CISA and NSA Release Top 10 Cybersecurity Misconfigurations: How Tenable Can Help

The NSA and CISA have released a joint cybersecurity advisory discussing the top 10 most common cybersecurity misconfigurations, and outlining ways to mitigate them. Read this blog to learn more and see how Tenable technologies can help discover, prevent and remediate these misconfigurations.

Background

On October 5, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) published a joint cybersecurity advisory to highlight the most common cybersecurity misconfigurations. In particular, the advisory calls out the tactics, techniques and procedures (TTPs) actors use to compromise a network, as well as recommended mitigation strategies. 

Top cybersecurity misconfigurations

The agencies identified the following 10 most common network misconfigurations:

1. Default configurations of software and applications
2. Improper separation of user/administrator privilege
3. Insufficient internal network monitoring
4. Lack of network segmentation
5. Poor patch management
6. Bypass of systems access controls
7. Weak or misconfigured multifactor authentication (MFA) methods
8. Insufficient access control lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unrestricted code execution

As stated in the joint advisory, these common misconfigurations depict systemic vulnerabilities within the networks of many large organizations and showcase the need for software makers to embrace secure-by-design principles . 

CISA and NSA urge network defenders to remove default credentials, deactivate unused services, ensure systems are updated regularly, prioritize patching of high risk vulnerabilities and properly manage admin accounts and privileges. 

How Tenable can help to identify the top misconfigurations

These misconfigurations are present in many organizations today, both in the private and public sectors. This advisory underscores the fundamental need for organizations to have good cyber hygiene that addresses misconfigurations and vulnerabilities. According to the Center for Internet Security (CIS), almost all successful attacks exploit “poor cyber hygiene”. As organizations discover and fix vulnerabilities and misconfigurations, maintain good administrative and configuration practices, and keep track of vital assets, they reduce and eliminate attack vectors used by threat actors.

The Tenable One Exposure Management Platform extends beyond traditional vulnerability management and foundational cyber hygiene to include data about misconfigurations, vulnerabilities and attack paths across a spectrum of assets and technologies -- including identity solutions, cloud configurations and deployments and web applications.

Tenable solutions that are part of Tenable One can help organizations prevent, discover and remediate misconfigurations. As we review the list of misconfigurations discussed in the advisory, our identity exposure management solution, Tenable Identity Exposure, helps secure identities, one of the most common attack vectors that attackers exploit. Tenable Identity Exposure monitors several critical misconfigurations identified in the list from CISA and NSA, including: Improper segmentation of admins and user privileges; weak or misconfigured MFA controls in Entra ID; and poor credential hygiene including the use of compromised or weak passwords. 

Tenable One adds the ability to quickly discover out-of-date software, detect misconfigurations based on industry compliance standards, and obtain a deeper understanding of the network segmentation and devices that reside on the same or adjoined networks. The attack path analysis capabilities within Tenable One combine device identification, network segmentation, detection of device or service vulnerabilities, and visibility into directory services to enable users to quickly identify vulnerable attack surfaces within their environments. A topology or node view can be used to identify attack paths from start to finish. It outlines vulnerable servers, web applications, and services that may be exposed to the internet. It also shows how they can become a foothold through the use of exploitation techniques or exploitable vulnerabilities allowing attackers to move laterally or escalate privileges through the network. 

Learn more:

• Cybersecurity Advisory: Top Ten Cybersecurity Misconfigurations 
• Tenable Research: Identity Has Breached The Ecosystem
• Whitepaper: Continuous CIS Assessment For a Zero Trust World