Senior Technical Support Engineer
NNT - New Net Technologies
With the ever-changing landscape of IT Security, the war against cybercriminals continues to evolve on a day by day basis. Now more than ever before, organizations need to implement proper security controls and mechanisms to help defend against the evolving threat landscape.
Adopting an intelligent change control process can aide in ensuring that a changing IT estate is doing so in an approved, intended, and secure fashion. A strictly enforced change control process is the foundation of your defense against not only malicious activity, but also the far more likely misconfiguration occurrence. Also, in the case that a breach does occur, without proper change control, detecting the breach would be almost impossible. A good change control process can ensure that the time to detect a breach is greatly reduced, helping you minimize the damage of a breach.
According to IBM, companies on average take 197 days to identify a breach and around 69 days to contain a breach. With proper change control, you can reduce the time to detect, giving you the opportunity to react and contain the breach before more damage is done to the organization, its stakeholders, and its clients.
But how does one adopt intelligent change control in their environment? What are the key steps to ensuring the security of your environment, and the changes occurring within it? Here are 4 critical steps to adopting intelligent change control:
The first step to developing an effective change control process is to adopt an effective security strategy and framework. Having a trusted security framework in place will ensure that you are implementing IT infrastructure best practices and streamlining your IT services. These frameworks should act as a roadmap to ensure that your IT estate is in the best possible shape it can be. There are several frameworks to choose from, including ITIL, COBIT, and NIST just to name a few. Performing basic research should assist an organization in determining which framework best suites them. Once a core framework has been selected and implemented, it can be paired with the NNT SecureOps Framework.
NNT SecureOps combines security and operations where it matters most – in the change process. With SecureOps, control of changes becomes automated, ensuring every change is analyzed, audited, and accounted for, even in enterprise environments with thousands of devices and millions of changes. SecureOps combines established best practices for security and IT service management to deliver a solution that identifies and highlights unknown, unwanted and potentially malicious events in real-time, without all the noise and headaches of endless alerts. Visit our SecureOps webpage to learn more.
After the enterprise has decided on a framework ideology to follow, the next step is to create and develop a change management process. The easiest way to accomplish this is by either creating a change management model, or following one of the existing, popular models such as Lewin’s Change Management Model, The ADKAR Change Management Model, or Kotter’s 8-step Change Management Model to name a few. These different models specify the Change Management Processes specific to each model and can generally be incorporated into most environments without too much overhead. Once you have decided on a model, you can then purchase the required IT Service Management software to manage Change Requests and Incident response. The most common ITSM tools on the market include ServiceNow, BMC, and Cherwell.
Once the framework ideologies and change management models and processes have been determined, the next stage will include purchasing a variety of security tools to validate that the processes are being adhered to. In addition to IT Service Management Software, an environment will also have a need for File Integrity Monitoring Software, Security Information and Event Management (SIEM) Software, and a Configuration Monitoring and Vulnerability Scanning solution.
Below are some basic descriptions of what each tool’s function is within the environment, and the NNT Solution that covers each item:
- File Integrity Monitoring (FIM) Software – NNT Change Tracker provides critical and fundamental cybersecurity prevention and detection. Some of the features of Change Tracker include: automated CIS Controls, breach detection, real-time contextual file integrity monitoring (FIM), system hardening & vulnerability management, continuous compliance monitoring across all industries, quick and easy manageability and scalability, noise reduction through integration, automation, and automated safe file hash whitelisting.
- Security Information and Event Management (SIEM) Software – NNT Log Tracker is a comprehensive and easy-to-use Security Information and Event Management (SIEM) solution for any compliance mandate. Some of the features of Log Tracker include: enterprise-class SIEM capabilities, compliance automation, user & system activity audit trails, network anomaly forensics, proactive threat detection, and built in forensic analysis correlation.
- Vulnerability Scanning Software – NNT Vulnerability Tracker is a world class and user-friendly vulnerability scanning and management solution. Vulnerability Tracker identifies known vulnerabilities within software and configuration settings before they can be exploited by a cyber-attack. Vulnerability Tracker has over 77,000 automated vulnerability tests that are continuously expanding in real time, over 136,000 CVE’s updated every minute via our live cloud feed, blended credentialed and non-credentialed tests to give flexibility to your scanning program, fully distributed architecture, and extreme scanning speeds for over 50,000 endpoints per 24-hours.
