Managing configurations, patching, and updating system controls is one of the most notably difficult things that any CISO has to deal with. But it is one of the most critical to manage, as a vulnerable system with an outdated patch level or an excessive access control is a prime target for a hacker. Data from our research validates this point as known vulnerabilities in applications constitute the primary source of successful cyberattacks statistically. According to a prediction from the analyst firm Gartner – 99% of successful cyberattacks will continue involving vulnerabilities known to corporate executives and leaders. In other words, almost ALL hacks are ultimately tied to a misconfiguration or lack of configuration management.
Even worse, the high severity flaws, which often go unpatched for years, are highly prone to error and often impossible to defend from attackers, especially when those vulnerabilities are found on revenue generating applications and systems. The most appropriate solution is updating those configurations and making sure that those systems are patched and technically secured, all the way “down” to the operating systems of those servers.
To understand why it can be so challenging in regards to remediating configuration settings, let’s consider the example of the Microsoft Windows Desktop operating system (OS). The CIS Benchmark for Microsoft Windows 10 has 474 recommendations. If your organization has 50 instances of that desktop OS in your environment, you’re looking at managing almost 24,000 configuration checks for that platform alone. Obviously as you have more of those machines, the numbers and issues therein also grow exponentially.
And it’s not just the OS that needs configuration. It’s all the other systems as well that touch and interact with that machine that must be repaired and reconfigured too. Your team might literally be looking at thousands of individual judgments and actions needed to secure your environment.
You and your team could do it manually, but to touch every device would be incredibly time-consuming, requiring thousands of personnel-hours. Which is both cost and manpower restrictive, and in many cases a “non starter”. Continuing to remediate systems on a manual basis would far surpass the resources of even the largest IT departments, and would bog your operations personnel in a continual cycle of managing updates and configuration chances.
Added to those points I think it’s worth noting that in my experience as a pen tester and hacker one of the most critical tasks that security teams struggle with is how to safeguard their assets against existing configuration issues that are operating on vulnerable unpatched systems.
Remediation of a misconfigured system can take days, weeks, or even months, especially if there is an issue that patching might affect the app’s core functionalities, but none of that matters to the adversaries and hackers that are targeting those configuration issues. Cybercriminals are in a constant sprint to exploit discovered weaknesses and misconfigured systems before enterprises have a chance to update those systems and fix those configuration issues.
Anyone in an IT leadership or Cyber leadership role knows, taking a system offline and updating a vulnerable configuration on a system is not always easy. Even without the business impact, the technical issues that often arise are usually enough to stop a remediation effort in its tracks. But these days, because of the more targeted and sophisticated threats that progress in ever shorter cycles, configuration management is a must. So how can your team get past those issues and “fix” those systems without the fear and hindrances that can derail those critical updates and configurations?
GYTPOL knows. We call it Safe Remediation.
Safe Remediation involves implementing a layer of security policy, which prevents and intercepts the exploitation of vulnerabilities. An effective Safe Remediation solution includes capabilities to inspect and block malevolent activity from web traffic, detect & prevent intrusions, prevent attacks on web applications, and adaptably deploy on the cloud, or physical environments. Safe Remediation solutions give security administrators a chance to review, test as well as schedule official software patches without leaving the critical system at risk.
Safe Remediation is our method of using our proprietary technology by addressing security misconfigurations to shield an asset from being exploited and allowing your team to fix underlying application specific code issues later. Like a software patch provided by a vendor, our Safe Remediation technology helps your team safely “test” a configuration change against a certain exploit. In some instances our system can help serve as an emergency security tool that organizations can use to instantly address vulnerabilities on affected endpoints and servers.
Unlike traditional patching, our Safe Remediation system enables a flaw to be simulated before the fix is applied to the asset. This will help the IT and operational teams as well as the security team know more about what might happen when that configuration is updated.
Circumstances where Safe Remediation solutions can help might be:
- Safe Remediation offers a short-term stop-gap solution for a critical level of coverage until a permanent fix or configuration change is available
- Before deploying a permanent remediation, it should be validated to check whether the update will trigger new systemic issues. This validation phase introduces additional delays. Safe Remediation is critical at this initial warm phase to shield the known vulnerabilities from exploitations and to better defend the system from “low hanging fruit” issues related to simple configuration controls.
- Safe Remediation is even more important for assets, which require considerable planning as well as downtime for permanent updates to be deployed. These assets could also include pipeline monitoring systems, and machines running critical systems, which play a crucial role in critical infrastructure systems like a hydroelectric dam or electrical grids, which can’t be taken down.