Endpoint configurations are essential to good security. That’s always been the c...
Are Configuration Changes Costing You Too Much Time?
A refresher: what is a misconfiguration? Well, NIST defines it as: “A setting within a computer program that violates a configuration policy or that permits or causes unintended behavior that impacts the security posture of a system.”
What causes misconfigurations to be present in my network? There are two main reasons misconfigurations plague corporate networks: Human Error and Default Settings. A plethora of configuration-related security gaps are out-of-the-box default settings by the vendor. Others – well they are a product of human error…many times configurations left behind in the void of the ever-changing corporate IT infrastructure.
Why does it matter?
In late August, Microsoft released its Cyber Signals publication analyzing the ransomware threat landscape. In this report, it states that 80% of successful ransomware attacks can be traced back to misconfigurations. (CITE) Threat actors are leveraging these security gaps as attack vectors for exploits.
For various reasons, organizations aren’t closing these gaps. Just like old configurations, they’re being glanced over as they relate to the threat landscape.
It’s no secret that finding and remediating misconfigurations is a strenuous process. Security teams spend hours identifying misconfigurations and attempting to remediate them without disrupting business functions.
Inevitably though, that leads to another hurdle...
What if the fix breaks something?
What if it disrupts business continuity? This is a concern for security teams day in and day out. No one wants to be a on the other end of the phone when a business leader calls saying their application stopped working.
For security teams to mitigate these risks, they need to be supplied with the proper information to execute the remediation to provide all parties with peace of mind.
Until GYTPOL, there has not been a tool that can identify, assess, and remediate misconfigurations with zero risk to the business. GYTPOL maps dependencies, making it possible to identify and push (according to group or risk) remediations with a single click and with no risk of disruption. In virtually no time.
Putting principle into practice
Let’s take PrintNightmare as an example (see link for CVE details). In order to sufficiently mitigate this risk, one must disable the print spooler on the endpoint/server. Right now, there are two ways to achieve this:
- Apply a GPO disabling print spoolers
- Manually disable print spoolers.
Both have caveats. Applying a GPO draws risk of disrupting business functions, and administrators also don’t know if the GPOs are actually applied throughout the targeted business unit. While manually mitigating this risk takes time. A lot of time.
For example, let’s use an organization with 500 endpoints (all of the following are approximations). Remoting into the endpoint: 5 minutes each. The process of determining whether the endpoint needs the spooler for business functions: 5 minutes each. Disabling the print spooler manually on the endpoint: 5 minutes each. With coordinating efforts and potential disruptions, we can estimate that it would take around 150 hours for a 500-endpoint organization to completely remediate PrintNightmare manually.
With GYTPOL, mitigating PrintNightmare on a 500-endpoint network takes no more than 35 minutes. 5 minutes to make the selection in the console, and 30 minutes for the configuration changes to be pushed network-wide. GYTPOL provides administrators with the information to ensure print spoolers won’t be turned off when needed by the business.
The upshot
The time difference sheds light on the value: GYTPOL provides security teams a tangible return on their investment. Finding and remediating these misconfigurations (in a matter of minutes) enables teams to easily close gaps and focus their time on other initiatives. PrintNightmare is only one of the many examples that GYTPOL covers.
Additionally, GYTPOL has a function that enables users to auto-reapply the remediation function. The criteria set for the initial remediations can be repeated as new endpoints join the network, eliminating the overhead of addressing the misconfigurations again, and providing peace of mind to administrators.
Although configuration management and deployment has improved in recent years, until recently, there has not been a tool in the marketplace that focuses on identifying the security gaps caused by these misconfigurations and remediating them. Thankfully, that's no longer the case.
About Author
Evyatar Beni
A proven leader, Evyatar brings over a decade of experience in Customer Success & Cyber Strategy. Previously, Evyatar led Technical Account Managers at Claroty; before which he filled several distinguished tech roles in the Intelligence Services.
Subscribe to
our Newsletter
We are ready to help you until and unless you find the right ladder to success.
Related Posts
Join over 25,000 in beating the failure of strategies by following our blog.
The world of cybersecurity is complex and ever-changing. But that doesn't mean t...
5 minute read
For most businesses, IT and security teams go about their work mostly unnoticed....
3 minute read
On July 19th 2024, CrowdStrike pushed an update to its Microsoft Windows agent. ...
Comments