Mark Kedgley
Mark Kedgley
NNT - New Net Technologies

Last week, our team had the pleasure of hosting a virtual panel on securing digital transformation and what COVID-19 means for cyber security as we continue to navigate the increasingly remote workforce.

Amid the COVID-19 pandemic, remote working has added a new dimension to the security, compliance, and digital transformation demand landscape. During the session, our group of panelists emphasized the importance of embedding security solutions and processes in order to reduce complexity and massively increase the automation of killer manual tasks.

CISO panel

Senior leaders to provide insight on the topic included the following: David Cass, VP of Cyber & IT Risk, Federal Reserve Bank of New York; Mahbubul Islam, CISO, HM Courts & Tribunals Service; Mudassar Ulhaq, CIO, Waverton Investment Management; and Angus Macrae, Head of Cybersecurity, King’s College London.

My expertise and passion lie heavily in empowering change control for effective security. During the panel, I had the opportunity to dive into details around how organizations can gain visibility across their networks and data centers in order detect unauthorized changes. While our team was already highly virtualized, we have seen a major push from organizations to open up connectivity to their networks at a rapid pace. With this comes an increased attack surface that organizations need to pay close attention to as they are one slip away from opening up their data to the rest of the world.

Change control is key. From our experience, organizations need to automate configuration while using VPNs and Firewalls for remote working. This way, teams are provided with an audit trail of what was changed, what the implications are, and how to fix it.

Change Control vs. Change Management

The panel also dives into both change management and change control. These two terms are often confused so its helpful to provide some clear defintions. Change Control is defined as the process of understanding and monitoring the actual changes that occur with a specific focus on spotting changes that may cause harm. Conversely, Change Management is the process required to request, review, approve and commission changes, while Change Control is the active analysis of actual changes that have occurred.

Change Management can be seriously flawed from a security standpoint without some form of Change Control. Change Management’s ‘dirty little secret’ is that, despite the comfort blanket of documentation and approvals, you never know what’s really going on. You have no idea what was actually changed, either during the Change Window or at any other time.

Change Control seeks to examine all changes and reconcile these with what we expected, along with further analysis of the changes to ensure no hidden malware or zero-day infections exist. Simply put, you need Change Control to ensure the changes that are happening aren't harmful.

By implementing NNT’s Change Control Program, organizations will have the rules and processes in place to capture changes that are either:

  • Planned & detailed ahead of time, but not checked after the event for authenticity
  • Planned ahead of time that will be checked for authenticity as the changes occur
  • Not planned ahead of time, but are approved based on previous knowledge of the changes and their adherence to the criteria for which they were previously approved
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.