The key to security in any environment is to know what you have that needs to be secured. Seems simple, right? It’s not.
One of the most common ways that a organization or company is breached is through an unknown configuration. It could be a server that someone brought online for testing and left unpatched and forgotten, or a service account that has local admin rights but neglected and the password age is over a year. Perhaps it is a dual-homed server created to solve a specific problem, but left with little or no configuration.
It is often the case that after a breach detection, someone sees how it occurs and says “oh, gee, I forgot about that!” Or “I didn’t realize that was still online!” The reality is that when you are patching and doing your due diligence to make your organization secure, you can only do that for the assets and configurations you know about.
Enter configuration management. The process of configuration management is to create and maintain detailed documentation for all of your assets and all of their configurations as they currently are. This means an inventory of all of your servers, accounts, services, patch levels, switches, routers, workstations, vendor access etc. The reason you have this is so that when a critical vulnerability like BlueKeep comes out, and you want to apply patches, you can be sure you have patched everything in your environment.
On top of your configuration management system, it is important to internally audit your environment on a regular basis to discover any changes to your infrastructure that you weren’t aware of.
Want to know the most efficient ways to do this? Contact us today!