With an ever-increasing number of threats, it is vital to target the ones that may pose the biggest risk to networks first. Determining which ones are most critical, is the challenge.
Recently the Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency (NSA) released an advisory highlighting the top ten cybersecurity misconfigurations. This advisory serves as a useful starting point for any network audit and not only highlights the top ten misconfigurations but also provides advice on how to remediate them. The top ten misconfigurations are:
- Default configurations of software and applications
- Improper separation of user/administrator privilege
- Insufficient internal network monitoring
- Lack of network segmentation
- Poor patch management
- Bypass of system access controls
- Weak or misconfigured multifactor authentication (MFA) methods
- Insufficient access control lists (ACLs) on network shares and services
- Poor credential hygiene
- Unrestricted code execution
NSA and CISA also recommend validating security programs against the MITRE ATT&CK framework to assess how they perform against the techniques described in the advisory.
Although many organizations will have many of these misconfigurations within their networks, the advisory emphasizes the importance of identifying and remediating critical vulnerabilities first. Finding and fixing the most critical vulnerabilities reduces the attack vectors that can be used and CISA has often highlighted the importance of addressing those vulnerabilities which are known to be actively exploited.
“...less than 4% of all known vulnerabilities have been used by attackers in the wild. Rather than have agencies focus on thousands of vulnerabilities that may never be used in a real-world attack, BOD 22-01 shifts the focus to those vulnerabilities that are active threats.” CISA
By looking at active threats and the techniques used, it highlights the vulnerabilities that should be addressed. For example, ransomware is often used to enable lateral movement through the network and privilege escalations as part of an attack. So a lack of effective network segmentation would make networks even more vulnerable to this type of attack.
The advisory also highlights the importance of doing more than NVD checks – patch management is just one of the ten on the list. Patching software is an important part of network security, but you can’t patch your way out of a misconfiguration. If you have a weak user profile, no amount of patching will fix that issue – it will require a different kind of remediation. But identifying all of these misconfigurations can add more work to already busy teams.
Taking a risk-based approach to vulnerability management
Any detailed audit might throw up a large number of misconfigurations which could be vulnerabilities within the network. To fix all of them takes time, but some of these carry a low risk of ever being exploited. Knowing that there are not the resources to address everything, it’s important to address these in a risk-prioritized way. Choosing to prioritize remediation of vulnerabilities known to be used in industry-specific attacks in the wild, teams can reduce the risk of an effective attack.
By mapping the vulnerabilities onto a MITRE ATT&CK dashboard and using this to view your risks from an attacker’s perspective, the dashboard could show how the network would most likely be attacked by threat actors, actively targeting your organization’s industry, and where the network is vulnerable to attack, thus giving you the priorities for remediation.
How Nipper and Nipper Enterprise can help
Providing a fast, accurate and complete view of misconfigurations, Nipper software offers a unique capability to give you an inside out view of your security and compliance vulnerabilities across your routers, switches and firewalls, including some of the misconfigurations highlighted in the top 10 list from CISA.
Checking configurations and ensuring that they are hardened in accordance with vendor hardening and network infrastructure hardening best practices is a fundamental part of the security checks that Nipper and Nipper Enterprise can carry out.
Where other tools focus on firewalls only – Nipper and Nipper Enterprise automate the accurate assessments of switch and router security and compliance as well. These devices are especially important for Zero Trust network segmentation, which assumes the perimeter has been breached. Furthermore, as 80% of all network traffic is inside the perimeter, switches and routers, when configured correctly, play a fundamental role in preventing lateral movement across the network.
Nipper Enterprise can then carry out a deep analysis which maps these checks to a MITRE ATT&CK dashboard, allowing you to see where the risks are across your network, rather than leaving you swimming in a sea of misconfigurations. And by understanding where vulnerable devices sit on the network through automatic labelling, Nipper Enterprise can determine which of the top 10 misconfigurations carry the most risk to your network, thereby adding a layer of risk-prioritization that is vital to improving and streamlining remediation workflows.
Request a demo
If you would like to see for yourself how Nipper and Nipper Enterprise can help address these top ten misconfigurations, then request a demonstration today.