"Security 'Sampling' Puts US Federal Agencies at Risk"

Titania has released an independent research report investigating the impact of exploitable misconfigurations on network security in the US federal government. According to the study, "The Impact of Exploitable Misconfigurations on the Security of Agency Networks and Current Approaches to Risk Mitigation in the US Federal Government," network professionals report that they are meeting their security and compliance practices, but data indicate that risk is still high. Therefore, according to the report's findings, it is likely to cost billions of dollars yearly. The research revealed that federal government respondents were the only sector representatives who stated that they assessed firewall configurations. Their network checks did not include switches or routers. As a result, the agencies are sampling the security of their network device fleets. According to zero trust best practice, continuous assessment of all devices is critical for preventing intrusion and inhibiting lateral movement across networks. Sampling is a risky approach to configuration security that exposes organizations to the risk of configuration drift bringing networks down. Furthermore, the survey found that the inability to prioritize risk (81 percent) and inaccurate automation (44 percent) are the top two challenges for federal government respondents in meeting their enterprise security and external compliance requirements. Federal respondents also revealed that financial resources dedicated to mitigating network configuration risks, which currently account for around 3.4 percent of the total IT budget, are a constraint in configuration management. This article continues to discuss Titania's findings regarding the impact of exploitable misconfigurations.

Help Net Security reports "Security 'Sampling' Puts US Federal Agencies at Risk"