How can you effectively protect your network from threats and vulnerabilities if you don’t know the true status of your devices or if changes to them have occurred? Configuration monitoring reduces and eliminates security gaps that leave you vulnerable to cyber attacks, while helping you meet your compliance and regulatory needs. Our baseline configuration best practices will help you deploy a strong implementation that will keep you secure.
What are the Benefits of Baseline Configuration Monitoring
Each of your assets stores electronic configuration files or records. That information includes the functional settings determining how the asset operates, version of software currently installed (BIOS, firmware, OS, applications, etc.), patches, active ports and their configurations and services that are enabled.
The larger your fleet of the devices, the more work this entails to ensure everything is as it should be across your devices. For many, this process of checking a device against the established baseline is manual. This means going to the device, manually referencing its configuration against how it was configured before and repeating that process – potentially hundreds or thousands of times. It is both tedious and prone to human error.
For many, configuration monitoring is required for compliance reasons. However, a strong BCM implementation will do more than keep you compliant. It will keep you aware of what is happening on your devices. Should a user connect to that device and make a change that deviates its configuration away from how you want it, you will know. The benefits to your security are ample.
Baseline Configuration Monitoring benefits:
- Prevent configuration drift by setting a “golden image,” to automatically compare your devices against. If the device configuration drifts from this image, you will know.
- Know where your devices are, how they are configured and know if they are within your compliance needs. BCM will allow you to validate your fleet.
- Catch malicious configurations, silent installs or other threats to your security
- Run compliance audits on your assets within your fleet automatically, without the need for an agent or dispatching someone to retrieve the data.
With these benefits in mind, let’s review our baseline configuration monitoring best practices so you can ensure your BCM implementation is giving you the maximum security benefits that it can provide.
Baseline Configuration Monitoring Best Practices
Think of it as a security solution, not just a regulatory and compliance solution
While you may be implementing your baseline configuration monitoring as a means to resolve compliance and regulatory requirements, these requirements exist for a reason: Your security.
It’s important to remember this while you implement your BCM and use this mindset as a guide. This will help you envision exactly what you need to be collecting for your baselines. Which leads us to our next baseline configuration monitoring best practice…
Think beyond the data you collect as merely meeting your regulatory and compliance needs
Because you are resolving more than a compliance and regulation need, but also ensuring your security, consider what is truly important for you to be collecting. While the data you collect for your compliance requirements may be sufficient, in other cases there could be a lot more that you want to know about your device baselines.
In this case, there is no “one size fits all” approach to collecting your baselines for your devices. Consider what is important for your security and what you need to be aware about your devices and use this as your guide to collecting your baseline device data.
Completely eliminate people from the process
As a key baseline configuration monitoring best practice, you should aim to automate this process, removing people from it, while increasing your accuracy and speed at which you collect your configuration data.
People manually checking your device configurations are going to make an error at some point. Scaling this manual checking is also incredibly difficult in larger fleets of devices and reduces your ability to get the critical security insights you want, as often as you need.
Check Your Baselines Often
Your regulatory needs may only require once every 35 days as your interval for baseline checks. Do you really want to wait up to 35 days before understanding if a device’s configuration has changed and that you are vulnerable?
You should check your device baselines at least once a day. Even better, you should be checking every time a user has finished their session to that device.
Collect the data in a way that you can process it
Data can be raw. You need to collect the data in a way that you can process it. A Linux or Windows machine are not the same. The data retrieved from those devices could come back different. Make it uniform and format the data so it’s quickly referenceable. Your baseline configuration monitoring tool needs to be able to normalize this data for you.
Implement These BCM Best Practices to Be More Secure
Our ConsoleWorks cybersecurity platform helps you meet your compliance and device monitoring needs. With these best practices in mind, you’re ready to take the next step in your implementation. Should you have any questions, we are always available to talk about your particular needs here.