Let’s talk!

Please take a moment to share your details. We will get in touch with you shortly.


Tag: security

Securing IT Infrastructure With Automated Patching Using Ansible

Posted on by Ces_creative

A use case for an open-source tool to reduce cost of managing IT infrastructure security

Proliferation of business systems and technology infrastructure

IT environments are often too complex to manage.  They must be protected from malicious and unintended activities at all times.  Managing IT Infrastructure security requires a broad range of software products and services designed to protect enterprises and employees from the loss or damage to data, applications, IT systems, networks, and devices.  Today, however, businesses no longer run on a unified technology stack (IBM or Microsoft) but use various software – proprietary and non-proprietary – from different vendors.  The rise of Open Source server technologies has allowed companies to shift from exclusive IBM or Microsoft server software to open source technologies such as LINUX.

Limitations of proprietary software

Proprietary software comes with limitations.  Microsoft and IBM offer infrastructure management software for only their products.  These software would come with a price tag yet they may not have the flexibility to interface with non-proprietary software.  Thus, to manage Linux servers we need different software.

The Open Source tool Ansible holds the promise

Ansible is an open-source agentless IT automation platform that allows companies to perform configuration management, application deployment, database patching, intra-service orchestration and many other IT requirements.  Owned by RedHat, Ansible allows companies to conduct multi-tier deployments, define systems for security, and roll out enterprise-wide protocols with ease.  Its functionality can be extended through custom routines/playbooks, to include open source and proprietary server Operating Systems.  The Playbook can be programmed using Python or Shell Scripts.  An organization that uses a mash of technologies would benefit from using Ansible.

Ansible as a tool for Vulnerability Remediation 

Ansible is proven at automating software deployments.  Patching being a type of deployment, it can take advantage of Ansible to integrate and automate different security solutions that investigate and respond to security threats across the enterprise, in an orchestrated and unified manner using modules, rules and playbooks. 

Vulnerability Remediation process involves regular scanning of technology systems to identify new software vulnerabilities, classify, prioritize, and remediate and mitigate those vulnerabilities in a timely fashion.  CES recommends Ansible to manage end-to-end vulnerability management and remediation process.

CES has helped customers leverage Ansible for deploying security patches on its server infrastructure which provided the much-needed flexibility and cost savings.

” Ansible’s Playbook syntax allows companies to define and setup firewall rules, lock down users and groups, and apply custom security policies. “

Ansible – an agentless IT automation tool that is flexible and cost-effective

The best method for patching with Ansible is to leverage WSUS (Windows Server Update Services) and Active directory GPOs (Group Policy Objects) in conjunction with an Ansible controller.  The Windows WSUS server pulls down updates to local storage on the WSUS server.   Active Directory GPOs can be configured so that clients can pull updates from WSUS server instead of external Microsoft sources.  This approach saves a great deal of bandwidth.  Other advantages of using WSUS include its advanced reporting features and the Web interface which allows for selective update approvals.  Once the updates are configured by GPO, the updates are then managed and applied to systems by Ansible.

The automation process with Ansible for Vulnerability Remediation and Patch Management Services includes:

  • Following Microsoft Patch Tuesday routine
  • Approving updates in WSUS
  • Creating Chocloatey packages
  • Running Ansible playbooks to install updates and packages on test environment
  • Testing and certifying patches
  • Researching unknown issues
  • Creating playbooks for vulnerabilities and configuration changes
  • Tracking long-tail patches and updates that aged more than 30 days
  • Upgrading legacy/out-of-life-cycle software
  • Deploying Windows security updates, non-security updates, service packs, rollup updates, and feature packs on Production environments.

There are additional benefits that Ansible offers.  It automates cloud provisioning, configuration management, package management, application deployment, self-service gateways, intra-service orchestration, and many other IT needs.  Utilizing Ansible, infrastructure security could be seamlessly integrated as part of the overall infrastructure operations and risk management processes. For more information or to have a conversation on how CES can implement Vulnerability Management and safeguard your environment from cyber-attacks, please contact us at sales@cesltd.com.  You may also be interested in our other Cybersecurity  blog —https://cesltd.com/protect-your-digital-assets-from-cyber-threats-with-vulnerability-management/

Protect your Digital Assets from Cyber Threats with Vulnerability Management

Posted on by Ces_creative

Proactive vulnerability management is a must for any business that handles customer data

Safeguarding an organization’s digital vaults

Every organization takes relevant measures to keep their systems and data safe from cyber threats. However, the digital age comes with its own set of challenges and vulnerabilities.  It is not easy to judge how far hackers and cyber miscreants would go to breach the corporate information networks.  These threats could be directed from outside or even inside the organization.  Many times, an innocent unmindful act by a new employee turns out to be very harmful.  