Once these tools have all been incorporated into the environment, it is best to try and design a closed loop approach in order to facilitate information in the likelihood that a breach or misconfiguration occurs. With NNT’s security suite, we make this easy to adopt by utilizing our unique SecureOps strategy. Learn more about Closed-Loop Intelligent Change Control by watching this video overview.
In a real-world use case, let’s assume that an organization has selected NIST as their framework ideology and has developed a Change Management process and purchased one of the common ITSM applications. Let’s also assume that the organization has decided to incorporate NNT SecureOps strategy alongside their ideology and change process along with our suite of products. What would that look like?
First off, you would want to run a vulnerability scan of the environment to get a feel for where there may be issues. Hang on to this scan for later, as we will cover it in the next section. Next, you will want to implement Change Tracker’s FIM and configuration monitoring functions. Using this tool, you can monitor the environment across all systems to validate that the systems are meeting the pre-defined NIST framework selected. These reports can be run on a daily basis, so capturing configuration drift becomes easy.
Next, our tool at this stage has most likely been configured to capture the relevant change information such as file system changes, registry changes, changes to installed software, local accounts, and group policy changes. We can now integrate Change Tracker with the purchased ITSM solution. This gives an organization the ability to correlate changes within your environment with an approved ticket or set of intelligent change rules, which in turn helps to prevent and protect against all forms of breach as well as gaining full control of changes for security, compliance and operational peace of mind. If a change is detected outside of a preconfigured change window, Change Tracker can generate an incident on the ITSM solution, raising the alerts to plain sight and giving the organization the option to review and create actions based on the change occurring, whether it be a breach, misconfiguration, or a breach in the change management process.
Once an incident has been created, you can use NNT Log Tracker to validate any of the system logs on the particular system during the time of the event.
Combining the use of your ITSM tool with NNT’s security suite not only gives you the power to truly control change within your environment, but it also gives you the ability to get a full birds eye view of what exactly happened when a change does occur.
Finally, the key piece of the puzzle to truly having an impenetrable network with a tight change management process is to remediate the vulnerabilities that are currently present within the enterprise. Ideally, the Vulnerability Scanning and Management tool you have chosen has the ability to validate the severity of the discovered vulnerabilities, and so you will want to remediate the highest severity items that are impacting the most devices as the initial priority. Then, once you have sorted out the critical vulnerabilities, it should be a goal to try and maintain that secure posture to the best of the organization’s ability. This can be accomplished with a variety of different methods.
Maintaining a secure posture can be easily accomplished by utilizing the NNT’s suite of security products and their automated feature set. First, continuous vulnerability scanning should be done. NNT Vulnerability Tracker allows you to schedule these to be initiated automatically. Next, once the vulnerabilities are remediated, you’ll want to incorporate some sort of system hardening such as the Center for Internet Security’s CIS Benchmarks. Once you have hardened your systems, you’ll want to use a tool similar to NNT Change Tracker that can monitor the hardened settings alongside your selected framework in order to validate that configuration drift is not occurring within the environment. When drift does occur outside of a designated window, you can use the integrity monitoring and logging capabilities of Change Tracker and Log Tracker to get a full view of exactly what happened within the environment.
With automatic application updates, constant operating system patching, and busy IT staff, it is not easy to adopt change control processes into an organization. However, with a little bit of help from existing frameworks, and tools such as NNT’s, a seemingly difficult task can be made easy. Following a security framework ideology, combined with NNT’s SecureOps strategy, as well as utilizing our full suite of security products in combination with an ITSM solution through our seamless integration, you can put the spotlight on any unintended changes that may occur within your environment and have the peace of mind that if a breach or misconfiguration does occur, you will be able to quickly and effortlessly remediate it. To see these tools in actions and to learn more about NNT's SecureOps strategy, watch our new SecureOps demo on-demand today.