{"id":5020,"date":"2024-08-26T09:00:00","date_gmt":"2024-08-26T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/cyber-risk\/aggressively-monitoring-for-changes-is-key-aspect-of-cybersecurity"},"modified":"2024-08-26T09:00:00","modified_gmt":"2024-08-26T14:00:00","slug":"aggressively-monitoring-for-changes-is-a-key-aspect-of-cybersecurity","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/26\/aggressively-monitoring-for-changes-is-a-key-aspect-of-cybersecurity\/","title":{"rendered":"Aggressively Monitoring for Changes Is a Key Aspect of Cybersecurity"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

There are many layers to a proper cybersecurity defense. Each layer is important, and risks are increased any time a layer is compromised or missing. Additionally, there can never be enough layers. While you can reduce risks by adding layers, you can never eliminate all the risk. Two of the most vital layers of defense are file integrity monitoring and change detection. Both are controlled and monitored by an organization’s change management program.<\/span><\/p>\n

In the early days of computer networking, I remember making major changes on the fly, without any documentation, approvals, back-out plans, or oversight. Step ahead a few years and this would be a fast and easy way to find yourself unemployed and unemployable.<\/span><\/p>\n

Changes, change detection, and change management are a big deal and require coordination, planning, testing, documentation, developing back-out plans, and gaining approvals from key aspects of the organization. Often, receiving approvals can take weeks or even months. In many organizations these days, change approvals are done by committees that track changes very closely to prevent issues, outages, or disruptions to the business.<\/span><\/p>\n

Threat Actors Attacks<\/h2>\n

When <\/span>threat actors attack<\/a><\/span> your network, they must make changes to carry out their objectives. Their objective is almost always financial gain. The threat actor must find a means to enter the network, such as unpatched vulnerabilities or phishing, and typically escalate credentials to further their objectives. Many times, the threat actor must insert payloads, executables, create accounts, edit access control lists, use unapproved software, disable software or agents, and alter logs and security configurations before doing any real damage. All these actions require changes. <\/span><\/p>\n

When changes are detected, the threat actor has not yet completed their objectives. Change detection and file integrity monitoring solutions can be triggered, alerting information security before the threat actor has established command and control, pivoted to active directory, exfiltrated confidential data, or kicked off encryption processes. These next-generation systems can operate and alert in real time.<\/span><\/p>\n

The Biggest Threats<\/h2>\n

There are only a few reasons that files, software, operating systems, databases, applications, or configurations change:<\/span><\/p>\n

\n