Security Back to Basics: Managing the Threat (part 3b)

In previous blogs we talked about needing to educate the end users and knowing the details of what activity is occurring on your enterprise’s systems.  In part 3, we’re going to talk about Compliance and Endpoint Management.

Simply speaking, Compliance is setting a policy and how well you adhere to the policy.  If a policy is set to only allow passwords longer than 8 characters in your enterprise, Compliance is the measurement of enforcement of that policy.  Any deviations or exceptions from the policy are clearly documented and recorded.  So why is Compliance important?  A well-developed endpoint security policy ensures that common attacks and threats can be mitigated before they happen.  By adhering to that policy, you are protected and secure from attacks without any other controls.  There are many examples of compliance guidelines like NIST 800-53 and FDCC (Federal Desktop Core Configuration).

NIST 800-53A defines a large number of baseline security controls. These baseline security controls are the initial recommended security settings that are based on the system’s security categorization. For Federal agencies, NIST 800-53A is a checklist of guidelines designed to help them obtain an acceptable level of security in each of a large series of situations. You can find the latest revision of NIST 800-53A at csrc.nist.gov/publications/PubsSPs.html

The FDCC (Federal Desktop Core Configuration) is a mandate from the U.S. Office of Management and Budget (OMB), which requires that all Federal agencies standardize the configuration of about 300 settings on each of their PCs. The intent of this mandate is to improve security by making certain the systems are properly configured to resist cyber attacks. The FDDC is updated as NIST continues its development of the standard. To get the latest information on FDCC visit nvd.nist.gov/fdcc/index.cfm.

Now that you have a set of standards, you can implement endpoint management products to set and enforce those settings from the initial deployment and configuration of a desktop or laptop through the entire lifecycle of the endpoint.  Using compliance reporting tools you will be able to run a check, verify that it is or is not set, then utilize an endpoint management product to change the settings back to a compliant state.

Some of the primary benefits of Endpoint Management are repeatable processes for taking system inventory, deploying software, and patching systems.  By using the same set of processes for management tasks failures and errors can be minimized.

Organizations typically spend 75 percent of their IT budgets on maintenance and management. To make more efficient use of limited budgets, organizations should consider the use of integrated, easy-to-use management tools that offer a short learning curve and require minimal administrative intervention once properly configured.

Using the an endpoint management system, task management capabilities in conjunction with extensible workflows, administrators can identify configuration drift and send automated change management scripts before disruptive events happen; remediate faster with automated tasks that can automatically restart services in the event of downtime; and create automated tasks for discovery, inventory, server provisioning, patch management, backup and recovery, and more—all of which saves time and helps eliminate human error, which increases compliance with published policies.

Next month we’ll start discussing the network layer of protection including Network Access Control and Email/Web protection.