EC Cloud

Automation's Role in Continuous System Hardening

Written by Billy McCaw | Dec 23, 2021 8:03:35 AM

It has been established that system hardening secures you from future threats. Now, let us see how automation can help you in continuously hardening it. 

How to tell the difference between known and conditional vulnerabilities
Our systems are protected against "known vulnerabilities" by using a vulnerability management solution (CVEs). We use an SCM solution when we need to protect our systems from "conditional vulnerabilities." If we don't automate these efforts, we'll soon find ourselves back at square one.

Drift in Configuration
Configuration drift occurs if we verify the configurations of all of my doors and windows but have no method of knowing when the condition has changed, like in our house analogy.

We open the fire escape window to water our potted hydrangea, but then we forget to close it. In the same way, drift in the configuration. We enable Telnet to update a server and then forget to turn it off. 

Hardening a System Using Automated Methods
Using a house analogy to illustrate the importance of automation might be a flawed one. One-person households are the norm for the majority of individuals. The truth is that most companies have hundreds, if not thousands, of servers and other devices in their data centres. An infinite number of attack surfaces and beachheads are at hand. How do we win a battle like this?

It's not enough to simply create procedures to assess states across this wide range of objectives, but also to allow for the constantly changing variables that characterise risk.

We're in an area where a leafy maple in the backyard has grown a strong, substantial branch that's close enough to an upper bedroom for a tall burglar to reach. Why continue inspecting the old kitchen window every day rather than painting and shutting it down years ago?

Real-time agents, more effective scanning algorithms that are conscious of network restrictions, and ways to avoid "mega scans" have been created as a result of the necessity for current "state" information.

Distinguishing Security Equipment
Information security systems must be able to communicate with one another to achieve "continuity." Here are a few examples of how this can be applied:

Vulnerability management (VM) solutions are able to quickly identify previously unknown systems that are likely to be unsafe. The VM system can alert the SCM system and request an on-site configuration assessment if one of these issues is found.
SCM systems are extending to categorise assets based on business unit, owner, critical application, and even the type and sensitivity of data kept on the system. Using this knowledge, they may manage and prioritise their own risks, but it can also be used to prioritise remedial operations.
"Why is the 'Telnet should not be enabled' test suddenly failing?" is a common question for SIEM systems, which apply real-time threat intelligence models in both scenarios.


The only sensible answer to compliance, security, and configuration management concerns is going to be automation. There must be a readiness to use automation whenever possible as part of system hardening. Information systems can no longer be hardened by discrete, compartmentalised systems in the face of rapid change.

The first, greatest, and often final line of defence is security configuration and vulnerability management solutions.