It seems that “real time” is the Holy Grail these days for cybersecurity – everything on the network monitored, analyzed for concerns, and either fixed or at least quarantined in a moment’s notice. Obviously this is never completely possible, so we need to pick those areas that either lower risk or increase opportunity. The technology discussed in this article happens to offer both.
I recently attended a few briefings and watched real time patching and configuration management across all assets on a network. While this represents only part of the automated continuous monitoring and remediation processes needed on any network, I found it compelling because patch management and configuration management are fundamentals of security and can also be money savers.
It’s somewhat ironic that I had to interview people using this technology commercially to learn that it not only increases security but also has an immediate ROI separate from security. What’s that ROI based on? Energy savings, it turns out.
Major companies today are buying configuration management tools to maintain configurations not just for security, but also to enforce internal standards for devices to shut them off when not in use.
Some will recall that in the federal space, this was the early driver behind the Federal Desktop Core Configuration (FDCC) standard, but by now most everyone has forgotten that.
The technology formerly known as BigFix has been purchased by IBM and is now part of its network management suite known as Tivoli Endpoint Management. The idea is that everything on the network needs to be identified and continuously patched – that’s patch management. And second, everything on the network also needs to be configured to meet both internal and external standards. All of this needs to happen at scale in real time regardless of how extensive or busy the network.
Externally imposed standards, such as PCI, SOX, HIPPA, and FISMA, demand that assets on a network be configured in a certain way and that the configuration be maintained. Technical people tell me that configurations tend to drift out of compliance, and unless someone is watching constantly, they can easily go undetected. Auditing once a year, as has been the case in the federal government since FISMA was passed in 2002, just doesn’t cut it anymore. Now we’re moving to continuous monitoring within the new Risk Management Framework as articulated in NIST SP 800-37.
A kissing cousin to configuration management is patch management. Old, unpatched systems are great places from which to launch an attack and they either need to brought up to current specifications and revision levels or shut down. But first they need to be identified. Can Tivoli Endpoint Management help with this? The answer is yes. Some government agencies are willing to show it operating in real time via a web-sharing session. I recommend you check it out.
Steve Charles is co-founder and executive vice president of immixGroup, Inc., which helps technology companies do business with the government. He is also a member of Breaking Gov’s Editorial Advisory Council.