The Importance of Configuration Management in Your Security Program When “Everything’s Everywhere, All at Once”

Webinar Registration

The typical organization that has already gone through much of their “digital transformation” knows that they have endpoints in remote locations, infrastructure on-premises and in the cloud, leveraging various types of environments including SaaS applications, virtualization and container technologies, as well as microservices. And when you consider vulnerabilities within every one of these environments that need to be managed, it becomes evident that inventorying vulnerabilities isn’t enough; it’s necessary to ensure each of these environments is securely configured (e.g. “hardened”).

The configuration of assets and operating systems is a powerful preventive control to reduce attack surface. It’s so effective at stopping cyberattacks that MITRE’s ATT&CK Framework points out that a proper configuration can mitigate 37 different threat techniques!

So, what does a properly-implemented Configuration Management program look like and how does it fit within the rest of your cybersecurity program?

In this Real Training for Free session, 4-time Microsoft MVP, Nick Cavalancia, takes my seat as he first discusses how and why Configuration Management fits into a Vulnerability Management program.

Next up, you’ll hear from Devin Krugly, Practice Advisor and Justin Prince, Technical Advisor – both from Rapid7 – as they dive deeper into the topic, breaking down the discipline itself into practical chunks using real-world attack examples. Topics will include:

Clarifying and simplifying all the terminology and definitions that have arisen from the hyper diversification of IT environments
The role of benchmarks in assessment using Center of Internet Security (CIS) and Defense Information Systems Agency (DISA) that provide technical guides Security Technical Implementation Guides (STIG).
Reading through a benchmark
Practical guidelines on how to incorporate Configuration Management into the broader attack surface or vuln management program

This Real Training for Free session will be chock full of practical technical detail! Register now!

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.