How Is Your Enterprise IT Hygiene?

We’re hearing a lot these days about the need for strong and consistent enterprise IT hygiene in cybersecurity. Good. What is that, anyway? An IT hygiene definition should start with the meaning of “hygiene,” which comes from the Greek “hygieine techne.” It means “the healthful art,” Enterprise IT Hygiene is crucial if you want to maintain a good security posture.

What is IT hygiene?

Hygiene in human beings refers to staying clean and doing regular healthy activities, like brushing your teeth and washing your hands, to avoid getting sick or infecting others. With computers, which we have anthropomorphized to a great extent, we apply the concept of hygiene to tasks like cleaning memory caches and defragging hard drives. Just as brushing your teeth keeps you from developing cavities,a defragment disk keeps your device “healthy” and running well.

IT hygiene vs. cyber hygiene

Basic IT hygiene is about making sure that systems run well. It’s about ensuring high availability and data with integrity. Cyber hygiene applies the concept of hygiene to security processes like running virus scans and rotating passwords, keep IT free from “infection” by malware or other pathogen-like entities like APTs.

Most security countermeasures have an associated cyber hygiene practice. Examples of sticking to a healthy security routine include:

  • Patching — if you have a policy of patching (and you should), it’s a good idea to make patching a regular practice, a sort of “wash your hands before you eat” thing where you never wait too long to apply a patch.
  • Endpoint protection — It’s not enough to define a policy of endpoint protection but then follow through on enforcement inconsistently. Endpoint protective measures can degrade easily, leaving end users vulnerable to attacks which can then spread across the network as attackers move laterally. It’s essential to make the execution, audit and remediation of endpoint protections a recurring process.

Controls only work if they’re constantly being checked to ensure they’re performing their designated tasks. For example, you may have a control declaring that user accounts must be deleted after the user leaves the organization. However, unless you check on a regular basis, you will almost certainly have “ghost users” who make you vulnerable to cyber security attacks.

Attackers use attack techniques and methods that circumvent  most cyber defenses, often by employing legitimate tools and leveraging real user behavior. This is why thinking that only cyber hygiene has impact on the security posture is partially right,   left unchecked, it promotes a paradise for attackers.

How automated red team  testing helps with both cyber and IT hygiene

IT hygiene affects everyone in an organization. IT has its share of responsibilities. SecOps does as well. Every employee has certain IT hygiene duties, too, like not leaving passwords written on post-it notes and so forth. How will you ever know if everyone is doing their part? How will you know that certain IT practices create holes for attackers to move laterally in the organization?  Automated testing processes can help a great deal.

Automated red team testing, for example, lets you see for yourself if people are not following the IT hygiene routines as recommended. An automated red team test uses software to simulate a cyber attack. It probes your network and devices, looking for security holes it can exploit to move throughout your organization. Examples include unpatched servers and misconfigured firewalls. Sophisticated automated red teaming, can even spot subtle and easy-to-miss problems like cached passwords to privileged accounts, administrative sessions where the user has gone but left the connection open, misconfigurations and IT issues in general.

The threats never stop evolving. Automated testing is one of the most effective ways to maintain a constant vigil on IT and cyber hygiene practices. It is also handy for reporting on issues that arise in the testing process and for providing prioritized, simple-to-follow remediation, increasing significantly the security posture and IT hygiene of the organizations.

New call-to-action