Website design By BotEap.comIntroduction
Website design By BotEap.comWith the growing awareness that cyber security is an urgent priority for any business, there is a ready market for intelligent and automated security defenses. The silver bullet against malware and data theft is still developing (I promise!), but in the meantime, there are hordes of vendors who will sell you the next best thing.
Website design By BotEap.comThe problem is, who do you turn to? According to, say, the guy at the Palo Alto firewall, your appliance is the number one thing you need to better protect your company’s intellectual property, though if you then talk to the guy selling the FireEye sandbox, he might not agree. and tell you that you need one of their boxes to protect your business from malware. Even then, the guy at McAfee will tell you that endpoint protection is where it’s at: your Global Threat Intelligence approach should cover you for all threats.
Website design By BotEap.comIn one respect, they’re fine, all at once: You need a layered approach to security defenses, and you can almost never have “too much” security. So is the answer as simple as ‘buy and deploy as many security products as you can’?
Website design By BotEap.comCyber Security Defenses: Can You Have Too Much of a Good Thing?
Website design By BotEap.comBefore you make your shopping list, keep in mind that all of this is really expensive, and the idea of buying a smarter firewall to replace your current one, or buying a sandbox appliance to augment what your MIMEsweeper already provides greatly, requires a pause to think. What is the best return on investment available, considering all the security products on offer?
Website design By BotEap.comArguably the best value for money security product isn’t really a product at all. It doesn’t have flashing lights, not even a sexy-looking case that would look good in your comm cabinet, and the datasheet specs don’t include any impressive packet-per-second throughput ratings. However, what a good change management process will give you is complete visibility and clarity into any malware infection, any potential weakening of defenses, as well as control over service delivery performance.
Website design By BotEap.comIn fact, many of the best security measures you can take may seem a bit boring (compared to a new network kit, what doesn’t seem boring?) but, to provide a truly secure IT environment, best practices security are essential.
Website design By BotEap.comChange Management: The Good, the Bad, and the Ugly (and the Downright Dangerous)
Website design By BotEap.comThere are four main types of changes within any IT infrastructure
- Good planned changes (expected and intentional, that improve service delivery performance and/or improve security)
- Poorly planned changes (intended, expected, but poorly or incorrectly implemented that degrade service delivery performance and/or reduce security)
- Good Unplanned changes (unexpected and undocumented changes, usually emergencies that fix problems and/or improve security)
- Incorrect unplanned changes (unexpected, undocumented, and unintentionally creating new problems and/or reducing security)
Website design By BotEap.comA malware infection, intentionally by an Inside Man or an external hacker, also falls under the last category of bad unplanned changes. Similarly, a rogue developer who implements a backdoor in a corporate application. Fear of malware infection, whether it’s a virus, a Trojan, or the new malware buzzword, APT, is often a CISO’s top concern and helps sell security products, but should it be?
Website design By BotEap.comA bad unplanned change that unintentionally makes the organization more prone to attacks is much more likely than a malware infection, as every change that is made within the infrastructure has the potential to reduce protection. Developing and deploying a hardened build standard takes time and effort, but undoing the laborious configuration work only requires a clumsy engineer to take a shortcut or enter a typo. Every time a bad unplanned change goes undetected, once-secure infrastructure becomes more vulnerable to attack, so when your organization is hit by a cyberattack, the damage will be much, much worse.
Website design By BotEap.comTo this end, shouldn’t we be taking change management much more seriously and beefing up our proactive security measures, instead of relying on yet another device that will remain fallible when it comes to zero-day threats, spear phishing and direct security incompetence?
Website design By BotEap.comThe change management process in 2013: closed loop and full visibility of change
Website design By BotEap.comThe first step is to get a change management process in place – for a small organization, just a spreadsheet or procedure to send an email to all stakeholders to let them know that a change is going to be made at least provides some visibility and some traceability if problems arise later. Cause and effect generally applies when making changes: whatever changed last is usually the cause of the last problem experienced.
Website design By BotEap.comThat is why, once the changes have been implemented, some checks must be made to ensure that everything was implemented correctly and that the desired improvements have been achieved (which is what makes the difference between a Well-Planned Change and a Poorly Planned Change).
Website design By BotEap.comFor simple changes, say a new DLL is implemented on a system, this is easy to describe and simple to review and verify. For more complicated changes, the verification process is also much more complex. Unplanned changes, good and bad, present a much more difficult challenge. What you can’t see, you can’t measure, and by definition, unplanned changes are typically made without documentation, planning, or knowledge.
Website design By BotEap.comContemporary change management systems use file integrity monitoring, which provides zero tolerance for changes. If a change is made, either to the configuration attribute or to the file system, the changes will be logged.
Website design By BotEap.comIn advanced FIM systems, the concept of a time window or change template can be predefined prior to a change to provide a means of automatically aligning RFC (Request for Change) details with actual changes detected. This provides an easy means of observing all changes made during a planned change and greatly improves the speed and ease of the verification process.
Website design By BotEap.comThis also means that any changes detected outside of any defined planned changes can be immediately classified as unplanned and therefore potentially harmful changes. Research becomes a priority task, but with a good FIM system, all logged changes are clearly presented for review, ideally with “Who made the change?” date.
Website design By BotEap.comResume
Website design By BotEap.comChange management always features heavily in any security standard, like PCI DSS, and any best practice framework, like SANS Top Twenty, ITIL, or COBIT.
Website design By BotEap.comIf change management is part of your IT processes, or your existing process is not fit for purpose, perhaps this should be addressed as a priority? Paired with a good enterprise file integrity monitoring system, change management becomes a much easier process, and this may be a better investment right now than any flashy new gadget.
