Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

How to Become a More Effective Control Freak

Hardening your IT Infrastructure has its Rewards

Hardening your IT Infrastructure has its Rewards

Nowadays, you’d have to be crazy not to be paranoid. After all, as an IT professional, the potential for chaos is all around you—at all times. Hackers are constantly on the prowl, looking for ways to steal information or take down your operations. At the same time, customers and employees are accessing your network from every conceivable device, and most couldn’t care less what they’re doing to your network security. And that nice, orderly corporate network of the not-so-distant past? It’s history, replaced by one that is literally all over the map with physical servers and virtual machines as well as public, private, and hybrid cloud environments.

Hardening IT Security Infrastructure

So, being a control freak and doing your best to keep pandemonium from breaking out isn’t just all in your head. It’s part of your job description.

But there are challenges at every turn. Cybercriminals’ tools get better all the time, and they’re more determined and better organized than ever before. What’s more, as your IT environment has evolved, the difficulty of securing that environment has increased sharply. For example, let’s say one of your developers spins up a virtual machine on an in-house shared server to test a particular aspect of the software that he’s working on. He gets preoccupied trying to resolve some issue that crops up in his test bed and never de-provisions the VM. Suddenly, there’s a glaring hole in your network security. You might as well announce to cyberthugs everywhere that you’re “open for business.”

Keeping Smart Cybercriminals Out of Your Face

It used to be that hackers were primarily opportunistic. A lot of them were just geeky teenagers looking for easy pickings and cheap thrills. But today’s computer criminals are sophisticated. They target specific people and organizations, and their attacks are highly advanced and numerous. Typical anti-virus, firewall, and other traditional security controls simply aren’t good enough to keep them at bay anymore.

To survive and succeed in this dangerous new world, you need more proactive controls that can protect against all kinds of threats—even unknown ones (aka zero-day threats). Application control and change control can go a long way toward hardening your infrastructure against the wide-ranging and very real threats lurking today.

Application Control: Accentuating the Positive

Advertisement. Scroll to continue reading.

Application control helps keep bad traffic off networks and stops unauthorized applications or those containing malware from running and exploiting vulnerabilities. The three basic ways to enable application control are:

• Blacklisting

• Whitelisting

• Graylisting

Blacklisting: Only a Partial Solution

For decades now, nearly everybody in IT security has been focused on preventing unauthorized applications or those containing malware from running—and then relying on signatures to identify those threats. This approach is known as blacklisting, and it’s the premise behind most anti-virus solutions.

However, developing and distributing a unique signature for each new threat that arises is extremely time-consuming—and leaves a window of vulnerability wide open to unknown threats. Cybercriminals know this. They often create variants of known exploits in an effort to circumvent conventional blacklisting techniques. And with 55,000 new malware variants emerging every day in 2010, IT managers are caught in an endless cycle of obsessive software updating. And the processing overhead to search the ever-expanding signature database increases with each update—to the extent that many embedded systems aren’t even capable of hosting large blacklist files.

Control issues aside, such an approach simply isn’t sustainable.

Whitelisting: Now You’re Making Progress

As you can probably guess from the name, whitelisting takes the exact opposite approach to blacklisting, allowing only software that’s considered safe to run, while blocking all other applications and processes from executing. If an application or process isn’t on the list, it can’t run. Simple as that.

A key component of whitelisting is memory protection, which prevents processes from executing in system memory. This crucial security layer monitors for write operations to memory, blocking all unauthorized attempts.

By allowing only authorized applications or programs with known good behavior to run, whitelisting provides a less computing-intensive way of protecting endpoints than blacklisting. Whitelisting can also protect against zero-day threats, as any unauthorized program is prevented from executing.

While today’s whitelisting technology reduces the need to immediately apply patches, it can be set to automatically check in for updates and download and install them from trusted sources, if desired. What’s more, it can block changes from all sources that can’t be implicitly trusted.

Setting up contemporary whitelisting is comparatively simple. Most whitelisting solutions today are capable of automatically discovering what applications are running on a given device or network and setting a baseline inventory. Anything that tries to run outside of that inventory is blocked.

Graylisting: The Highly Effective Hybrid

A smarter version of application control that combines the benefits of blacklisting and whitelisting is—you guessed it—graylisting.

Graylisting is similar to whitelisting in that protected devices and networks are locked down against any unauthorized programs running on them. Where it differs is that it can leverage real-time global intelligence about emerging threats to make informed decisions about whether or not to allow users to install applications themselves. Effective graylisting solutions feature real-time analytics that use hash values, reputation scoring, and threat correlation capabilities to guard against previously unknown threats. Organizations gain the flexibility of not completely restricting their users’ options, while ensuring that any new applications don’t introduce security vulnerabilities.

Change Control: Configurations in Lockdown

As networks become ever more complex, it becomes increasingly difficult to monitor files and configurations to ensure that any changes are in line with the organization’s security policies. Obviously some changes are necessary, such as when a software update is needed to improve performance. But how do you control change?

A change control mechanism uses a trust-model approach for allowing or disallowing change. Such a feature restricts who can change what, how they can change it, and when it is changeable. In other words, change can only enter the system through the expected means. Unexpected changes are prevented and logged—and administrators are alerted.

Change control and validation are critical to preventing configuration drift—a major cause of network downtime—and avoiding the introduction of vulnerabilities that hackers could exploit. These controls are also key requirements of most industry regulations, such as PCI and HIPAA, which often dictate the specific types of controls required and how changes are to be made.

Why Hardening Your Infrastructure Makes Sense

Organizations that implement application and change control methodologies are able to:

• Improve security posture—Organizations can improve the integrity of their networks by preventing malware from infecting networks—even zero-day, previously unknown threats

• Reduce operational costs—By automating and centralizing administration, companies can ease the management burdens their IT groups face and allow administrators to shift their focus from firefighting to enabling strategic business services

• Better meet compliance requirements—Comprehensive management reports and audit trails can help organizations meet today’s tough governmental and industry compliance demands

Best Practices Make All the Difference

Allowing only approved applications to run and authorized changes to take place is a great way to start protecting your network, end-user systems, and their configurations. By implementing industry best practices, you can further secure your environment from being exploited in the new threat landscape:

• Identify all the systems and applications in use on your network

• Configure, harden, and lock down your systems and applications against unauthorized use or change

• Stay on top of what is happening in your network through constant monitoring

• Continually compare the current state of your systems and applications with the desired gold standard baseline

Tools That Will Let You Lighten Up

Yes, paranoia is an appropriate response in today’s dangerous cyberworld. But it doesn’t have to be a constant drumbeat in your head. Instead, with the right tools, your paranoia becomes background noise—along with all of those threats that are rendered harmless by your IT security best practices. Comprehensive application control, change management, and centralized management capabilities can change your outlook on life. They provide the defense-in-depth you need to guard against increasingly sophisticated security threats, while improving your operational efficiencies and gaining the upper hand in the ongoing battle against cybercrime. In effect, they can make you a control freak who is truly in control.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...