Enforcement of a broad server hardening baseline is the direct responsibility of the IT security team. Unlike other security tasks, enforcing a server hardening baseline requires mutual effort from the operations and the security teams. The individual goals of these two groups are often misaligned, thanks to its conﬂicting responsibilities. The result is what industry analysts term it as the “SecOps gap,” wherein poor collaboration between these two groups results in unhardened, vulnerable servers.
Security teams are under intense pressure to show compliance with the common security benchmarks and regulatory standards such as PCI DSS, HIPAA, SOX, etc. Security and compliance are reported to the board of directors and aren’t a recommendation anymore. It has been proven that in many cyber incidents, servers which are not properly hardened were a key attack vector. Although server hardening is a priority most of the organizations are struggling to achieve a reasonable compliance score with the leading server hardening benchmarks.
It is the CISO’s responsibility to determine a server hardening policy, but most importantly he must ensure that the policy is continuously enforced. The dependencies between the security and operations teams make it challenging to achieve, maintain and show the state of compliance with the organizational baseline.
CHS for Microsoft OMS is a server hardening automation solution designed to address the needs of security and operations teams.
CHS significantly raises the server’s hardening and compliance posture. Once in compliance, the baseline is enforced in real time in order to maintain continuous compliance with the organizational policy.