CISA and NSA Release Top 10 Cybersecurity Misconfigurations: How Tenable Can Help
The NSA and CISA have released a joint cybersecurity advisory discussing the top 10 most common cybersecurity misconfigurations, and outlining ways to mitigate them. Read this blog to learn more and see how Tenable technologies can help discover, prevent and remediate these misconfigurations.
Contexte
On October 5, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) published a joint cybersecurity advisory to highlight the most common cybersecurity misconfigurations. In particular, the advisory calls out the tactics, techniques and procedures (TTPs) actors use to compromise a network, as well as recommended mitigation strategies.
Top cybersecurity misconfigurations
The agencies identified the following 10 most common network misconfigurations:
- Default configurations of software and applications
- Improper separation of user/administrator privilege
- Insufficient internal network monitoring
- Lack of network segmentation
- Poor patch management
- Bypass of systems access controls
- Weak or misconfigured multifactor authentication (MFA) methods
- Insufficient access control lists (ACLs) on network shares and services
- Poor credential hygiene
- Unrestricted code execution
As stated in the joint advisory, these common misconfigurations depict systemic vulnerabilities within the networks of many large organizations and showcase the need for software makers to embrace secure-by-design principles .
CISA and NSA urge network defenders to remove default credentials, deactivate unused services, ensure systems are updated regularly, prioritize patching of high risk vulnerabilities and properly manage admin accounts and privileges.
How Tenable can help to identify the top misconfigurations
These misconfigurations are present in many organizations today, both in the private and public sectors. This advisory underscores the fundamental need for organizations to have good cyber hygiene that addresses misconfigurations and vulnerabilities. According to the Center for Internet Security (CIS), almost all successful attacks exploit “poor cyber hygiene”. As organizations discover and fix vulnerabilities and misconfigurations, maintain good administrative and configuration practices, and keep track of vital assets, they reduce and eliminate attack vectors used by threat actors.
The Tenable One Exposure Management Platform extends beyond traditional vulnerability management and foundational cyber hygiene to include data about misconfigurations, vulnerabilities and attack paths across a spectrum of assets and technologies -- including identity solutions, cloud configurations and deployments and web applications.
Tenable solutions that are part of Tenable One can help organizations prevent, discover and remediate misconfigurations. As we review the list of misconfigurations discussed in the advisory, our identity exposure management solution, Tenable Identity Exposure, helps secure identities, one of the most common attack vectors that attackers exploit. Tenable Identity Exposure monitors several critical misconfigurations identified in the list from CISA and NSA, including: Improper segmentation of admins and user privileges; weak or misconfigured MFA controls in Entra ID; and poor credential hygiene including the use of compromised or weak passwords.
Tenable One adds the ability to quickly discover out-of-date software, detect misconfigurations based on industry compliance standards, and obtain a deeper understanding of the network segmentation and devices that reside on the same or adjoined networks. The attack path analysis capabilities within Tenable One combine device identification, network segmentation, detection of device or service vulnerabilities, and visibility into directory services to enable users to quickly identify vulnerable attack surfaces within their environments. A topology or node view can be used to identify attack paths from start to finish. It outlines vulnerable servers, web applications, and services that may be exposed to the internet. It also shows how they can become a foothold through the use of exploitation techniques or exploitable vulnerabilities allowing attackers to move laterally or escalate privileges through the network.
En savoir plus
Articles connexes
Cybersecurity Snapshot: CISA Shines Light on Cloud Security and on Hybrid IAM Systems’ Integration
March 15, 2024Check out CISA’s latest best practices for protecting cloud environments, and for securely integrating on-prem and cloud IAM systems. Plus, catch up on the ongoing Midnight Blizzard attack against Microsoft. And don’t miss the latest CIS Benchmarks. And much more!
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
February 1, 2024The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security.
Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more
December 29, 2023The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more!
Tag, You’re IT! Tagging Your Way to Cloud Security Excellence
June 26, 2024To manage your cloud resources effectively and securely, you need to consistently tag assets across all your cloud platforms. Here we explain tagging’s main benefits, as well as proven strategies and best practices for tagging success.
CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability
June 25, 2024Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability.
Understanding Customer Managed Encryption Keys (CMKs) in AWS, Azure and GCP: A Comparative Insight
June 25, 2024Explore critical differences in handling customer-managed encryption keys (CMKs) across AWS, Azure and GCP to avoid security misconfigurations and protect your data effectively.
- Active Directory
- Attack Surface Management
- Cloud
- Compliance
- Exposure Management
- Security Frameworks
- Vulnerability Management
- Active Directory
- Center for Internet Security (CIS)
- Exposure Management
- Federal
- Government
- Security Frameworks