If you are like most companies, your IT Security and Configuration Management operations are managed by different groups and to different goals. That is a problem. Configuration Management may take requests and requirements from IT Security and vice versa, but when a security breach occurs, the relationship between the two becomes painfully clear. How quickly the breach is contained and the damage restored will be directly related to the maturity of the CMDB Service Model and Asset Management databases. The more mature your CMDB and Asset Management processes are, the more effective your security measures will be.
Monitor and Respond Intelligently
A CMDB or Asset Database will not prevent an incursion, but a good infrastructure model will help you define Network and Monitoring tools that can prevent incursions. And a good model will allow you to contain and remediate far more quickly. Here are three examples of state-of-the-art security tools:
- PacketSled is a real time breach detector that analyzes all levels of the network stack.
- ProtectWise provides a real time operational tool that follows a breach as it spreads through the environment, allowing for targeted eradication.
- Sqrrl has developed a proactive “threat detection ” methodology that automatically trolls the network using Big Data analytics[1].
All three of these tools work independently of a service model. However, the more mature your service model, the more likely you will be able to rapidly:
- Repair damage
- Enhance Security Incident response to breaches
- Prioritize threats that have been detected
- Remediate vulnerabilities
Sift through the Dross
A vulnerability detection tool will find tens of thousands potential vulnerabilities. The tool may even define a risk level for those vulnerabilities that is based on its potential for damage. However, a true risk assessment must take into account how important a given server is to the business. A mature service model can help identify business services and their supporting infrastructure. Network monitoring may identify nearly continual attacks on your infrastructure. You could block everything, but that will have costs in maintenance and availability. Again, a service model can help identify which attacks pose real threats to the stability of your business.
Remove zombie servers
Good configuration management will find servers that are not being used and allow them to be retired. Unused servers are not just a cost drain on IT, they represent a clear and present security risk to business IT. [2] By identifying unmanaged servers, Configuration Management can decommission these risky devices or bring them into compliance with company policies.[3]
Standardize Configuration Management
Configuration Management, especially in a DevOps environment, should emphasize standardized server configurations and automated deployments which will benefit security as well. Standard configurations can limit access, and disable ports and unnecessary accounts and services. Automation can deploy key security patches across the organization. Discovery can verify that those patches are in place or flag servers without key patches.
With cyber attacks and security breaches on the rise, enhancing your IT security needs to be a high priority. Effect Tech can help you get your IT department ready for a complete security policy. Contact us to learn how.
[2] From http://www.scmagazine.com/next-generation-security-monitoring-and-analytics-innovators-2015/article/458250/ [2] From http://www.scmagazine.com/dayzed-and-confused-users-data-purloined-from-zombie-server/article/471544/ [3] From http://www.thegreengrid.org/en/Blogs/Zombie_Servers_Sept_2016.aspx