Dark Mode

    Free Trial
    • 9 min read
    • Mar 29, 2023 5:44:58 PM

    Protecting Against Cyber Attacks By Automatically Securing Device Configurations

     

    Threat actors are taking advantage of misconfigurations on various devices, such as PCs, laptops, and servers. In fact, according to Microsoft Cyber Signals’ latest report (August 2022), 80% of successful ransomware attacks are a result of misconfigurations.

    This issue was brought to light recently when Microsoft itself fell victim to a data breach caused by a misconfiguration, resulting in the leak of 2.4TB of data. This highlights the importance of properly configuring devices to reduce the risk of exploitation by threat actors.

    Policy

    In response to this breach, Microsoft simply stated that the problem was caused by an unintentional misconfiguration on an endpoint. It’s no wonder that the recently released Government Cyber Security Strategy for 2022 to 2030 emphasizes the need for all public sector organizations to be resilient against cyber threats, including establishing Secure configurations across all public sector organizations as part of "Objective 3: Protecting Against Cyber Attacks".

    The government aims to significantly strengthen critical functions against cyber-attacks by 2025 and ensure that all government organizations in the public sector are resilient to known vulnerabilities and attack methods by 2030, including local government. National Cyber Security Centre (NCSC) which operates under the Government Communications Headquarters (GCHQ), developed the Cyber Assessment Framework (CAF) to support the UK’s implementation of the European Union’s Network and Information Systems (NIS) Directive in 2018.

    Today, a significant number of UK providers of essential services are using the framework to help them improve cyber security.

    The Department for Leveling Up, Housing, and Communities (DLUHC) is the governing body responsible for local and central government. Which is currently piloting the CAF Cyber Assessment Framework.

    To help manage data protection and security risks in the healthcare sector, the National Health Service (NHS) in the UK utilizes the Data Protection and Security Toolkit (DPST) for Cyber Assessment Framework (CAF). The CAF is developed and maintained by the National Cyber Security Centre (NCSC),

    As part of the Government Cyber Security Strategy, organizations are advised to focus on establishing secure configurations of government productivity tools.

    Government will work with its primary providers of productivity suites to further develop baseline security configurations for government organisations to follow and adapt. Doing so will ensure that all government organisations understand how to configure their productivity suites to provide a baseline level of cyber security, which will dramatically reduce common risks caused by misconfiguration.

    Our Focus

    For the purposes of this article, we will focus on: Secure By Design and Configuration. Specifically, we'll focus on the B4 Cyber Assessment Framework (governed by  the DLUHC) along with the Critical Network Infrastructure (8.4) section of  DSPT Data Security Protection Toolkit (governed by NHS Digital). In the latter document, we'll give particular attention to the sub-section devoted to the concepts of secure by design and configuration security. (8.4.1 and 8.4.2).

    NHS DIGITAL – DSPT

    • Your infrastructure should follow secure-by-design principles for optimal protection, including network topology and server hardening.
    • Ongoing patching and configuration changes are necessary to maintain secure design principles.
    • Secure by design should include appropriate skill sets, network segregation, simple data flow, recoverability, and content inspection.
    • Secure configuration involves knowing configurable items, using baseline and last known good builds, managing change, validating software, white-listing software, and managing automated decisions.

    CYBER ASSESSMENT FRAMEWORK – NATIONAL CYBER SECURITY CENTRE (NSCS)

    • You securely configure the network and information systems that support the operation of essential functions.

    Achieved; All the following statements are true 

    https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework/caf-objective-b-protecting-against-cyber-attack

    • Actively manage and maintain security configurations, patching, and updates for assets that require careful configuration for maintaining the security of the essential function.
    • Ensure all platforms conform to secure, defined baseline builds or the latest known good configuration version for that environment.
    • Manage changes effectively in the environment, including secure and documented network and system configurations.
    • Regularly review and validate network and information systems for expected, secured settings and configurations.
    • Restrict software installation to permitted software only.
    • Ensure standard users cannot change settings that would impact security or business operations.
    • Ensure the operation of automated decision-making technologies is well understood and decisions can be replicated

    GYTPOL Secure Configuration

    GYPTOL offers a comprehensive solution to address the misconfiguration issues that organisations face. Our solution provides a centralized view of all devices, ensuring that they are not misconfigured. With our solution, manual efforts are no longer necessary, saving time and resources. Our solution is robust and scalable, allowing organizations to quickly identify gaps and remediate them.

    In particular, we understand the unique challenges that healthcare and public sector organizations face with stretched IT resources and budgetary restrictions. Our solution emphasizes actionable automation rather than actionable intelligence, enabling organizations to focus on their core business while we take care of their cybersecurity needs.

    Examples of misconfigurations that our solution can address include:

    • Risky default settings not changed
    • Human errors in making configuration settings
    • Exposed passwords
    • Group policies not applied on endpoints
    • Non-patchable vulnerabilities (when you cannot patch)

    With GYPTOL’s solution, your organization can have peace of mind knowing that all devices are configured securely and vulnerabilities are promptly remediated.

    Gytpol: Continuous detection and automatic remediation of misconfigurations on your devices without impacting business operations. No more costly and partial manual methods, and Gytpol ensures your environment is hardened and your Group Policy/InTune is applied. Achieve security and ROI quickly with close to zero personnel cost.

    Capabilities with GYTPOL

    • Validating existing policies, GPO’s and Intune, currently, MSFT doesn’t provide an ability to validate if policies have been applied.
    • Centralized visibility of endpoint, continuously detecting and mapping security misconfiguration against MITRE ATT&CK surface provide insight on
    • Gytpol is also helping remediate zero-days, including Log4 (without patching!), Follina, Print Nightmare. Remember the devasting SMBV1 vulnerability for WannaCry
    • Reducing Cost of Ownership through simplistic automation
    • Reducing the time from detection to remediation (MTTR)
    • Providing Continuous Compliance (CIS & NIST)
    • Remediate non-patchable vulnerabilities
    • Achievement Dashboard – quantify your risk reduction and time saved through automation

    • Providing a concrete ROI
    • Assisted organizations with access to NHS patient data and systems in meeting the Data Security and Protection Toolkit (DSPT) requirements for good data security practices

    Gytpol was able to provide a benchmark score for desktop builds for the Centre for Internet Security, a key audit requirement with a built-in check, according to the Head of Digital and Information Services at Mid Cheshire Visit our website at

    https://gytpol.com/resource/nhs-mid-cheshire-hospital-case-study/ for more information.

    Why not get in touch to hear more about how Gytpol is helping organizations tackle Secure configuration and ACHIEVE compliance against CAF and DSPT.

    You can sign up for your free Security Configuration assessment in one of the following ways:

    • Reach out to sales@gytpol.com or via your trusted advisory account manager
    • Register for a free trial here

     

     

     

    About Author

    Simone Lavi

    Comments