Our dependence on our IT platforms and the need to secure them is a non-stop challenge.
This challenge continues at a fast rate as organizations address an increasing number of complexities from hybrid working, migrations to cloud workloads and SaaS based applications to name but a few.
All of this has increased the demands on both IT and Security teams. Yet, these teams are already overstretched. When you add the current economic headwinds, there is pressure and encouragement from the executives to do more with less. Breaking points are being reached and something will have to give; systems will go down, there will be operational impacts and cybersecurity incidents are a matter of when and not if.
So can more be done with less for both IT and Security teams? Can efficiencies be achieved without operational impacts leading to improved productivity? The answer is yes and can be easily achieved through the right tooling which provides this type of automation.
When it comes to addressing secure configuration and device hardening, collaboration is required between security and IT teams. Security needs continuous visibility on all devices to identify misconfiguration security gaps. IT needs to perform the relevant remediation actions to reconfigure the misconfiguration and then validate that the risk has been removed or reduced at best.
Tackling remediation for secure configuration and device hardening are managed as projects in organizations. These projects last at least a few months in duration to address a misconfiguration issue and require a team from project managers, architects, secOps, IT Admins etc.
So why is such a large team required? The typical answer is that these types of remediation projects which require re-configurations require a lot of manpower and discussion due to the potential impact of changes and hence the need for a lot of manual efforts.
For example, a common remediation project such as removing the Print Nightmare risk to organizations.
If you are not familiar with this, there is a high risk vulnerability with the Windows Print Spooler service which allows a hacker to remotely take over your device. There is no fix from Microsoft so patching is not an option. Therefore the recommended remediation action is to disable the service if it is not required.
Such a remediation project would require some steps:
- Determine which Windows PCs and Servers have the Printer Spooler service enabled.
- Re-Configure these devices to disable the service.
Sounds simple? The above two steps in themselves require a lot of effort but there are many other considerations which add significant complexity.
- You don’t want to disable the service on devices which are used for printing. How can you determine this?
- How can you validate that the remediation action actually worked? Using GPOs or InTune policies are the preferred method but the fact that at least 10% of GPOs don’t get successfully applied on devices, you need to validate each device. This is not something available in SCCM or InTune.
- What about new devices being added? A new employee laptop or a server. There is often a 6-12 months time lapse before hardened configurations make it into the Golden Image.
- What happens when an existing device has the service enabled again by an employee trying to print some document when at home?
This simple example shows why remediation for secure configuration and device hardening are costly and challenging projects.
So how can automation achieve efficiencies and improve productivity of overstretched IT and Security teams?
They need to stop being complex resource intensive projects and become simple operational tasks.
For this to happen, Secure Configuration Management solutions need to include the following:
- Continuous monitoring of all devices at all times. Security operations get full visibility. They can identify the configuration risks, validate when they have been remediated by IT and also can be alerted for new devices or re-offending devices.
- Visibility of Impact. Both security and IT need to know ahead of time if the remediation action of hardening is going to have an impact. You can reduce risk quickly and efficiently on those devices where you can be certain there is no impact.
- Automated Remediation. A reliable mechanism which can apply the hardening at the touch of a button no matter the device type or OS version. No need for scripting and no chance for human errors to occur.
- Rollback capability. The safety net to allow you to revert back.
- Integrated into IT operational workflow tools. Ticketing systems are the source of truth for change control in organizations therefore the tooling needs to be streamlined and work with these systems.
GYTPOL is a Secure Configuration Management platform and has been leading the way to help both Security and IT teams to harden devices and be compliant through Zero Impact Remediation.
Organizations are experiencing significant benefits through secure and reliable automation. Doing more with less and achieving efficiencies and better productivity of both security and IT teams.
Some key benefits of GYTPOL include:
- Continuous detection on Windows, Linux and Mac devices using a super lightweight 1.5MB semi-agent based on scheduled tasks. Devices can be on-network (including VPN connected) or off-network.
- Automatic Zero Impact Remediation. GYTPOL determines potential impacts by analyzing the usage. Using the Print Nightmare example from earlier, GYTPOL will show if there are no printers connected or no printings in the last 90 days. If these criteria are met then hardening will have no impact and you can safely remediate.
- Auto Re-Apply Remediation. Option to self-heal authorized hardening when new devices are added or existing devices become misconfigured again.
- Rollback of Remediations. Revert back quickly to the previous state of any hardening actions.
- Scheduled Remediation. Decide when to remediate during a maintenance window.
- Integrated and Interoperability with SIEM and Ticketing Systems and other systems through robust APIs
- Detection of non-applied policies, orphaned policies and local policies
- Supported frameworks includes CIS and NIST
- Continual research of new and trending misconfigurations being exploited by threat actors
GYTPOL can be deployed using either a SaaS or On Premises. You are up and running within minutes and getting visibility with a simple and intuitive easy to use dashboard.
Contact us for a demo and a free fully functional trial.