Last week, the Cybersecurity & Infrastructure Security Agency (CISA) put out an emergency directive which ordered federal agencies to pull Ivanti Connect Secure and Ivanti Policy Secure installations from their networks with a deadline within 48 hours.
In order to bring the solutions back on-line, they were required to export the configuration, bring back to factory reset, upgrade to supported software versions, reapply the configurations and then ensure all credentials impacted were revoked and re-issued.
Just thinking about revoking a bunch of credentials, recreating them, and then getting the systems which use said credentials properly updated is a ton of work if all that has to be done manually. We often talk about how Infrastructure as Code (Iac) helps on the front end, with deployments, but if you think about recovering from a security incident, you are likely performing those same deployments again. So if your organization needs another reason to embrace IaC, security incidents is another reason to do so.