Avoid Security Blind Spots and Vulnerabilities with Configuration Auditing

A recent market report produced by the Enterprise Strategy Group (ESG) details the IT security industry’s evolution over the past decade from the introduction of network access control (NAC) to what ESG now sees as Endpoint Visibility, Access, and Security (EVAS). One key component of EVAS is continuous monitoring, such as that provided by system-wide configuration auditing.

According to the ESG report, the need for EVAS is largely due to the increasing complexity of IT infrastructures, including the explosion of end-user devices and device types, mobile computing, and corporate BYOD policies (or the lack thereof). The report author, Jon Oltsik, writes on his blog, “EVAS is actually a superset and evolution of Network Access Control (NAC) with greater functionality and intelligence.”

That notion of intelligence is key—and is exactly what proactive configuration auditing provides. In the study, Oltsik writes, “In an endpoint security context, the security team has to understand the devices, configurations, applications, and activities connected to the network at all times in order to address risk and prevent, detect, and respond to security incidents. Unfortunately, many organizations don’t have this level of endpoint visibility today, creating blind spots and vulnerabilities.” Organizations that practice effective configuration auditing, however, can avoid these blind spots.

The report also raises the issue of compliance, pointing out that “the U.S. Federal Government now demands continuous monitoring as a risk management requirement as part of the Federal Information Security Management Act (FISMA).” As research for the study, ESG conducted a survey of security professionals. When asked about the biggest security management challenges, budget constraints (50%) and lack of executive support (18%) were some of the cited factors—which is surprising, considering the liability issues a company could face due to a security breach.

For the same question, respondents ranked high the responses “Security team spends too much of its time reacting to problems and not enough time with proactive security management or strategic planning” (30%) and “Too many security tools” (23%). Taken together, these two responses seem like a great business case for implementing a solid configuration auditing solution that can provide all-in-one visibility across your infrastructure and the intelligence to give proactive information about threats.

Clearly, configuration auditing should be a key piece of the IT security picture. But security is only one piece of what configuration auditing provides. (See “Top 5 Reasons for Configuration Auditing Your IT Environment” for additional benefits.) So, have you implemented a configuration auditing solution in your environment, and if not, what’s stopping you?