Home » #SecurityFirst

Tag: #SecurityFirst

data security configuration

How Misconfiguration Can Lead to Data Compromise

configuration: the way a computer or computer system is put together; a specific set and arrangement of internal and external components, including hardware, software and devices.

Source: Dictionary.com

Configuration is Key to Data Security

Did you know that just about every data security related compliance framework contains extensive requirements around configuration of hardware and software controls? Why? Because the way in which hardware or software is configured is about as important as having the device or software itself. For instance, having a firewall is a good thing, but it won’t do any good unless it’s configured to filter traffic between the internet and your computer network in a manner consistent with your security goals.

Some examples of the importance of secure configuration come from Trustwave’s 2018 Global Security Report where testing of thousands of web applications found that 100% were found to have at least one vulnerability. In addition, OWASP (Open Web Application Security Project) has security misconfiguration on their top 10 list of the most critical web application security risks for 2017. Lastly, the Verizon 2018 Data Breach Investigations Report (DBIR) recommends routine scans to identify misconfigurations before hackers do. Misconfigured databases, such as those directly connected to the internet and searchable by anyone on the internet, were a notable finding in the report.

Even on brand new computers, the default configuration for the onboard operating system is often not very secure. This is because computer manufacturers often have goals of ease of use, easy setup, or ease of establishing internet-based communications rather than security. As an example of this, I was recently setting up a new computer for my parents. As I was leafing through all configuration settings, I was surprised when I found that one of the default security settings was for the firewall to be turned off. Needless to say, I quickly turned it on.

How to Monitor Your Security Configuration

If you are a business owner or manager busy with running a business, you may not understand or have time to review your computer security configuration settings on a regular basis. For this reason, one of the security services that is included with Wind River Financial’s new Advanced Security Package (ASP) is Security Configuration Monitoring.

This is a service that monitors computer configuration against the relevant PCI Data Security Standard controls. It’s an automated service that detects configuration settings that are non-compliant and may weaken your business’s security posture. It does so on an ongoing basis which is important because sometimes employees intentionally, or unintentionally, change settings on computers on which they are working. It’s important that those responsible for a business become aware when settings are changed that may introduce a risk to the business which is exactly the purpose of this service.

Security Configuration Monitoring is but one of many data security related services that are available as a software agent download as part of Wind River Financial’s ASP. If we have not contacted you about enrolling in this program, you may be hearing from us shortly as it’s being rolled out in phases. If you have not been contacted but would like to get a jump start on it, give us a call or send us an email and we can get you started.

Data-Security-Detection-&-Prevention

Detection and Prevention – Two Pillars of Data Security

When it comes to data security, one thing is for sure. There is no magic bullet. Although it would definitely make life easier, it’s just not that easy. So, despite its inherent challenges, where should you begin? What is your first priority when it comes to data security? Here is what over 1,600 full-time IT professionals believe should be your number one responsibility according to Trustwave’s 2017 Security Pressures Report .

Top 5 Data Security Responsibilities

1. Identifying vulnerabilities (22%)
2. Preventing Malware (20%)
3. Strengthening Remote Access and passwords (13%)
4. Detecting malicious activity and compromises (12%)
5. Patching Vulnerabilities (12%)

Previously, we mentioned that only 7% of IT professionals believe they will not be the victim of a data breach. The is a sobering statistic. It should then come as no surprise that the two most popular survey answers highlight very specific responsibilities: detection and prevention.

Keeping Up with Detection and Prevention

With the number of breaches increasing and almost 80% of the respondents stressing the importance of detection and prevention, it would seem logical that the need for resources would be a source of discussion.

In the Security Pressures Report, 51 percent of the operational pressures come down to a lack of resources:

  • lack of security skills and expertise (15%)
  • lack of budget (14%)
  • lack of staff members (13%)
  • lack of time (9%)

For many businesses, they are finding it difficult to find resources and cost-effective ways to arm themselves for the challenge.

Security Tools and Managed Services

As businesses look to be more proactive, they are looking more and more at how they can bring together the tools they need and automate parts of the detection and prevention cycle. It is a theme that we at Wind River are hearing from of our customers and prospects. We believe that in order to stay ahead of the hackers, it is important to adopt a new mindset. Instead of each company trying to “staff up” and needing the same skilled resources, it makes more sense to look to companies that focus on data security, monitoring, and prevention.

Partnering to Win the Battle

As we look to help our customers in the detection and prevention battle, we looked to find a partner that has the focus and marks of being a leader in their industry. Trustwave was recognized by Gartner by being placed in the “Leader” quadrant of their Magic Quadrant evaluation.

In partnership with Trustwave, Wind River has now launched the Advanced Security Package. It contains key tools in each of the areas of identifying vulnerabilities, preventing malware, strengthening remote access control, and detecting malicious activity.
We invite you to learn more by going to our web site. For our customers, it is easy to get started, simply click here and check out the video and 3 steps to get started or contact your relationship manager.