Endpoint configurations are essential to good security. That’s always been the c...
Safe Remediation
Managing configurations, patching, and updating system controls is one of the most notably difficult things that any CISO has to deal with. But it is one of the most critical to manage, as a vulnerable system with an outdated patch level or an excessive access control is a prime target for a hacker.
Data from our research validates this point as known vulnerabilities in applications constitute the primary source of successful cyberattacks statistically. According to a prediction from Gartner – in a few years' time, 99% of successful cyberattacks will involve security gaps or vulnerabilities known to leadership. In other words, virtually ALL hacks will exploit some form of misconfiguration.
Even worse, many high severity flaws go unpatched for years and can be extremely difficult to secure, especially when those vulnerabilities are found on revenue generating applications and systems. The most appropriate solution is updating those configurations and making sure that your devices are patched and technically secured, all the way “down” to the operating system.
Plugging the gap: easier said than done
To understand why it can be so challenging in regards to remediating configuration settings, let’s consider the example of the Microsoft Windows Desktop operating system (OS). The CIS Benchmark for Microsoft Windows 10 has 474 recommendations. If your organization has 50 instances of that desktop OS in your environment, you’re looking at managing almost 24,000 configuration checks for that platform alone. Obviously as you have more of those machines, the numbers and issues therein also grow exponentially.
And it’s not just the OS that needs configuration. It’s all the other systems as well that touch and interact with that machine that must be repaired and reconfigured too. Your team might literally be looking at thousands of individual judgments and actions needed to secure your environment.
You and your team could do it manually, but to touch every device would be incredibly time-consuming, requiring thousands of personnel-hours. Which is both cost and manpower restrictive, and in many cases a “non starter”. Continuing to remediate systems on a manual basis would far surpass the resources of even the largest IT departments, and would bog your operations personnel in a continual cycle of managing updates and configuration chances.
Added to those points I think it’s worth noting that in my experience as a pen tester and hacker one of the most critical tasks that security teams struggle with is how to safeguard their assets against existing configuration issues that are operating on vulnerable unpatched systems.
Remediation of a misconfigured system can take days, weeks, or even months, especially if there is an issue that patching might affect the app’s core functionalities, but none of that matters to the adversaries and hackers that are targeting those configuration issues. Cybercriminals are in a constant sprint to exploit discovered weaknesses and misconfigured systems before enterprises have a chance to update those systems and fix those configuration issues.
Anyone in an IT leadership or Cyber leadership role knows, taking a system offline and updating a vulnerable configuration on a system is not always easy. Even without the business impact, the technical issues that often arise are usually enough to stop a remediation effort in its tracks. But these days, because of the more targeted and sophisticated threats that progress in ever shorter cycles, configuration management is a must. So how can your team get past those issues and “fix” those systems without the fear and hindrances that can derail those critical updates and configurations?
Safe remediation simplifies security
Safe remediation involves implementing a layer of security policy, which prevents and intercepts the exploitation of vulnerabilities. An effective safe remediation solution includes capabilities to inspect and block malevolent activity from web traffic, detect & prevent intrusions, prevent attacks on web applications, and adaptably deploy on the cloud, or physical environments.
Safe remediation solutions give security administrators a chance to review, test as well as schedule official software patches without leaving the critical system at risk.
Safe remediation is our method of using our proprietary technology by addressing security misconfigurations to shield an asset from being exploited and allowing your team to fix underlying application specific code issues later. Like a software patch provided by a vendor, our Safe Remediation technology helps your team safely “test” a configuration change against a certain exploit.
In some instances our system can help serve as an emergency security tool that organizations can use to instantly address vulnerabilities on affected endpoints and servers.
Circumstances where a safe remediation solution can help include:
- Safe remediation offers a short-term stop-gap solution for a critical level of coverage until a permanent fix or configuration change is available
- Before deploying a permanent remediation, it should be validated to check whether the update will trigger new systemic issues. This validation phase introduces additional delays.
- Safe remediation is critical at this initial warm phase to shield the known vulnerabilities from exploitations and to better defend the system from “low hanging fruit” issues related to simple configuration controls.
- Safe remediation is even more important for assets, which require considerable planning as well as downtime for permanent updates to be deployed.
- These assets could also include pipeline monitoring systems, and machines running critical systems, which play a crucial role in critical infrastructure systems like a hydroelectric dam or electrical grids, which can’t be taken down.
Unlike traditional patching, our Safe Remediation system enables a flaw to be simulated before the fix is applied to the asset. This will help the IT and operational teams as well as the security team know more about what might happen when that configuration is updated.
About Author
Tal Kollender
With a background in hacking, Tal's filled senior cyber roles for the IDF and Dell EMC. In 2023, Tal was named "Cybersecurity Women Entrepreneur of the Year" by the Unite Cybersecurity Alliance.
Subscribe to
our Newsletter
We are ready to help you until and unless you find the right ladder to success.
Related Posts
Join over 25,000 in beating the failure of strategies by following our blog.
For most businesses, IT and security teams go about their work mostly unnoticed....
3 minute read
On July 19th 2024, CrowdStrike pushed an update to its Microsoft Windows agent. ...
16 minute read
"We were forced to change and we did the best we could to keep the business aliv...
Comments