From compromised endpoints to disrupted workflows, misconfigurations are one of ...
What Is Endpoint Configuration Security
Configuration. It seems obvious. We all have to do it when setting up and maintaining our environments. In fact, some would say it is the most fundamental and the basic building blocks required to ensure your platform works correctly and according to your organization’s needs. You might also think that performing configurations is not so complicated and why it is relevant to security and preventing cyber attacks on the endpoints of my organization. Before we answer this question, let’s get an understanding of your IT Platform.
A limited toolbox
If your organization is based on a Microsoft environment (like over 80% of all organizations worldwide), then you are familiar with Domain Controllers, Active Directory and Group Policy Objects (GPO). Microsoft first released its NT Server in 1993.
Today, the latest version is Windows Server 2019 (released in November 2018). The cloud based product called InTune is correctly in beta but soon to be formally launched.
Over the years, the product has evolved and grown in both features and complexity to satisfy the needs of organizations from small business to large global enterprises. Today, there are tens of thousands of configuration options available and this makes it impossible for any IT Professional to be knowledgeable in all of them.
Making the most of it
Today, most IT Professionals will turn to Google when needing to perform a configuration and this is where the first set of problems begin.
Google and other search engines are a wonderful thing for the IT Professional. Let’s say for example, I have received a directive from the CISO in my organization that SMB version 1 needs to be disabled on all endpoints due to the well known vulnerability which hackers can exploit. I turn to Google and find out how to achieve this using a Group Policy setting.
Gaps remain
I make the configuration setting and report back to the CISO that the corrective action has been performed. However, how can I validate that this configuration has been correctly applied to all endpoints in my organization?
In this example, its is frequently found that an IT Admin will not configure the GPO correctly (thanks to google), and that a subset of the endpoints in the organization would still have SMBv1 enabled, remaining vulnerable to hackers.
Until this can be validated on all endpoints in the organization, both the CISO and IT Admin believe it has been applied correctly and would be surprised if a successful cyber attack occurs due to this weakness being exploited.
Introducing ECS
An endpoint configuration security (ECS) solution would be able to identify when configurations have not been applied properly and also alert when there are security vulnerabilities due to an incorrect configuration.
Another case for security misconfigurations is due to best practices not being applied correctly. Today, there are information security standards available such as ISO 27001, NIST etc which guide the CISO and SecOps teams as to the best practices to apply. These standards are extensive in scope, time consuming to apply and prone for configuration errors to be made.
In addition to this, the IT Security landscape is always changing. New cyber security discoveries are being identified which result in new best practices being defined. While the infosec standards act as a very good baseline for organizations to apply, they will always lag a bit behind the latest actions which should be taken.
An ECS solution will be able to provide compliance validation on the well known standards but also updated on the latest best practices and alert when a configuration requires remediating as a result of this.
About Author
Mor Bikovsky
Mor draws on more than a decade of cyber and business strategy experience to lead GYTPOL's Partner Strategy. Before joining GYTPOL, Mor led Global BD efforts for Claroty and filled a variety of key technology roles for Israel's intelligence services.
Subscribe to
our Newsletter
We are ready to help you until and unless you find the right ladder to success.
Related Posts
Join over 25,000 in beating the failure of strategies by following our blog.
In today’s complex digital landscape, the importance of configuration security a...
7 minute read
Please join us as we take you on a journey through the looking glass and into th...
7 minute read
In evaluating endpoint posture and network integrity, configuration audits are e...
Comments