As we discussed in an earlier article, getting into security compliance is a big effort. Worse yet, Verizon says 80% of those who get in compliance have trouble staying there. When you discover you’re out of security compliance, there’s typically high drama if an auditor notices, or even higher drama if your security team discovers you’ve let an intruder in. Too much drama and too much elapsed time reduces security and impairs organizational learning.
Too much drama and too much elapsed time reduces security and impairs organizational learning
What’s needed is a way to find these problems right after they’re created – while the people involved still remember what they did and why they did it. This changes the whole dynamic and creates teachable moments instead of high stress drama – before an intruder or auditor finds the weakness.
Of course, some security compliance items can’t be automatically monitored, but those that involve following application and operating system best practices (a.k.a. hardening) can be. Given the ever-increasing workload on security teams, and the growing shortage of security talent, and the increasing aggressiveness of intruders it’s vital to automate those things that can be automated.
Ensuring Continual Security Compliance
What’s called for are automated methods for ensuring continual security compliance – which notice in minutes when a system is out of security compliance. These methods need to be simple to install, configure and maintain, and work with a high degree of certainty – that is, minimal false indications.
In addition to the organizational effects of being able to have rational adult conversations about security rules and configurations (security compliance), it dramatically shrinks the time-dimension of the attack surface. This improves both the security compliance process and the actual security of systems.
This is the direction of the Assimilation System Management Suite is taking next – providing continual validation of systems against IT (security) best practices for security compliance and also providing methods for immediately understanding the impact of vendor patch announcements. Since the Assimilation Suite does everything through detailed automated discovery – installation and configuration is minimized. In addition, validation of system configuration against a set of mechanically verifiable best practices is low-noise – either it follows these best practices or it does not.