When most people think of IT security, they think of concrete preventative measures like firewalls, antivirus software, data encryption, network segmentation, MFA/2FA, and complex passwords. All of these components are essential for a strong IT security posture, but another piece is often overlooked: the ability to remotely monitor and report on existing OS configurations and security measures in place across all of the Mac®, Windows®, and Linux® systems in an environment. Rather than adding a new security layer that directly stops an attack, system reporting helps ensure that the appropriate layers are in place on every system in the organization, with no gaps or vulnerabilities that could be exploited.
Why System Data Is Crucial for Security
IT admins need system data to identify weaknesses in OS versions, patch systems as necessary, and configure and monitor other security measures like disk encryption and MFA/2FA, all without disrupting users’ workflows. Another important requirement is the ability to see the local user accounts provisioned on each system and the last time each account logged in. And virtually all major regulatory compliance frameworks require IT teams to prove that these measures are in place.
Many organizations use a combination of solutions to gather system-level data for compliance, especially with a heterogeneous mix of Mac, Windows, and Linux operating systems in play. At JumpCloud®, we believe that cross-platform system telemetry should be available at the directory level. We offer System Insights™ as a premium feature available with our cloud-hosted Directory-as-a-Service®. Key data points are displayed in the Admin Console user interface and many more are available for customized access and external integration via the PowerShell module and API.
Benefits of Actionable Insights for System Security
A tool like System Insights lets you remotely pull the system data you need to assess your organization’s security posture and take action as necessary. Here are some of the ways you can use System Insights to step up security across your organization:
Locate Recently Discovered Vulnerabilities
In the best case scenario, security researchers discover and responsibly report existing vulnerabilities they find in operating systems and other software. In the worst case, a high-profile data breach makes mainstream news by compromising business-critical information for a large corporation. Either way, when a weak point becomes public and the race to patch is on, you need a way to quickly identify any systems in your environment that need attention. One recent example of this scenario was BlueKeep, a vulnerability discovered in fall 2019 that affected certain versions of Windows and Windows Server®. Admins who were able to quickly survey their systems could take measures to safeguard any open RDP ports in response.
Assess Security Configurations
When it comes time to assess security across an organization, whether for an audit or an internal project, you’ll need to know which systems have the required measures in place and which need updating. Ideally, a simple review of your directory would give you the following configuration info for all of your Mac, Windows, and Linux machines:
- Disk encryption status: Which systems have FileVault (Mac) or BitLocker (Windows) turned on, and which volumes are encrypted.
- MFA/2FA at system login: Which machines don’t have multi-factor authentication enabled at system login?
- Root user: Which Linux and Mac systems have the root user enabled?
- Guest accounts and unmanaged local user accounts: Which systems have guest accounts enabled and/or extraneous local user accounts that aren’t managed by your directory?
Identify Suspicious Application Installs
Although many IT teams prefer to lock down all end user permissions, preventing employees from installing any software on their machines, others give some or all users admin privileges on their machines. This can facilitate self-service software installs and streamline operations in a DevOps environment. But if users do have admin privileges, IT needs a way to monitor app installs and check them against the whitelist.
Usually, when an employee installs an unapproved and potentially vulnerable app, it’s less out of a desire to break the rules and more as a shortcut to solve a new problem without any bureaucratic red tape. With this in mind, monitoring app installs can also help you stay on top of users’ needs and research secure, cost-effective software solutions.
Keep Accurate Inventory for Auditing
Computer system inventory is a major component of any compliance audit. The easiest way to demonstrate each system’s compliance would be to pull a report from your directory that shows all of the above configuration info. You may also need to prove that only certain users (a handful of execs and IT admins, for example) have high-level access to servers that house important proprietary data. Audits look at elements of user management, system management, and IAM across a variety of resources both on-prem and in the cloud, so ideally, you would control and report on each of these elements from one place.
How to Get System Insights
System Insights is available as a premium feature with Directory-as-a-Service, JumpCloud’s all-in-one access control and system management platform. You can try it with a free admin account, which includes full functionality to manage up to 10 users and systems.