It is time to improve you cybersecurity protection, especially after recent massive ransomware campaigns like WannaCry. Limit your vulnerability and your organizations chances of being breached by following these 7 guidelines.
- Layer Your Security Strategy
Call it what you want - layered security or defense in depth, whatever the case, just make sure to use it. While this strategy has been around for many years and has been baked into many of the security strategies started years ago, it is as important now as it was then.
What does layered security actually mean? To me, defense in depth is a risk mitigation foundational building block that applies multiple layers of control across security zones and in general, the length and breadth of your overall environment. This does not guarantee attack prevention, but it will slow down the bad guys and help protect your organization against the inevitability of those attacks.
Done properly, a layered approach to security will buy you time; the time you need to respond effectively to any attack and mitigate a potential breach. In other words, it makes you harder to hack.
- Content Filtering should be policy-driven
Content filtering is another essential layer of security, providing a window into controlling, monitoring, and enforcing client policies through a single front end. Content Filtering is a policy-driven approach to security.
Multiple devices can then point to a central policy that can be edited and scaled to suit a range of such devices rather than having device-level settings across the board. It’s not just about the content or web filtering, you can also apply this technique by time of day, perform bandwidth checking for network bandwidth throttling, and ultimately help protect the business against legal liability.
Content Policies can include training personnel on good content and email hygiene. Basically, don’t click on that link unless you are sure of the sender – as one example. This is a separate conversation, but many times, we’ve found that when content policies are discussed, it’s also a good time to talk about email hygiene, although your content filtering person may need to go get the email architect.
- Proper Network Visibility leads to Proactive Prevention aka: Early Warning Radar
How long on average is the average breach? Over 200 days.
So with the ability to show signals of compromise, it is very possible to shut it off before the data leaves the building. This type of network visibility enables you to separate the noise from the signal and apply policy accordingly. Security event monitoring of this kind can actually be very cost effective in providing meaningful analysis that leads to proactive protection of infrastructure and the data within it. Think of this as providing network visibility in a way that helps you fight off the bad guys by spotting them almost before they get started. An early warning radar signal, if you will. The last several years has seen real time advanced behavior analytics using techniques, such as machine learning, applied to the security realm.
Knowing what’s connected to your network also includes hand-held devices and other lost or hidden devices. Remember, the more Internet-facing devices there are on your network, the greater the opportunity for compromise.
- Proper Patch Management
You can scan for attack patterns and apply all the policies you want, but with new vulnerabilities being exposed, seemingly on a daily basis, you will be hard-pressed to keep up with them all.
Although patch management isn’t a perfect answer to a be-all end-all technique, and will not prevent zero day exploits or unpatched vulnerabilities from hitting, it will help you keep up with the bad guys.
Subscribe to vendor notifications, keep an eye on security news sites, and patch as soon as it’s safe to do so. That’s where patch management enters the equation, as you need to not only know a patch is available, but also that it’s stable. Throwing an unstable patch at your live working environment, without testing, could do more damage to the business bottom line than the exploit it’s trying to prevent.
- Encrypt the important stuff
This suggestion usually rolls a few eyes when proposed and the problem with data encryption is that it is almost always seen as too complex, and far too expensive. The truth is that if you identify the key assets and the data that’s most valuable to your organization and then focus on encrypting these assets, it doesn’t have to be any of these things.
Aside from the three letter government agencies, data that is encrypted strongly enough will be beyond the abilities. And it’s not difficult; be sure to check out the following:
- Tablets and Smartphones: Firmware encryption built into the OS makes them useless to thieves. Use it.
- Websites: Hyper Text Transfer Protocol Secure (HTTPS) encrypts information transferred between it and client browsers.
- Web Browsers: HTTPS everywhere rewrites requests from unencrypted HTTP sites to secure HTTPS ones.
- USB Memory Sticks: VeraCrypt has become the open source encryption container product of choice. It’s easy to use, it works, and it’s free.
Authentication refers to the use of password managers and multifactor authentication. Strong passwords are a no-brainer. Unfortunately any password that is lengthy, complex and random enough to be defined as strong is impossible to remember. Throw multiple secure passwords into the equation and even someone with an incredible memory would struggle; whereas password managers do not. So go ahead and throw multifactor authentication into the mix. As it happens, you can add two factor authentication (2FA) in the form of a physical token or smartphone app generated codes too.
- Employ a Security Services Lifecycle Approach
One strategy for a bullet proof security approach is to have a lifecycle service approach that starts and ends with Plan, Design, Implement, and Operate.
This method ensures a well thought out strategy, which according to various studies, shows that many hacks are the result of a strategy that was not well planned. So plan it correctly from the beginning, with as much of the details you can accumulate, design it into an architecture that has zones of separation, technology checkpoints along the way, early warning radar like technology that indicates signals of compromise across north to south, as well as east to west campus traffic, and don’t forget the 80% east to west traffic in the data center. Make sure endpoints are hardened and protected. All of this is monitored and validated at the operate phase. This is where a qualified managed service provider can shine, especially for SMB’s who do not have the skillset to focus on the tactical and strategic initiatives.
As difficult as it may appear when making important security decisions, use this as a guide; then call on an MSSP like CCSI. We provide the right mix of security solutions to enhance your security operations by employing our expertise and key partnerships. Contact us to learn more.
For additional information about machine learning, download this free whitepaper: Using Machine Learning and Behavioral Analysis to Assist with Threat Detection.
Contact CCSI today for more information about ThreatDetect.
Larry Bianculli is managing director of enterprise and commercial sales at CCSI. He has 20 plus years experience in the IT Industry helping clients optimize their IT environment while aligning with business objectives. He is a cyber security consultant and holds a CCIE and CISSP. He has a vast experience in many verticals including Financial, Public Sector, Health Care, Service Provider and Commercial accounts. He has helped customers and lead teams with a balanced approach to strategy & planning, execution, and personal principles.