Default title

UNCONTROLLED CHANGE IS THE ANTITHESIS OF SECURITY

EASY TO UNDERSTAND, HARD TO IMPLEMENT

Effective SMB Change Management is a rare beast. Most client organizations don't demand change management procedures until after a series of troubling failures has soured a relationship. Many Managed Service Providers (MSP's) don't introduce the topic early in the life of an organization as it increases management costs. MSP's rarely monitor system changes to ensure that undocumented changes aren't being made by well meaning consultant. While loose change management policies increase management efficiencies in the short term, they create long term problems that are best avoided.

POOR CHANGE MANAGEMENT DOCTRINE INEVITABLY LEADS TOWARDS UNDOCUMENTED OR ILL-DOCUMENTED DESIGNS.

From a security perspective, loose change management policies create situations where originally secure and well documented designs are slowly eroded into grotesque shapes of random and varied security protections. The attack surface of such systems are very hard to define as protection and stability vary from system to system. It is likely that with this much variation something is going to slip between the cracks and create a security compromise, it is also likely that it will not get noticed till after damage has occurred.

Bringing systems like this back from the brink is something that we have had ample experience doing. Correcting problems that were created through improper change management procedures and officially documenting required design exceptions is the type of valuable work that is covered wholly under our Flat-Rate Managed Services plans.

RECENT THREAT POSTS

- Elizabeth Montalbano

Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.

- Lindsey O'Donnell

Even seeing data breaches in the news, more than half of consumers are still reusing passwords.

- Tara Seals

A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.

- Lindsey O'Donnell

Attackers used malicious Excel 4.0 documents to spread the weaponized NetSupport RAT in a spear-phishing campaign.

- Tara Seals

The meal-kit company's customer records were leaked as part of the Shiny Hunters breach.

- Tara Seals

An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal.

- Lindsey O'Donnell

Government and air transportation companies in Kuwait and Saudi Arabia were targeted in a recent attack tracked back to the Chafer APT.

- Chris Calvert

Looking for niche anomalies in an automated way with AI and machine learning is the future.

- Lindsey O'Donnell

Cisco has fixed a critical remote code-execution flaw in its popular customer interaction management solution.

- Tara Seals

The malware-as-a-service is advanced, obfuscated and modular -- and built for mass campaigns.

Archives

Leave a Reply

Your email address will not be published. Required fields are marked *