In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, addresses whether it is necessary for already hardened systems to utilize file integrity monitoring software. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Robert. Welcome back, always a pleasure to be speaking with you.
A: I love the opportunities to chat with you about security on your show, Hillarie. Thanks for inviting me back.
Q: Any time, and we've been talking about system hardening, but today we're going to add something new in there which is configuration drift. So I've been hearing people talk about configuration drift, but I'd love for you to weigh in on what it is and how it happens.
A: I think you're hearing more folks speaking about configuration drift because our systems are just becoming more and more complex. If you have a system that's configured in a hardened state, yes, it may be in a hardened state today, but what about after that next windows update? Or what about after that upgrade to this key software program that's needed in your enterprise? Or is it still in a hardened state after you've asked your engineer to optimize the performance of that system? So, is it still in that state? And if not, what was affected?
So, we think about the fact that there are hundreds of thousands of files on systems, and perhaps an equal amount of configuration settings. How do you really understand what's actually happening? You know, and that entire process of understanding and realizing that those settings aren't the same, that's configuration drift. There's not a whole lot you can do about it. In fact, there are times, Hillarie, where I've just told people: Listen, drift happens.
Q: Yeah, absolutely. Drift happens. Okay, so I guess, since drift happens, you know. What can people do to try to prevent configuration drift?
A: Well, I believe it all starts with a strong change management process and making sure that that change management process is both enforced and follows. So that's where it all starts. However, we have to be honest. No matter how strong of a change management process you may have, it doesn't prevent certain types of changes from inadvertently affecting you. For instance, if you upgrade that key software program that I mentioned earlier. It was part of an authorized change management process, but you didn't realize that it changed a few key settings that are contrary to best security practices. You know, that just slips right by the radar. So, as a result, I don't think it's possible to completely prevent configuration drift. However, I do think that it's possible to actually identify when that configuration drift occurs. So you can use that to inject right back in your process to get everything right back into the expected state.
Q: System hardening can help work to prevent configuration drift, but I guess, what is the process that someone should follow to set up a solution?
A: Well, I think that's a bit of an industry misconception. System hardening can't necessarily prevent configuration drift. I mean, I really feel like there's not a whole lot you can do to prevent it. But system hardening is a best effort to configure your systems in a way that reduces your attack surface and improves your overall security profile. So that, theoretically, should reduce unexpected configuration changes, perhaps the ones related to cyber threats, but it's certainly not foolproof. And humans, or wetware, they're still our biggest threat to our IT systems. Humans inadvertently cause communication drift, even when they're honestly trying to do the right things.
So this conversation really intersects with the work that we're doing at Cimcor. We've been developing a product called CimTrak that can identify whenever your system drifts away from a secure configuration baseline. And in the event that a system does drift from the expected configuration, CimTrak will notify you, and also provide recommendations on exactly what you must do to reconfigure that system back into a hardened state. It can also help you identify when unexpected changes are made to your systems and identify right down to the byte level what has changed.
So this is a real issue, and you know it's becoming harder and harder by the day. So if any of your listeners would like to try our configuration drift monitoring tool, our tool again is called CimTrak. If any of your listeners are willing to accept the fact that drift happens, but will like to understand exactly what that means and what's happened in their infrastructure, they're welcome to visit our website.
Our website is www.cimcor.com. That's C as in cat, I, M, C, O, R.com and we can get you going right away. It's easy to set up, easy to configure, and we will provide you unprecedented insight into your infrastructure.
Q: It almost sounds too good to be true, Robert, but I know that it's true. So thank you so much for offering that, and thank you so much for taking the time to speak with me today. I always enjoy our conversations.
A: It's been my pleasure. Thank you again, Hillarie.
March 2, 2023