Three steps to better security

People say that the rewards of remote and dispersed working outweigh the risks. But if you’re a CIO or CISO, what can you do to ensure that’s the case?

Employees are more productive and happier when they work from home, more able to balance the competing demands of 21st century life. But how do you ensure that your systems are ready to meet the demands of added load and added risk?

To keep it simple, we at Runecast suggest a three-step approach to securing and maintaining your IT infrastructure.

Assess

You can’t get where you’re going without first knowing where you’re starting from. A simple aphorism that rings true. In terms of your IT infrastructure, this is where a security and a vulnerability assessment is imperative. 

Vulnerability Assessments

Your vulnerability assessment is important because it shows you where your setup is lacking. Think of a boxing trainer picking apart a trainee’s movements, showing how they drop their hand when they move, leaving them open to a dangerous counter punch. Or how you might hire someone with social engineering skills to test the processes of your staff.

The point of these assessments is not to shame the trainee or the staff, but to understand what the current state of play is. Accepting that there are vulnerabilities doesn’t mean you have to like it, in fact the dislike of the current state of affairs can be a powerful motivator to improve.

A good vulnerability assessment should look at the whole setup, from top to bottom and how it all works together. If you’re running Kubernetes you don’t just want to know that the containers are secure, you want to know that the infrastructure the containers are built on is also secure.

And ideally you want to be able to see these results and vulnerabilities alongside each other, the way a doctor would look at treating a patient (your IT systems) as a whole, rather than a group of discrete symptoms and problems with many different solutions. 

Security Assessments

Your security assessment is a focused form of vulnerability assessment, where your infrastructure and its configuration is compared to the ideal baseline in a particular security standard. There are vendor neutral security standards, such as CIS, government standards such as DISA STIG, and there are specific vendor best practices, such as ones for AWS or VMware. 

Staying compliant with security standards and keeping up with the latest changes and updates is extremely time-consuming. At the same time, it is paramount for security compliance to be approached in a proactive manner, ensuring that System Admins get ahead of the curve rather than waste valuable time constantly firefighting. 

Automation is pretty much essential here, as there are more checks and more detail than is feasible for humans to manage. Security teams can give some of their time to staying up to date, reading magazines, blogs, white papers and the like, but to stay current across all technologies and trends, is now more than a full time job. Runecast provides a CSPM solution which includes proactive analysis, meaning that all of the sources that your teams wish they could read (but won’t ever be able to in reality) are compared to your environment in minutes. Combined with immediate remediation scripts tailored to your environments, clear language and granular, customisable reports… well, our customers say Runecast saves them 75-90% of the time they previously spent troubleshooting.

Remediate

Once the assessments are complete it’s time to fix the issues. Several of the security standards and vendor guidelines mentioned above come with remediation information within their documentation. These can be as simple as the ‘correct’ values or settings for certain parameters, ensuring default access methods are closed off for example, or as precise as specifying networking protocols and topology. 

Using a framework like the Known Exploited Vulnerabilities (KEVs) from the CISA catalog can help your teams to prioritise which issues to remediate first. The KEVs are vulnerabilities that have been seen ‘in the wild’, vulnerabilities which have been used to attack systems and reported to CISA.

Within the Runecast platform, IT Security and Operations teams are able to see which vulnerabilities form part of the CISA KEV catalog to make it easier to address them. The number of issues and vulnerabilities for which Runecast provides remediation scripts is also regularly expanding.

Remediation, like any change in a live environment, is not something to be undertaken lightly. Because our remediation scripts are generated from the same scans which find issues, they’re custom made to your environments. There’s no need to add or tweak any variables, as they can be submitted for proper review and implemented as-is.

And remember, before you make any changes always take a backup, always have a snapshot ready to go.

Maintain and Monitor

Maintenance, monitoring and auditing are the calm after the storm. Hopefully, they prevent another storm from rolling over you.

Configurations are an early warning sign against issues in your environments. Once the issues have been resolved and the configurations of your IT systems are matched to the security standards, then changes should be watched and policed very carefully, so as not to deviate from the standard. A simple way of doing this is to take a configuration snapshot of the known good configuration and to compare the current configuration against it. It’s even simpler if your IT platform can do it for you – and alert you of any changes that take you away from the desired configuration. 

Auditing is the process of combing through the inventory to ensure that you know what you have and that those items are doing what they should be. Runecast can automate this process for you, diving deep into your inventory to find machines across all your hybrid and multi clouds. Runecast even goes into the OS layer, scanning and returning information from Windows and Linux, making sure that no virtual stone is unturned. 

Upgrade planning is also an area where full visibility can save a lot of time.

Runecast automatically analyzes your hardware against the VMware HCL & can simulate ESXi upgrades to find potential issues before an upgrade. One customer stated an expected 90% time savings in upgrade planning by using Runecast.

See more info in this video:

One solution to rule them all

Runecast is the evolution of IT operations and security tools. Your teams can simplify and add speed by combining all of the above processes into a single platform – one with class-leading depth and spread, giving you a vision of your entire enterprise and what its most critical needs are. Runecast shows you how to fix those needs and how to keep your infrastructure secure and optimised once you’ve brought them up to scratch.

If you’re interested in giving your teams the competitive edge and increasing the productivity within your IT Security and Ops teams, contact us to learn what Runecast can do for your own unique environment.