In todayโs fast-paced cyber threat landscape, itโs more critical than ever to tightly manage your organizationโs security stack. Yet a surprising number of organizations, large and small, are still struggling to do this effectively. In this article, we explore the problem of security stack vulnerabilities and misconfigurations, as well as the underlying causes and impact.
Also Read:ย Zero Trust in the Cloud Era: Securing Hybrid and Multi-Cloud Environments
First, letโs talk about why this has become such a pervasive problem. Cyber attacks have been happening for quite a while now, affecting organizations of all sizesโfrom Mom-and-Pop businesses to large enterprises and governments. But whatโs changed in the last five years is the pace, scale and impact of these attacks. For example, in recent years, multiple hospitals have been hit by ransomware, threatening actual lives. Weโve had a gas pipeline shut down, and utilities and telecommunications providers have compromised and in some cases, we are still unraveling the full extent of the damage (and we may never know).
Generative AI has poured gasoline on the fire, enabling skilled attackers to reduce the time and effort it takes to launch attacks while improving their targeting and sophistication of phishing and social engineering techniques. It has also made it even easier for less-skilled threat actors and groups to enter the cybercrime game and unleash commoditized but sophisticated malware via Ransomware as a Service (RaaS) platforms.
In addition to the threat landscape, another major reason why organizations are falling behind is in the complexity of managing their security stacks. There is a plethora of cybersecurity products on the market, many claiming to be the โmagic bulletโ that will stop cyber-attacks in their tracks. As a result, organizations are managing dozens of security tools to attempt to prevent successful attacks on their systems. Each tool offers a variety of configuration options and capabilities, creating a level of complexity that is tough to manage and prone to human error. Cybersecurity product vendors have a tough job to balance providing advanced capabilities without creating too much complexity. Enter into this environment the concept of change: even if your organization has a perfect configuration today (very unlikely) a simple unintended change could wreak havoc on your security posture.
In order to illustrate further, letโs explore a few real-world examples.
The first one was encountered a few years ago by a team who worked on an Incident Response/Forensics engagement for a mid-sized business. The business had several solid security tools in place, including an advanced endpoint security solution. During the investigation, the team reviewed the attack chain and evidence and determined that the attack could have been prevented had the business enabled a common (and vendor recommended) setting. Instead, the business was severely impacted and spent thousands of dollars to investigate, remediate and return to normal operations.
Another recent example occurred in late 2024, when several thousand firewalls from an enterprise-grade vendor were compromised by malicious threat actors. The vulnerabilities were able to be exploited because the firewall configurations did not restrict web management traffic to specific, authorized IP addresses. This is a common issue, as firewalls sometimes have dozens of rules and configuration options. A simple change can have unintended consequences, and it happens more often than you might think, especially in organizations managing multiple firewalls.
Yet another example was uncovered during a recent penetration test. During the initial reconnaissance phase of the internal portion of test, a firewall with a default administrator command line interface (CLI) login credentials was discovered. To gain full administrator access, the team had only to login via Secure Shell (SSH). In this case, firewalls for this customer were managed by a Managed Security Service Provider (MSSP) responsible for managing thousands of firewalls for their customers. Despite their playbooks and procedures, they missed a critical hardening requirement for this device, resulting in a complete takeover of the device. This firewall had full packet capture and decryption capabilities, enabling the team to intercept sensitive network traffic.
All this to say, there is no all-encompassing โeasy buttonโ to solve this challenge, however there are some basic best-practices that can help, and there is hope on the horizon in the form of emerging technology solutions purpose-built to solve this challenge.
As mentioned earlier, AI has caused a ramp-up in attacks and made it easier for malicious threat actors to launch attacks. While true, AI is a double-edged sword, and there are new AI-powered solutions that harness AI for good and can help organizations to better manage their security stack to prevent attacks and ensure they get the most from their security spend. This class of solutions holds the promise of helping security teams optimize their security stacks, prevent vulnerabilities and misconfigurations, and focus their attention where they can provide the most benefit to reducing risk to the organization.
Read More onย CIO Influence:ย AI-Augmented Risk Scoring in Shared Data Ecosystems
Below are just a few best practices to help you get started on tackling this issue:
- Appoint a senior security engineer to lead configuration assurance for your security stack
- Regularly reporting to IT/cybersecurity leadership on key metrics
- Robust change and configuration management with strict tracking/accountability
- Regular configuration reviews of security stack tools (preferably automated/continuous)
- Daily review/alerting for security vulnerabilities in security stack tools
- Automated, continuous attack surface vulnerability scanning and alerting
- Follow least privilege and minimize open ports and protocols
- Ensure staff are fully trained on all security stack tools/capabilities
Thereโs no silver bullet here, and at the end of the day, misconfigurations happen, whether its due to complexity, oversight or because people are moving fast and juggling too much. With the right people in place, strong processes and the right tools, organizations can start closing these gaps. It takes ongoing effort, but itโs doable โ and worth it โ if you want to stay ahead of todayโs threats.
Adam Bennett, co-founder and CEO of SureStack, is a cybersecurity expert and has been working to protect his customers for more than 20 years โ from small startups to the White House โ to the U.S. Department of Defense. During his career, Adam has worked in just about every cyber role imaginable, from SOC Analyst to Penetration Tester to Security Engineer.
He used his expertise to build and operate a successful cybersecurity services firm for more than 13 years. Adam has channeled this passion, expertise, and experience into creating SureStack to take cybersecurity to the next level.
