Default title

UNCONTROLLED CHANGE IS THE ANTITHESIS OF SECURITY

EASY TO UNDERSTAND, HARD TO IMPLEMENT

Effective SMB Change Management is a rare beast. Most client organizations don't demand change management procedures until after a series of troubling failures has soured a relationship. Many Managed Service Providers (MSP's) don't introduce the topic early in the life of an organization as it increases management costs. MSP's rarely monitor system changes to ensure that undocumented changes aren't being made by well meaning consultant. While loose change management policies increase management efficiencies in the short term, they create long term problems that are best avoided.

POOR CHANGE MANAGEMENT DOCTRINE INEVITABLY LEADS TOWARDS UNDOCUMENTED OR ILL-DOCUMENTED DESIGNS.

From a security perspective, loose change management policies create situations where originally secure and well documented designs are slowly eroded into grotesque shapes of random and varied security protections. The attack surface of such systems are very hard to define as protection and stability vary from system to system. It is likely that with this much variation something is going to slip between the cracks and create a security compromise, it is also likely that it will not get noticed till after damage has occurred.

Bringing systems like this back from the brink is something that we have had ample experience doing. Correcting problems that were created through improper change management procedures and officially documenting required design exceptions is the type of valuable work that is covered wholly under our Flat-Rate Managed Services plans.

RECENT THREAT POSTS

- Nate Nelson
Link Found Connecting Chaos, Onyx and Yashma Ransomware
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
- Sagar Tiwari
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
- Elizabeth Montalbano
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.
- Sagar Tiwari
Fronton IOT Botnet Packs Disinformation Punch
Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.
- Threatpost
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.
- Elizabeth Montalbano
Snake Keylogger Spreads Through Malicious PDFs
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
- Threatpost
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 
- Elizabeth Montalbano
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
- Elizabeth Montalbano
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
- Nate Nelson
DOJ Says Doctor is Malware Mastermind
The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

Archives

Leave a Reply

Your email address will not be published.

15 − 6 =