Exposure Management 101: Misconfigurations

Introduction

Nearly every operating system, database, storage environment, printer, etc. has some form of configuration that needs to be made. In many cases, the configurations are related to security, to ensure the device or environment is secured from an attack. We all know that configurations change, either by humans, scripts, installations, or even attackers. The saying “drift happens” is real and true. So, how are you keeping all of your assets that require security configurations monitored to ensure there is no drift? Are your assets vulnerable to an attack and exploitation, but you are not even aware of it?  

Configuration Monitoring  

Organizations from as small as 10 users to large enterprises with 100,000 users all have the same concern when it comes to security configuration drift. There is just not enough time to monitor all changes and to know if the change results in a security gap or not.  

This is why there are solutions that monitor security configuration changes specifically. Not only can a solid security configuration change monitoring solution check for changes, but the changes can be compared to “baselines” to ensure that the change is not negative. These baselines already exist in the form of CIS Benchmarks. Yes, CIS has already documented over 100 different platform security best practices and made them available for you to use.  

This is what Nanitor does for you! Nanitor will gather all the security configurations from all your assets, then automatically compare the settings to the benchmarks to ensure the best security is in place. If there are any security configuration issues, Nanitor will report them back to you so you are aware of the security concerns, as you can see in Figure 1.  

Figure 1. Nanitor shows where assets are not meeting the CIS Benchmarks.  

Combining Asset and Misconfiguration Priorities 

Attackers look for specific computers on the network to query and attack. They prefer high-value assets like domain controllers, application servers, databases, etc. This is why it is essential to be able to establish asset priorities, so the high-value assets are looked at closer than the lower-value assets.  

Combine the asset priority with the security configuration priorities and you have a clear view as to which configurations you need to address on each asset… with a prioritized list, as you see in Figure 2. 

Figure 2. Asset and misconfiguration priorities give an efficient list of what needs to be addressed. 

Most organizations can’t remediate every security configuration, due to the massive volume of assets and configurations possible. However, with a combination prioritized list, organizations can go after the settings that will give them the best overall security in an efficient manner.  

Conclusion 

To fill the security configuration “drift” gap in your organization, you can get a solution that is dedicated to automatically gathering the correct settings and comparing them to the CIS benchmarks. The resulting prioritized list of security configurations that need attention will allow you to target the most important settings first, so you can reduce your security risk and improve the chances of thwarting any attacks on your organization. Nanitor is designed to do exactly this, with ease and remarkably efficient insights so you know what to fix and even how to fix it.  

To see where your assets and environment are with security configurations and to know which assets you need to address, schedule a demo with us or contact joe@nanitor.com for a customized demo.