This is the third entry in a series of how Triumfant helps plug gaps in your endpoint security defense-in-depth strategy. In this entry I will address security configuration management – ensuring that the defensive software you have deployed is really deployed, properly configured, and in working order.
In my opening entry on this series I presented information about how many breaches do not come from some sophisticated malware or innovative attack vector, but rather as the result of missing or misconfigured software. The source for such issues may be:
- Deployment issues where software is simply not deployed, improperly deployed, or improperly configured.
- User ignorance in the form of altering configuration settings, turning off defensive software, or responding to social engineering.
- A maliciously intended insider making changes to machines to either introduce malicious code or make the machine vulnerable to malicious code.
Security configuration management exists at the convergence of security and operations; combining elements of vulnerability assessment, automated remediation, and configuration compliance. The end goal is to reduce risks by ensuring that systems are configured properly
Triumfant is extremely effective at security configuration management, and can enforce multiple security policies simultaneously on endpoint populations or specific groups within that population. By using its patented analytics, Triumfant can detect configuration settings that depart from the normal settings of like computers, providing indicators of misconfiguration even if there is not a specific policy for that particular setting. When Triumfant detects non-compliance, it can synthesize a remediation and return the machine to compliance automatically.
As a result, businesses and government agencies can start every day knowing that every computer is compliant with organizational security policies and/or with mandated policies such FDCC Compliance, FISMA, or PCI. Defensive software is in place and executing properly, allowing it to do the job for which it was intended – to protect the machine. Configuration settings at the operating system and application levels are set to organizational standards to maximize security and minimize risk. And all of these tasks are executed on every computer every day, with minimal or even zero labor costs. Our customers start every day audit ready and prepared to face the threats poised to attack any vulnerability.
This every computer, every day approach is unique to the industry and only possible because of Triumfant’s ability to detect unexpected changes and conditions on endpoint machines and automatically remediate the detected problems. Think about how much time, money, and labor goes into endpoint security, only to have machines attacked because they are improperly configured, or the user simply turned off the antivirus agent because it slowed down the machine. With Triumfant driving security configuration management, these vulnerabilities can be eliminated.
Best of all, if malicious code still evades all of this properly working and configured defensive software and finds its way to a machine, Triumfant will detect that attack and remediate the problem, with the same software used for security configuration management. That is what I mean when I say we close all of the gaps in endpoint security.
Click here to subscribe
[...] first question may be why I differentiate between configuration management and policy management. There are many similarities but some subtle differences, particularly when [...]
[...] security problems” – which I interpret to be human error and user ignorance. Triumfant detects and remediates incidents when users – either through ignorance or malicious intent – make changes to a machine. We [...]
[...] firms and one of our partners. During one of the sessions, another partner gave a presentation on security configuration management that nearly drove me to a Kanye West “grab the microphone” [...]