Marc Guardiola
Marc Guardiola CISO
3 September 2019

Increase your resilience with Continuous Hardening

No one is invulnerable. But a solid IT infrastructure should always be hardened against the most well-known and common types of digital abuse. At Solvinity, hardening is a continuous process.

IT infrastructures comprise many parts, from storage, server and network components to hundreds of applications. Each part can usually be configured in multiple ways, depending on the wishes and demands of the user and the further hardware and software that the various components have to interact with.

An important aspect of the work of IT administrators is ensuring all these parts are well coordinated, so everything works the way the user expects it to do. That is often an art in itself. But the IT department’s responsibility goes beyond that. Errors in the network component configuration can limit performance. In the worst case, wrong configurations can even lead to abuse of the infrastructure.

It takes a lot of time to check that the infrastructure is configured in a secure way. Time that IT departments often don’t have these days. If you want to be certain that all applications always work, it is much easier to open all the ports of the firewall. However, from a security perspective, it would be better to close everything that is not absolutely needed. An IT department that takes security seriously would never let that happen. That is why those departments have hardening processes, where guidelines from e.g. CISSANSISO and/or NIST are used to check whether any known or unknown vulnerabilities can be resolved or avoided.

“Cyber criminals will always try to abuse the most obvious vulnerabilities first in order to enter an organisation”
Marc Guardiola
CISO

Why is hardening so important? According to the National Coordinator for Security and Counterterrorism, many organisations still do not have their basic measures in order (in Dutch). In this past year, this has led to “incidents that could have been avoided and damage that could have been limited”. Hackers love common vulnerabilities that organisations ‘forget’ to deal with. These are not just casual thieves that strike when they come across an open port. So-called “state actors” and organised cyber criminals will also always try to abuse the most obvious vulnerabilities first in order to enter an organisation. If the organisation does not have proper hardening, it only makes things easier.

Security by Design white paper

Veiligheid begint bij de basis​

In ons werk als IT dienstverlener streven wij naar een veilige digitale toekomst. Je zult je afvragen of dat nog mogelijk is in een tijd waarin zelfs amateuristische cybervandalen grote schade aanrichten aan organisaties? Ons antwoord is “Ja!”. Samen met onze klanten doen wij er alles aan om een betrouwbare uitgangspositie te creëren voor een gezonde digitale toekomst. En dat begint bij de basis.

We believe that hardening is a process that should be implemented in every organisation – and luckily, more and more parties are making it a habit to immediately implement hardening when new components are installed. But we believe that’s not all there’s to it. Solvinity does not see hardening as a one-time process that is ‘completed’ – it should receive constant attention. Indeed, every change has potential consequences for the entire infrastructure. With every upgrade and every change, we therefore re-examine how it affects the different components within the infrastructure. In this way, the resilience of the organisation is maintained at all times – not just from the perspective of the aforementioned guidelines, but also based on our own experience and best practices.

 

Organisations preparing for a digital future should be able to rely on an IT foundation they can build on. This means not only that the technology must function optimally so that the business can be as productive as possible, but also that the users can rely on a secure foundation – both now and in the future. Continuous Hardening increases the resilience of organisations. It does not offer a guarantee against targeted, large-scale and professional attacks, but it does reduce the likelihood that organisations will fall victim to incidents, which, in retrospect, could have been easily avoided.

Related articles

Blog

Kunnen we je verder helpen?

Maandag t/m vrijdag van 09:00 - 19:00 uur