logo

10 Risky Types of Change

Change is inherent to the growth of any successful organization. Adaptation to organizational changes is a necessary reality, and without it, organizations couldn’t keep up with the changing times, demographics, workflows and business. That is why changes in IT infrastructure are a necessary component of all flourishing organizations.

Changes to any IT infrastructure, however, are also the root of much malevolence, as far as security and compliance efforts are concerned. Change is a necessary evil that results in, for example, newly added or removed network devices, permissions modifications and changes in server configurations, and some of the amendments to a once secure IT infrastructure that pose threats to both security measures and regulatory compliance.

Nonetheless, thousands of changes occur within a typical IT infrastructure every day. There the problem rests within, that IT administrators need to devise policy and audit procedures that support organizational changes, but thwart noncompliance and security threats. Several seemingly harmless yet potentially disastrous changes occur within large organizations every day, and it is important for IT administrators to be aware of all those changes and carefully note the steps necessary to limit potential risks accordingly.

One common type of change is the introduction of unauthorized network devices into defenseless IT infrastructures. These unapproved and potentially dangerous devices are often brought by employees who access the company network via personal computers or unsecured wireless access points, unknowingly putting the entire organization at risk. Because foreign devices are, by their very nature, outside of official network monitoring scope, server management and security systems are usually entirely unaware of their mere presence, and thus, leave the IT infrastructure susceptible to security breaches. In order for IT administrators to protect their networks against such harmful security breaches, they must carefully monitor the network, keeping a watchful eye out for any new and unknown devices. Upon discovery of any unknown device, administrators must then investigate the nature of that device and qualify it as a potential threat to the network. Administrators must then put their findings to action by quarantining all hazardous devices and blocking their access into the network.

Another change that can lead to failed regulatory compliance audits, if not carefully monitored, is the disappearance of company assets from the inventory database. Assets can physically disappear, for example, any time that a device is decommissioned or a computer is stolen. As a result, resynchronization is necessary to ensure that following the disappearance, even upon a device’s return to the physical network, device usage and network access is restricted.

It is also essential for administrators to be abreast of mobile devices that constantly join and exit networks. That type of perpetual entry-and-exit activity, now a reality because of mobile devices such as laptops and cell phones, puts organizations at risk for security breaches and failed compliance. To prevent such threats, administrators should establish a procedure that automates monitoring and eventual discovery of all mobile devices present within the network. The ensuing analysis against all new assets to determine whether or not they are in compliance with the company security policy should be followed by quarantinement of any that are not. All such device appearances should also be logged for auditing reports.

It is also important for administrators to be aware of all changes in patch installation and availability. Patches are meant to amend security exposures that leave organizations susceptible to attacks, before they occur. New patches become available all the time and it is essential for administrators to maintain live knowledge of what objects have been upgraded to any given patch level. Administrators need to be aware of all systems that need new patches, next configuring internal security procedures to mandate all available patch improvements. It is then necessary to apply all the available patches. The Windows Update Checker is a quick and easy way for IT professionals to be sure that all of their patches are up to date by way of automated patch assignment E-mails that notify administrators of outdated network servers.

It is crucial to remember that users don’t always remember to carry out all the steps necessary to follow company policy, so changes that they make may put an organization as risk. Even if the proper company procedures demand regulatory compliance, any individual’s failure to follow company practice is all that is necessary to fail to adhere to regulatory compliance regulations. Thus, it is necessary to regularly monitor all changes within the IT infrastructure with a solution such as the Netwrix Change Reporter Suite. The Change Reporter Suites reports on all changes as they occur, allowing proper analysis and detection of unauthorized actions that can leave IT infrastructures in a noncompliant state.

Next, it is essential for administrators to keep tabs on all applications installed on network computers. Certain applications can conceal malicious traffic and it is thus necessary to be aware of all recently installed network services by way of regular monitoring. Administrators will then have to disable all affected network devices connected to any applications found to have the malicious traffic.

It is important to monitor access permissions changes for assets essential to business operation. Administrators can discover such changes through a solution, such as the Netwrix File Server Change Reporter, and analyze them for security risks. By monitoring those types of changes, small threats can be resolved before they become major issues.

Shared files often bypass the restraints of the security infrastructure, so it is crucial that administrators be aware of all network leaks. Such leaks can put organizations at risk for malware strikes. Any time an employee opens a shared folder from home or uploads new content into that folder from a foreign device, for example, they leave the folder susceptible to any viruses or malware that may be present on their own devices. To combat these types of malware attacks, it is essential to be aware of all changes involving the appearance of existing shared folders from new locations. Administrators need be wary of all such network shares, and it may also be necessary to put forth a security policy that forbids access to chained network assets from outside of the network boundaries. Netwrix File Server Change Reporter andthe Netwrix USB Blockerare efficient tools that can help companies audit classified files and changes to network shares and permissions, and keep out harmful malware.

Every time new security hardware or applications are introduced to a network, administrators need to monitor their systems for changes that occur as a result. All product installations can cause a chain of reactions that impact the network. Applications can also be misconfigured in ways that directly impede adherence to compliance policies.  It is thus important to monitor all changes for ensured security and configuration compliance. This will help administrators identify who is permitted to make the aforementioned modifications and employ the appropriate personnel to make the necessary adjustments.  Netwrix Server Configuration Change Reporter can be useful here by helping administrators examine system configuration changes in order to stay abreast.

Every company has a very specific auditing procedure, and an even more specific methodology to ensure the execution of that procedure. Any time an important employee leaves a company, they take with them a bevy of information that the remaining employees might not be armed with. In order to ensure that the knowledge lost by way of employee departure does not result in significant change, it is important to monitor the network for unknown events within the impacted system. It is necessary to analyze those changes to decide whether it makes sense to continue upholding the same procedures that were underway when the departed employee was still around, or if that employee’s lost knowledge relegates the practice to impracticality.

Clearly, there are many changes that take place within enterprise networks every day. While all changes are necessary, they do present inherent risks. IT professionals can minimize those risks by auditing all significant events and having a solution ready when threats become evident. What are some changes in IT infrastructure that left your organization at risk for security breaches and failed compliance? How did you resolve those issues, and what could have been done to proactively solve the issue in question?

Stephen is a former Product Manager at Netwrix.