenty years ago, who needs to waste time the challenges of compliance, security and configuration
including it in our daily �is it locked� checklist � management is to automate the tasks.�
This critical need for current �state� information has They key to continuous hardening as a goal and a discipline
caused the security community to create more persistent is a willingness to seek out and employ automation
real-time agents, more effective scanning processes that are wherever possible. Gone are the days when isolated, siloed
�aware � of network constraints, and ways to avoid �mega systems can harden information systems and keep them
scans� in favor of continuous segmented scanning. They�ve that way in the face of continuous drift. Highly interactive
also broken down barriers between infosec solutions solutions—security configuration and vulnerability
themselves, and addressed another critical requirement for management solutions in particular—that understand the
achieving this attribute of �continuousness �: information ever-shifting nature of �state� and talk to each other
security systems must talk to one another. regularly are the first, best, and often the last line of defense.
A few simple examples illustrate this need: About the Author:
Michael Thelander is the Director of Product Management at Tripwire, and
has been managing and marketing technology products for 20 years, includ-
● Vulnerability management systems are quite good at ing products for flight training, network energy, and IT security… plus a few
regrettable forays into education and publishing. His articles and interviews
finding unexpected (and likely unsecured) systems. have appeared in The State of Security, IT Professional, CFO Magazine,
SoftwareCEO.com and many others
When one of these is discovered, the VM system can
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 46