Protection at a glance
Cyber attacks hit the headlines on a daily basis and they are not only a threat to large corporations like governments and banks, but also to small businesses and individuals. So what can we do to protect ourselves from this risk and eliminate unwanted access into our computers? In most cases, simply doing the things well reduces the overall risk greatly. Here’s what you need to know. Below are the five best practices organisations follow to protect their business critical assets.
The bedrock and fundamental foundation of every successful security program without which, the other best practices in the article would be much less effective. Having a solid asset inventory depends on a few simple things: knowing the assets you have, where they are on the network, what software and configurations are on them and which users and systems have access to them. What counts as an “asset” from a security perspective? For starters, any kind of network-accessible electronic system, including laptops, desktops, servers, firewalls, switches, routers, phones, printers, cloud applications, and more. If the asset inventory has gaps, that means the security program will also have gaps. If all the laptops have full-disk encryption enabled on them before your IT team gives them to employees, but you and your IT team don’t know about the five new laptops that the HR team just purchased using a corporate credit card, then they likely won’t get encrypted (until someone finds out about it).
Network and vulnerability scanning solutions can help maintain and identify gaps in your organization’s asset inventory. Using a combination of network scans and endpoint agents will help provide rich, near real-time asset data for your asset inventory.
Any good security program starts with multi-factor authentication for accessing critical personal or business data. Forms of authentication fall into three categories:
- Something you know: A password, for example.
- Something you have: A phone, ATM card, etc.
- Something you are: A fingerprint
Passwords are fundamentally flawed and can be easily stolen via phishing attacks, password guessing attacks, and malware. For example, by simply using a password to safeguard the data, an attacker only needs to jump through one hoop to compromise your account. Requiring multiple forms of authentication for users makes gaining user credentials (and therefore access) much more difficult and expensive for attackers. One important thing to note here is that requiring two forms of authentication from the same category will not suffice from a security perspective. For example, if you require users to enter a password and then answer a security question, such as “What’s your mother’s maiden name?”, then that doesn’t count as two-factor authentication. Since those are both “something you know,” it’s simply single factor authentication twice. Requiring a password (something you know) and then a 6-digit code generated by an app on a smartphone (something you have) does count, however.
Simply, patch management means making sure if all the software is up to date, installed and configured correctly. This involves obtaining, testing and installing patches (i.e. software updates) to the organization’s systems and devices. To do this effectively, there is a need to continuously stay aware of available patches, determine the patches needed on which systems and oversee their installation and test for issues after patch installation. This is typically handled as a partnership between IT and DevOps teams as opposed by the security team.
Patch management plays closely with vulnerability management or the process of determining any vulnerability in the IT environment. The three elements behind patch management are prioritizing vulnerability remediation, evaluating compensating controls (i.e. existing security techniques or systems that lower the risk of vulnerability) and making sure any patch you implement is installed correctly.
Here’s why these elements matter: Applying a patch will sometimes break another part of the software that is being in use causing more harm than good. Understanding this inherent risk will play a large role in how to prioritize the patches to be applied. In the event, a patch does break some software requiring to remove the patch, then compensating controls in place will make it harder for an attacker to exploit any vulnerabilities that re-emerge. An example of a compensating control to be put in place includes implementing firewall rules that limit the number of systems and can communicate with a vulnerable system that can’t be easily patched.
To help mitigate potential fallout, test patches on non-critical systems or in test environments that mirror the production environment before installing patches across the entire fleet of systems.
Decentralization is a concept that involves keeping data spread out across the networks and cloud services to ensure that if one user or server in the organization’s network is compromised, the attacker won’t necessarily have access to additional company data that’s stored in the rest of the networks and cloud services the company uses. For example, if an attacker finds a way into one of the office’s internal file share systems in a decentralized environment, they’ll likely only be able to access that office’s shared files but not necessarily all of the files in the cloud storage provider. However, in case of a centralized environment and an attacker compromises one server, they may find ways to easily move from that server to additional company systems and data such as email servers, financial statements or user directories.
Decentralization provides two benefits:
- The benefit of a decentralized security team, contingent on a good vendor management process: With a small or moderate-sized security team, it can be incredibly difficult to monitor the dozens of cloud applications the company uses. Luckily, well-established cloud service providers are usually investing heavily in their own security teams and program, focused on protecting their environment in depth. Keeping the vendor’s application separate from the rest of the network allows the security team to focus on the organization’s core environment, while the vendor’s security team can focus on protecting the application or service they host on the behalf of the company.
- The benefit of containing a breach’s impact if one specific application or user is compromised:If one vendor application is compromised in a decentralized environment; that means the breach’s impact is contained to that one application or vendor. Doing this makes it more difficult, but not impossible as seen in recent breaches for an attacker to access the rest of the systems and information. The more difficult it is for an attacker to reach a central server, the more time and money they’ll need to invest in the attack and the more likely they are to abandon it or get caught.
Network segmentation takes decentralization one step further: It’s the concept of figuring out which systems and devices on the network need to talk to each other and then only allowing those systems to talk to each other and nothing else.
For example, consider a nurse working in a hospital laptop. In a securely segmented network, the laptop would only be able to talk to one or two other systems such as a print server (for printing patient records) and the patient record application itself. However, in a “flat network,” i.e., a network with no segmentation between systems, this laptop could talk to every other system on the network. If an attacker compromises that laptop, they’ll be able to attack every other system on the network through completely unchecked lateral movement.
To segment the network effectively, it’s essential to have most critical assets in inventory to understand where they sit on the network and which systems & users can access them. If the assets are accessible by more than the specific systems and users who actually need that access then that should be remedied. Access should always be granted based on the principal of least privilege to minimize a system or application’s overall attack surface. You’ll also need to ensure nothing on the network is able to communicate directly to your database servers, which is where critical application data is typically stored.
Putting the Foundation In Place
Once these best fundamental practices have been incorporated into the environment, the security foundation is set. Not only will it be more difficult for an attacker to move around the network, but it’ll be more costly too. The more expensive and time-intensive an attack is, the more likely the attacker will be to abandon their attempt or to get caught if they persist.
- Access Control Policy
- User Account Policy
- Remote Access Policy
- Information Protection Policy
- Firewall Management Policy
- Special Access Policy
- Network Connection Policy
- Email Security Policy
- Password Policy
- Acceptable Use Policy
Red Team Assessment
- White Hat Hacking
- Vulnerability Scanning
- Password Cracking
- Brute Force Attacks
- Phishing and Spoofing
- Packet Analyzer
- Social Engineering
- Trojan, Virus and Worm Attacks
- Risk Identification and assessment
- Risk Analysis
- Risk Evaluation
- Risk Reporting
- Risk Management Strategy
- Framework Design
- Framework Implementation
- Framework Reporting
- Technology Strategies
- Virus, Malware, Spoofing and Spam Protection
- Data Leak Prevention
- Email Encryption
- DoS Attack Protection
- Advanced Threat Protection
- Outbound Email Filtering
- Anti-Phishing Protection
- Typosquatting and Link Protection
Security Awareness Training
- Awareness Training for Top Management
- Awareness Training for End Users
- Operations Training
- Strategy and Management Training
- Product and Technology Specific Training
- Security Skills Assessment
Data Leakage Prevention
- Cloud DLP
- Discovery DLP
- Endpoint DLP
- Network DLP
- Data Visibility and Control
- Management Console
- Advanced Threat Protection
- Add-On Modules
TO MONITOR REALTIME