In our rush towards a remote workforce, security had to make sudden and risky decisions in a ”new normal.” We reconfigured security controls, made temporary policy exemptions, and shipped equipment to employee’s homes. At the same time, our SecOps teams work remotely, limiting visibility into the systems that may be compromised. Further, working remotely often results in a lack of access to reporting, alarms, and dashboards. Working blind is a nightmare for security pros.
“The only action type that is consistently increasing year-to-year in frequency is Error.”
– Verizon DBiR 2020
Data tells us that one of our biggest threats is due to misconfigurations, lax policies, and simple errors. The 2020 Verizon Data Breach Investigations Report (DBiR) confirms this and shows dramatic growth of misconfigurations of security equipment leading to data breaches.
While our industry talks a lot about ‘insider threats,’ one must think about this particular threat broadly. It’s not all about a nefarious employee, it’s mainly about day-to-day work being done by security, IT, and other employees that cause misconfigurations that lead to breaches. Starting to understand, continuously, where those misconfigurations are and how to fix them should be a tenant of any SecOps team. Misconfigurations can be simple things like:
The DBiR reports that 43% of breaches came in via web apps. Web apps are spun up so fast it makes IT and security heads spin. The era of DevOps and AWS/Azure has made it possible for anyone to create an app and deploy it for use within a company. Typically, they are never scanned even for the Open Web Application Security Project (OWASP) top vulnerabilities, and because they are often deployed without SecOps knowledge, they aren’t protected by the Web Application Firewall (WAF).
Even when configured “correctly,” the WAF may not be work as expected due to lack of knowledge of WAF rules and the constant shifts on the app side. SecOps and IT teams need to look more closely at web application security, BUT do it in a way that doesn’t stifle innovation and growth. The opportunity lies in security teams putting into place easy to understand WAF policies for web apps, then monitoring that WAF consistently in order to keep rule signatures configured correctly.
Errors and misconfigurations sound bad, but they can be addressed. Controlling your risk profile is a strong move in security, but in some organizations, it will take a shift in thinking. While we will always search out the latest and greatest security tools to help defend and detect, we must also think of how we test how they are working and fix those tools when they don’t work as intended. What if you could SEE the risks hidden in errors, misconfigurations, and policy exemptions?
Where do you start? Here are 6 internal assessments to do now that will help you uncover and fix those pesky misconfigurations:
Phil Trainor is the Director, Security Solutions at Keysight Technologies, Inc. (NYSE: KEYS), a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world.
ShellKode, a globally distributed cloud-native company, has introduced "EmpowerHer" in collaboration with Amazon Web Services…
IBM has announced the global expansion of its software portfolio, now available in 92 countries…
In the global services landscape, India's role has evolved remarkably- establishing itself as a notable…
As a common Indian citizen, I am compelled to delve into the profound relationship between…
Fostering leadership excellence in today’s dynamic and interconnected world requires more than mere surface-level measures.…
Logistics has always been a complex process of moving goods, such as warehousing and transportation,…