By Roy, on January 23rd, 2017

Today’s internal security threat landscape is rapidly changing. Overcoming the threats related to the basic assumption that the attacker has already penetrated our premises is extremely challenging.

Both CIS/SANS 20 security controls and the NIST cyber security framework recommend, that once a new server or application is installed or updated , the most important security control is to configure them with a descent security policy and ensure continuous adherence with this policy.  This means hardening the servers in real-time.

Why hardening servers with a “weak” security policy is not enough?

Hardening benchmarks for OS and applications such as CIS/MSFT SCM provide a list of few hundred objects that should be hardened. It is common to see organizations which enforce only a couple of dozens of this recommended policy objects. The reason for choosing a “weak” security policy is the fear of experiencing a conflict between a security setting and the servers operations. Although IT teams might think that they are secure after enforcing this “weak” security policies we have to remember that all the objects that weren’t hardened are live vulnerabilities in the infrastructure. Vulnerabilities and security flaws resulted of misconfiguration will most likely be found by either an auditor or in a worth scenario by an attacker.

What is real time server hardening and why it is critical for warding off targeted attacks?

Attackers are looking for systems that have default settings that are immediately vulnerable. Once an attacker exploits a system, they start to look for vulnerable configuration or to make changes to the current configuration. The goal is to gain access to data and/or get privileged users’ credentials. These two reasons are why server hardening is so important. By hardening the servers in real-time you are preventing the potential configuration changes and receive alerts of any attempt to make an unauthorized change, this way attacks are stopped and compliance is maintained over time. Unlike detective and corrective methods of identifying a configuration change and notifying about a potential attack, a real-time preventive approach is beneficial both from a security and operations perspective.

By hardening all servers with standard benchmarks  organizations dramatically improve the server security level and reduces the overall attack surface.

CalCom Hardening Solution (CHS) for Microsoft OMS is a server hardening automation solution designed to reduce operational costs and increase the server’s security and compliance posture. CHS eliminates outages and reduces hardening costs by indicating  the impact of a security hardening change on the production services. It ensures a resilient, constantly hardened and monitored server environment.