Security Configuration Management Fast Facts

While patch management has received most of the press lately, a fully patched machine is not a secure machine.

According to Gartner, “Over 98 percent of attacks exploit misconfigured systems, and only 30% exploit known vulnerabilities where there's a patch out."

Additionally, according to the 2008 Verizon Data Breach Investigation Report, “In the more successful breaches, the attacker exploited some mistake committed by the victim, hacked into the network, and installed malware on a system to collect data. 98% of all records breached included at least one of these attributes.”

Bottom line: configure machines securely, enforce these configurations continuously and risk drops down significantly.

Bottom line savings

• Reduced support costs based on securely configured desktops and servers
• Accelerated and coordinated deployment of new applications, updates and patches

Security benefit

• Reduce risks with a conservative configuration (stacking risk)
• facilitate audit processes with compliance validation and reporting

Operational benefit

• Streamline change control processes through prioritization
• Security policy requirements; severity scoring; asset criticality

Case study highlight

IT staff of a federal agency can enforce policies against the use of USB drives, leveraging granular visibility - down to specific serial numbers of each drive, validating FDDC compliance for thousands of computers - in real time.

Contact us