Enforcing Compliance
A key protection for systems in a connected world is limiting the available attack surface of the asset. Closing ports, disabling unnecessary services, and using a least privilege approach to assigning permissions are all pieces of deploying a security baseline. The challenges associated with deploying and maintaining security baselines, however, have classically limited the adoption of them in all but the most critical infrastructure environments. Compatibility testing, the difficulties in enabling functionality as needed for new applications, and the challenges associated with identifying configuration drift over time and bringing the device back into compliance have all conspired to make security baselines near impossible to manage in practice.