Understanding and Preventing Configuration Drifts

Careful management of the configuration of the infrastructure components of any business or organization is vital to security, compliance, and business continuity. According to recent statistics, approximately 1 in 8 breaches result from errors such as misconfigured cloud environments, and security misconfiguration ranks #5 on the OWASP list of the top 10 web application security risks.

What does configuration drift mean?

A practical configuration drift definition is that any system configuration will, over time, diverge from its established known-good baseline or industry-standard benchmark. While minor drift might not cause issues, the reality is that even one misconfigured setting can expose the organization to data breaches and downtime, so the more severe configuration drift, the higher the risk.

What causes configuration drifts?

More often than not, drift is the result of administrative users making changes to the system. Causes behind configuration drift include:

  • Software patches: Applications, operating systems and networks frequently require patches for regular maintenance or to resolve an issue. However, these software or firmware patches can also cause configuration changes that might go undetected.
  • Hardware upgrades: As businesses grow, so do their IT infrastructures. Hardware upgrades can lead to changes in configuration both at the hardware and software levels.
  • Ad-hoc configuration and troubleshooting: Each day, organizations deal with tens or even hundreds of events that require quick fixes to a network, operating system or applications. Though these quick fixes solve the problem at hand, they can involve configuration changes that hurt security.
  • Unauthorized changes: All modifications should be made based on an approved change request. Any unauthorized change could compromise the availability, performance or security of your IT systems.
  • Poor communication in IT: Configuration drift can also occur when one IT team makes a change but does not inform other teams about it, or when team members don’t exactly know which configuration states are standard and approved.
  • Poor documentation: If configuration changes are not properly documented, team members may not be able to determine whether systems are properly configured.

Tips for avoiding configuration drifts

NIST Special Publication 800-128 offers guidance for avoiding configuration drift. Here are some of the key recommendations:

1. Implement continuous monitoring and regular audits

Auditing the configuration of your systems on a regular basis is a good start. But even if you review them once a week, that’s still more than enough time for a misconfiguration to lead to a breach, downtime or a compliance violation.

Therefore, it’s imperative not only hold regular audits but to monitor configuration changes continuously. That way, improper modifications can be corrected immediately. In addition, be sure to hold audits when new devices are added or ad-hoc changes are made.

2. Automate processes

Manual review of system configurations is slow and error-prone, so misconfigurations may not be detected promptly, or at all. With attackers ready to exploit the slightest misstep in security, manual processes just won’t cut it.

Consider investing in a configuration management tool that automates the process of finding configuration gaps. It should be able to scan all network devices and applications, spot any configuration changes, and notify the security team. Some automated tools can even be set up to revert the changes and restore a known-good configuration.

3. Use a repository of benchmarks and baselines

Establishing baseline configurations can save time and avoid confusion. Your teams can quickly determine whether configuration drift has occurred and restore your systems to their intended state.

Consider using benchmarks from industry leaders like CIS or NIST to build your baselines. Some configuration management tools provide templates to simplify this process. Be sure to review and update them regularly, especially when there are changes to your IT environment or applicable regulatory mandates.

4. Standardize configuration change management

Implementing rigorous change management, tracking and analysis is vital to IT security and availability, and configuration changes should be included. Controlling configuration changes as they happen helps prevent configuration drift and the associated risks. Documentation is vital to change management. Any configuration change should be documented and communicated using standard protocols set by the enterprise.

How Netwrix can help?

When it comes to the security of your enterprise assets and software, you can’t afford to leave anything to chance. Netwrix Change Tracker scans your network for devices and helps you harden their configuration with CIS-certified build templates. Then it monitors all changes to system configuration in real time and immediately alerts you to any unplanned modifications.

 

If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.

Content curated by the team of COMPUTER 2000 on the basis of marketing materials provided by our partners/vendors.

 

Follow us to learn more

CONTACT US

Let’s walk through the journey of digital transformation together.

By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

2 + 10 =