Can we bullet-proof the corporate networks?  What if something was overlooked that left open a gap for cyber-attacker to make in-roads into the business systems? 

Repercussions of a security breach

The impact of a security breach could be far-reaching.  A business revolves around data from and about its customers.  The customer data could have Personally Identifiable Information (PII) or HIPAA related protected information.  Protecting that data is the number one priority of a business to maintain trust with the customer.  Therefore, it is vital that an organization’s digital vault is always guarded, as a breach of private data can negatively impact business credibility.  It may even lead to punitive damages or regulatory fines. 

A system break-down due to a virus attack on the other hand can cause business downtime impacting internal productivity and external sales resulting in financial loss. This simply would double the time and cost involved in reinstating security measures, along with the cost incurred due to lost business, and unwanted panic in the process of bouncing back. The situation calls for proactive measures to protect the digital vaults by enhancing cyber security and related processes.

” A breach in IT security can raise eyebrows on business credibility “

Ways to take on security breaches

One can turn a blind eye to this ever-looming danger of information security breach or burry our heads in the sand like an ostrich and believe that a breach won’t happen to their networks. Purchasing insurance coverage is another solution for protecting against the fallouts from cyber-attacks.  However, a more holistic and proactive approach is called for to protect the overall digital infrastructure of a company.

A preventative solution for vulnerabilities in IT security

CES recommends a proactive and preventative approach to managing vulnerabilities.  Securing the network perimeter, keeping end-point devices patched, and setting up clear access protocols are a must to shield data repositories from infiltrators.

There are two sides to this approach:

  • Technology Focused
  • Process Focused

Technology Focused

The technology focused approach requires the organization to identify, prioritize, and remediate known vulnerabilities that can be exploited by cybercriminals to gain access to applications, systems, and data.  Regular scheduled scanning of IT infrastructure helps find and fix vulnerabilities.   

” Proactive vulnerability scanning, assessment and remediation protects the IT infrastructure against perennial cyber-attacks. “

Identifying, quantifying, and prioritizing security vulnerabilities in an environment can be difficult without proper methodology, skills, and toolsets.  A customized Vulnerability Assessment approach tailored for the specific needs of the organization helps manage vulnerabilities.  The approach should involve:

  • Asset Discovery
  • Vulnerability Scanning
  • Vulnerability Assessment
  • Vulnerability Remediation

The process involves taking stock of the infrastructure assets (Asset discovery) like servers, desktops, laptops, OS, applications, databases, etc.  This inventory database must be updated every time new systems are added, or existing systems are removed from the environment.

A good vulnerability management approach includes continuous 24/7 monitoring and integration with patch and configuration management. Ability to assess the scan reports and spot missing patches, errors, and weaknesses in system configuration settings, and general deviations from policy are also part of this approach.

Vulnerability Remediation would involve activities like Patch Management which is the process of packaging and deploying the required security patches to targets requiring remediation.  Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time and allow hackers or DDoS attacker to creep in through hidden backdoors.  Necessary processes should be in place for routine deployment as well as emergency patch deployment.

” Information Security should be an important part of the overall corporate risk strategy. “

Process Focused

Despite the best measures taken to secure IT infrastructure and prevent cyber-attacks, there is a human element where an error can take place.  The mistakes could be mischievous or unintentional.  There are processes and best practices that can be institutionalized to prevent such incidents.  We will discuss the processes and best practices in a different blog but some of these are: Guidelines for strong password, Multi-level user access, separation of authority, etc.

Information Security

As IT moves towards becoming a utility and is increasingly being delivered from the cloud, businesses must invest in proactive Vulnerability Management.  It should be part of the digital culture of a modern enterprise.  The cost of Vulnerability Management should only be seen as a small insurance premium for the peace of mind of business stakeholder.  Information Security should be an important part of the overall corporate risk strategy. For more information or a conversation on how CES can implement Vulnerability Management and safe-guard your environment against cyber-attacks, please contact us at sales@cesltd.com.