CISA와 NSA에서 상위 10개 사이버 보안 구성 오류에 관해 공개: Tenable이 도움되는 방법
The NSA and CISA have released a joint cybersecurity advisory discussing the top 10 most common cybersecurity misconfigurations, and outlining ways to mitigate them. Read this blog to learn more and see how Tenable technologies can help discover, prevent and remediate these misconfigurations.
Background
On October 5, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) published a joint cybersecurity advisory to highlight the most common cybersecurity misconfigurations. In particular, the advisory calls out the tactics, techniques and procedures (TTPs) actors use to compromise a network, as well as recommended mitigation strategies.
Top cybersecurity misconfigurations
The agencies identified the following 10 most common network misconfigurations:
- Default configurations of software and applications
- Improper separation of user/administrator privilege
- Insufficient internal network monitoring
- Lack of network segmentation
- Poor patch management
- Bypass of systems access controls
- Weak or misconfigured multifactor authentication (MFA) methods
- Insufficient access control lists (ACLs) on network shares and services
- Poor credential hygiene
- Unrestricted code execution
As stated in the joint advisory, these common misconfigurations depict systemic vulnerabilities within the networks of many large organizations and showcase the need for software makers to embrace secure-by-design principles .
CISA and NSA urge network defenders to remove default credentials, deactivate unused services, ensure systems are updated regularly, prioritize patching of high risk vulnerabilities and properly manage admin accounts and privileges.
How Tenable can help to identify the top misconfigurations
These misconfigurations are present in many organizations today, both in the private and public sectors. This advisory underscores the fundamental need for organizations to have good cyber hygiene that addresses misconfigurations and vulnerabilities. According to the Center for Internet Security (CIS), almost all successful attacks exploit “poor cyber hygiene”. As organizations discover and fix vulnerabilities and misconfigurations, maintain good administrative and configuration practices, and keep track of vital assets, they reduce and eliminate attack vectors used by threat actors.
The Tenable One Exposure Management Platform extends beyond traditional vulnerability management and foundational cyber hygiene to include data about misconfigurations, vulnerabilities and attack paths across a spectrum of assets and technologies -- including identity solutions, cloud configurations and deployments and web applications.
Tenable solutions that are part of Tenable One can help organizations prevent, discover and remediate misconfigurations. As we review the list of misconfigurations discussed in the advisory, our identity exposure management solution, Tenable Identity Exposure, helps secure identities, one of the most common attack vectors that attackers exploit. Tenable Identity Exposure monitors several critical misconfigurations identified in the list from CISA and NSA, including: Improper segmentation of admins and user privileges; weak or misconfigured MFA controls in Entra ID; and poor credential hygiene including the use of compromised or weak passwords.
Tenable One adds the ability to quickly discover out-of-date software, detect misconfigurations based on industry compliance standards, and obtain a deeper understanding of the network segmentation and devices that reside on the same or adjoined networks. The attack path analysis capabilities within Tenable One combine device identification, network segmentation, detection of device or service vulnerabilities, and visibility into directory services to enable users to quickly identify vulnerable attack surfaces within their environments. A topology or node view can be used to identify attack paths from start to finish. It outlines vulnerable servers, web applications, and services that may be exposed to the internet. It also shows how they can become a foothold through the use of exploitation techniques or exploitable vulnerabilities allowing attackers to move laterally or escalate privileges through the network.
자세히 알아보기:
관련 기사
Cybersecurity Snapshot: CISA Shines Light on Cloud Security and on Hybrid IAM Systems’ Integration
March 15, 2024Check out CISA’s latest best practices for protecting cloud environments, and for securely integrating on-prem and cloud IAM systems. Plus, catch up on the ongoing Midnight Blizzard attack against Microsoft. And don’t miss the latest CIS Benchmarks. And much more!
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
February 1, 2024The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security.
Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more
December 29, 2023The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!
Cybersecurity Snapshot: Latest MITRE ATT&CK Update Offers Security Insights on GenAI, Identity, Cloud and CI/CD
April 26, 2024Check out what’s new in Version 15 of the MITRE ATT&CK knowledge base of adversary tactics, techniques and procedures. Plus, learn the latest details about the Change Healthcare breach, including the massive scope of the data exfiltration. In addition, why AI cyberthreats aren’t impacting CISOs’ budgets. And much more!
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor
April 25, 2024Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances.
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
- Active Directory
- Attack Surface Management
- Cloud
- Compliance
- Exposure Management
- Security Frameworks
- Vulnerability Management
- Active Directory
- Center for Internet Security (CIS)
- Exposure Management
- Federal
- Government
- Security Frameworks