Building Security Baselines and Infrastructure Hardening

Secure by default

Modern IT systems are built as a complex web of software and hardware interdependencies, where an attacker needs to only find a single weakness to initially penetrate them, while defenders need to defend against all vulnerabilities in their environment. “Secure by default” might be the best practice, but it is very hard to achieve it in these environments. First of all, they are complex, interdependent, and difficult to actually fully understand. Secondly, technology and processes don’t always help – either components do not ship in secure configurations or their default configurations do not reflect the risk environment of their installation. In addition, operational procedures during component lifecycles often weaken security settings, as do human errors during daily administration.

Reduced risk of cyber-attack, reduced risk of business loss

NIL consulting services for building security baselines and infrastructure hardening provide custom blueprints for hardening your hardware and software systems to be more resistant against digital attacks, and remain so over the lifecycle of the system, thus significantly reducing risk and potential business loss over time.

Customized security baseline for your environment

NIL’s consulting engagements cover the following use cases:

  • Creation of IT component security baselines (standards) for specific customer environments.
  • Configuration/installation of security baselines into customer environments.
  • Verification (audit)of existing systems against security baselines.
  • Creation of custom Desired State Configuration (DSC) systems that maintain the desired security baseline of a component over its lifecycle.

While our security baseline standards incorporate industry best practices (CIS, NIST, and similar, along with vendor recommendations), our core differentiator is the customization of these baselines to specific customer environments with two goals:

  • To address specific risks in the customer environment, by providing stronger security assurance (additional settings, more granularity) than what would be achievable with only a cookie cutter, best practices baseline.
  • To address compatibility issues in the customer environment, by adapting the security baselines to specific limitations in the customer environment, and also documenting any residual risk caused by baseline relaxation.

As part of our engagements, we create security baselines for a wide range of IT infrastructure, platform, and application components. The following table shows some typical IT components requested by our customers:

Infrastructure security baseline target Platform security baseline target Application security baseline target
Cisco IOS/IOS XE/IOS XR Microsoft Windows Server Microsoft Exchange
Any Cisco security product Microsoft Windows client OS Microsoft SQL Server
Palo Alto Networks PAN-OS/NGFW Linux (all flavors) Cisco Unified Communications and Collaboration components
Fortinet FortiGate FortiOS/NGFW VMware vRealize/vSphere Symantec DLP
F5 Networks BIG-IP APM/ASM/LTM Microsoft Active Directory Symantec Messaging Gateway
Symantec ProxySG

Why NIL?

NIL has decades of experience in customizing security solutions to specific environments, in which our core differentiators are:

  • Cost effectiveness and speed: As it requires significant effort and resources to harden IT components in order to establish and maintain a reliable baseline of secure settings, NIL’s specialized team is typically more cost efficient as well as faster compared to an internal engineering team.
  • Proven track record: NIL has been creating enterprise and service provider security baselines globally for more than 20 years.
  • Combining best practices and experience: We use known best practices and combine them with our extensive experience and latest security findings.