Data Security Podcast
In a recent podcast interview with Zack Hack, Host of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses configuration drift - equal security drift, the issues organizations may face with it, and what can be done to combat it. The podcast can be listened to in its entirety below.
Zack Hack here. Welcome to the Data Security Podcast sponsored by Cimcor. Cimcor develops innovative next-generation file integrity monitoring software. CimTrak Integrity Suite monitors and protects a wide range of physical network cloud and virtual IT assets in real-time while providing detailed forensic information about all changes securing your infrastructure with CimTrak helps you get compliant. and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak-integrity-suite.
Q: Joining us today is President and CEO, Robert Johnson III. Robert has been a pioneer in the development of next-gen system integrity monitoring, self-healing systems, and cybersecurity software. Welcome back, Robert. Great to be chatting with you again. How've you been?
A: I've been well, I am glad to be back on the show with you again, Zack.
Q: Absolutely. Today, we're going to talk about something special. Configuration Drift - Equal Security Drift. I want to talk a little bit more about configuration issues or problems that organizations have. Specifically, what I'd like to discuss is configuration drift and what this really means, if you can tell us.
A: All right. Well, configuration drift means one of two things: That the configuration settings and files for a particular application or set of applications that have changed from the expected state or settings. Or another way you can look at configuration drift is that the configuration of a system overall has changed from the expected state. Now, this is typically called a drift from a secure configuration baseline. In an enterprise space, enterprises typically use CIS Benchmarks to ensure that systems are in a hardened and secure state, and in the federal space, folks tend to use DISA STIGs. Now, there are risks in both cases.
In the first scenario, when I spoke of configuration settings drift or configuration files drift from an expected state, the risk is improper operation of key components in an IT infrastructure, and this improper operation could be a breach that may have a material impact on your business. Now, let's speak a little bit about the second scenario. In the second scenario, we're speaking about drift from a secure configuration baseline. That means that your IT asset has drifted from a secure and hardened state. That means that your security posture has decreased. Which, of course, introduces risk throughout your entire enterprise.
Q: All right, so now we know a little bit more about drift. How do we begin to take it on? How do we combat it? And is there a specific approach that we can do that will help?
A: Well, not to be coy, Zack but um, drift happens! Every time we upgrade, or patch a system, or modify a setting, or work through a problem on a system, we introduce the possibility of configuration drift. So, we can't really combat drift itself, but change and invoking change, you know, both of those are really core to the human condition. So, the approach really should be: Can we identify this drift? And identify this drift as quickly as possible? And ideally, identify it in real-time. This provides you with the insight needed to quickly review the nature of this configuration drift, and then to take the appropriate steps to remediate the configuration settings and the files and reestablish that system back into a hardened state.
Q: And is there additional configuration best practices that organizations can align to help with the security drift that happens?
A: Yes, from a best practices perspective, the industry needs to move to the concept of continuous detection of drift. Many of the operational and security issues that enterprises face, if you do a decomposition of the problem, you realize it started with drift that occurred for which no one was aware, and it went undetected. It is vitally important to put controls in place to identify a drift from a secure configuration and drift from a hardened state, and furthermore drift from a state of integrity.
Our system integrity assurance platform called CimTrak is an easy and powerful way to continuously detect drift throughout your entire enterprise. CimTrak can identify in real-time drift to configuration settings, drifted configuration files, and other unexpected changes to servers and network devices, databases, docker, Kubernetes, cloud platforms, active directory, and so much more. CimTrak can also monitor your systems to ensure that they're in a hardened state, and notify you when their security posture changes. You want to know when your security posture decreases, and this provides you with that insight. So this notification also includes remediation of it, so that you can quickly get your systems back in a hardened state, and improve your overall security posture.
Q: Well, we're informed. Thank you so much for letting us know that and giving us that great information. Robert, always a pleasure to chat with you, and thanks a lot for being on the show.
A: I appreciate the opportunity and look forward to speaking with you again. Thanks, Zack.
August 23, 2022