File Integrity Monitoring - Why Change Management Is the Best Security Measure You Can Implement

Introduction

Together with the growing consciousness that cyber security is a pressing priority for any company there's a ready-market for automatic, smart security defenses. The silver-bullet against malware and information theft is still being designed (claim!) But in the meantime you will find hordes of sellers out there that are going to offer you the next best thing.
The problem is, who would you turn to? In accordance with, say, the Palo Alto firewall man, his appliance is your principal thing that you want to best protect your business's intellectual property, but if you then talk to the man selling the FireEye sandbox, then he might well disagree, stating you want one of his boxes to shield your business from malware. Even then, the McAfee man will tell you endpoint security is where it is at - their worldwide Threat Intelligence strategy should pay you for all risks.
In one respect they're right, all in precisely the exact same time - you need a layered approach to security guards and you also can practically never have'too much' safety. So is your answer as straightforward as'purchase and execute as many safety products as possible'?
Cyber Security Defenses- Would You Have Too Much of a Fantastic Thing?
Before you draw your shopping list, be mindful this stuff is truly expensive, and also the idea of purchasing a more smart firewall to replace your present one, or of buying a sandbox blower to fortify what your MIMEsweeper already mainly provides, requires a pause for consideration. What's the best return on investment available, contemplating all of the safety products available?
Arguably, the best value for money security merchandise is not actually a product in any way. It will not have some flashing lights, or possibly a hot looking case which will look good on your comms cupboard, and also the datasheet attributes do not incorporate any impressive packs per second throughput evaluations. But exactly what a great Change Management procedure will provide you is complete reliability and visibility of any malware disease, any possible weakening of guards and control over service delivery functionality also.
Actually, many of the very best security steps you can adopt could encounter as a little boring (in contrast to a different bit of kit to your network, what does not appear dull?) However, so as to offer a really secure IT environment, safety best practices are crucial.
Change Management - The Good, The Bad and The Ugly (along with The Downright Dangerous)
There are four Chief Kinds of modifications in any IT infrastructure
Great Planned Changes (anticipated and willful, which enhance service delivery functionality and/or improve security)
Bad Planned Changes (deliberate, anticipated, but badly or wrongly implemented that degrade service delivery functionality and/or decrease safety )
Good Friday Changes (sudden and undocumented, typically emergency affects that fix issues and/or improve security)
Bad Unplanned Changes (sudden, undocumented, and also that unwittingly create new troubles and/or decrease safety )
A malware disease, intentionally by an Inside Person or outside hacker also falls into the last group of Bad Unplanned Changes. In the same way, a rogue Developer putting a Backdoor to a corporate program.The fear of a malware infection, be it a virus, Trojan or even the new buzzword in malware, an APT, is generally the principal concern of this CISO and it will help promote safety products, but if it be so?
A Poor Friday Change that unintentionally leaves the business more likely to assault is a far more likely occurrence in relation to a malware infection, because every change that's created inside the infrastructure has the capacity to decrease protection. Creating and executing a Hardened Build Standard requires effort and time, however undoing painstaking configuration function just takes one awkward engineer to have a shortcut or input a typo. Each time a Bad Unplanned Change goes unnoticed, the once secure infrastructure grows more vulnerable to attack so that when your company is struck by a cyber-attack, the harm will be much, much worse.
For this end, should not we're taking Change Management more seriously and strengthening our preventative safety measures, instead of placing our confidence in a different gadget that will nonetheless be fallible where Zero Day Threats, Spear Phishing and simple security incompetence are involved?
The Change Management Procedure in 2013 - Closed Loop and Total Change Visibility
The very first step is to receive a Change Management Procedure - to get a little business, only a spreadsheet or a method to email everyone involved to tell them a change will be produced at least provides some visibility plus a few traceability if difficulties subsequently arise. Cause and Effect normally applies where modifications have been made - whatever transformed last is normally the origin of the most recent difficulty experienced.

That's why, after changes are implemented, there ought to be some tests made that what was executed properly and that the desirable improvements are attained (that is what makes the difference between a Great Planned Change and a Bad Planned Change).

For easy changes, state a new DLL is set up to a platform, this isn't hard to explain and simple to check and review. For more complex modifications, the confirmation procedure is similarly a great deal more complicated. Unplanned alterations, Good and Poor, pose a far harder challenge. What you can not see, you can not quantify and, by definition, Unplanned Changes are generally performed with no documentation, preparation or consciousness.
Contemporary Change Management systems use File Integrity Tracking, supplying a zero tolerance to modifications. When an alteration is made - setup feature or into the filesystem - then the adjustments will be listed.
In innovative FIM systems, the idea of a time window or alter template could be pre-defined ahead of a switch to present a way of mechanically aligning the particulars of this RFC (Request for Change) together with the real changes detected. This gives an easy method to observe all modifications made through a Planned Change, and significantly enhance the speed and simplicity of this confirmation procedure.
This means that any modifications found out of any specified Planned Change can quickly be categorized as Unplanned, and so potentially harmful, changes. Investigation becomes a priority job, but using a fantastic FIM system, each of the changes listed are obviously presented for inspection, ideally with'Who Made the shift?' data.
Overview
Change Management is always featured heavily in almost any safety standard, like the PCI DSS, also at any Best Practice frame such as SANS Top Twenty, ITIL or COBIT.
If Change Management is a part of your IT processes, or your current procedure isn't appropriate for purpose, perhaps this should be addressed as a priority? Coupled with a great Enterprise File Integrity Tracking method, Change Management becomes a far simpler procedure, and this could just be a much better investment right now than any gaudy new gadgets?
Comments