Cybersecurity Defense, An Honest Take!
There is no crystal ball, magic hat or single product that you can purchase to protect your business from cyber security threats. Anyone worth their salt, will tell you that if a sales guy is pushing their product as the end all be all for cybersecurity, they are blowing proverbial smoke up your kazoo!
Knowledge, Technology and Constant Rigor
The truth of the matter is that cybersecurity requires ongoing discipline, rigor, and expertise. There are multiple layers of defense required, multiple tools, and many skillsets needed. Proper security requires a comprehensive and detailed approach with the right mix of technology automation and technical know-how with smart people who care about what they are doing. To be successful, you must build and nurture your defenses, proactively search for threats and be ready to respond when attackers attempt to seize your data. It is not a matter of IF, but WHEN a breach will happen.
Be Aware and Prepared
Security is often overlooked or not given enough serious attention due to budget constraints and competition with other business priorities. Keeping up with ever-changing threats can be overwhelming for IT teams. There is a lot of pressure to deliver game-changing innovation, and there is always a requirement to "keep the lights on". The balance of operational stability, innovation, and security is tough as each is important, and they all require constant focus. This is the common challenge all CIOs, CTOs, and CISOs face. The following information is a guide to some of the most important areas required to improve your security operations program.
End User Credential Security and Privileged Access Management
Password security continues to be a problem. IT leaders must require and enforce complex password combinations and rotate passwords regularly - every 6 months at a minimum. Employee off-boarding is critical and IT access must be turned off and deleted from active directly as quickly as possible. Audit your active directory to ensure only active employees have access to your systems. The risk is real. Even if an employee leaves the company on good terms, their credentials must be turned off as they may be on the dark web and accessible to others. Dark web scanning platforms offered by service providers are a great way to know about credential compromises before they have an impact.
System administrator passwords are even more important. Only admins that need access to specific systems should have that access. Make sure you use a password vault and if your business can afford it, use a privileged identity management (PIM) platform such as Thycotic to limit access and control admin passwords.
Multi-Factor Authentication (MFA)
Validation of login through MFA is easy to set up and helps keep the bad guys out. If your employee's credentials are compromised MFA makes it very difficult for a bad actor to gain access to your systems. The most common methods to utilize MFA are via an SMS message, a biometric marker such as a fingerprint or iris scan, a PIN number, a pattern, or a physical fob. Using MFA creates an additional step to access your accounts and data, and while not foolproof, can help protect your employee's credentials.
Security Awareness Training
Your first line of defense is your employees. Your team is constantly challenged by bad actors trying to get their personal information and data about your business. End users must be proactively trained and aware of the risk that they will be confronted with. Phishing and vishing social engineering attacks are common along with malware-laden websites that download malicious code to end-user compute devices. Employees must be regularly trained with proactive videos, seminars, emails, and blogs. They should then be tested with proactive phishing campaigns that enable them to test their skills and continuously learn about the latest clever tricks that attackers are using. Re-training should then occur focused on areas of deficiency. Security awareness training is not a one-time event but must be an ongoing process with relevant training and tests that keep employees thinking.
Email Filtering and Protection
End-user training is great, but you need to help your employees with technology that minimizes risk as well. You need to have the right technology to block malicious emails from ever hitting your inbox. Outlook, Google, and other email platforms typically have built-in email filtering capabilities, but they must be configured and hardened properly. In addition, we highly recommend additional email filtering with on-premises or cloud-based platforms that specialize in email security. Reach out to us for a list of solutions that we recommend. All inbound and outbound emails must be filtered, and malicious content must be blocked to help improve your security posture.
You must have strong perimeter firewall defense in place that can minimize zero-day threats and pinpointed attacks. Your firewall must be configured to minimize risk while enabling seamless business transactions to occur. This is science, not art and IT must partner with the business to properly secure your data by limiting traffic that is allowed to traverse your firewalls. If you do not have a DMZ, get one. If you need help with how to properly configure your firewall zones, ask for help.... this is a place you do not want to skimp on investment. Intrusion detection and prevention also must be considered to proactively identify and defend against attacks. If there is a threat that has found a gap in your security, quick identification and remediation is critical.
Patch, Patch, Patch Your Endpoints
Servers, laptops and workstations must be patched consistently and often. We recommend scheduling patching workstations and laptops weekly and servers at least monthly. This can be overwhelming without the proper staff, process, and automation in place. You cannot depend on windows updates to just run automatically. Patches often fail or require re-application so proper reporting and governance over patching is key to ensure your environment is current.
In addition, Network equipment requires constant analysis of common vulnerability exposures (CVE) as well. While the state of change and patching in the network may not be as rapid as with endpoints, proactive updates to IOS is very important. Do not overlook this and make sure you remember to consistently patch your network environments. Minor patch updates should occur regularly, but you must also plan major update releases after they have been tested and validated. If you do not have automated software that can keep up with CVE notifications, subscribe to government and private manufacturer security bulletins to keep up to date.
Leveraging AI & Machine Learning - EDR and Security Monitoring
Artificial Intelligence and Machine Learning is important. This is a tough thing for most enterprises to invest in, so a managed service provider like Ballast can really help here. The bad guys are using it, so if you aren’t, you will likely be compromised. Attacks are usually being conducted by software bots that are automated, learn and adapt their behavior to technology and environments.
The only way to keep up is to have strong defenses with behavior analysis AI deployed with a managed endpoint detection and response (EDR) that is backed up with a SIEM that has strong behavior analysis and log analysis capabilities. Modern malware and viruses often bypass traditional Anti-Virus platforms, so we strongly recommend an industry-leading EDR solution. EDR is affordable and will give you strong adaptable security protection. The EDR logs should also feed into your SIEM platform to correlate of security events.
All companies have different, but similar needs so finding the right partner to augment and assist your team is key to securing your business. Your partner must have the experience and processes that bring instant advanced capabilities and maturity to your business. Ideally, you want a partner who brings different viewpoints and ideas to your team. This comes from experience working with many businesses and diverse verticals. The other key fact is that you want a partner that does not just monitor things and tell you about threats, but one who proactively engages and mitigates threats, before they have a critical impact to your business. They must know your technology, but more importantly, they must take the time and effort to understand your business.
The Ballast Approach
Ballast extends your team and bolsters your technology with proven people and systems. We align those resources with best practice processes and innovation that enable your security posture to get current and remain current. We then overlay 24x7 monitoring, expertise, and constant automated compliance checks to validate that the security controls we put in place are solid and working as expected.
Ballast provides comprehensive security operations that monitor, detect, and mitigate threats that cause risk to your company. Our TOC and SOC cyber warriors work hand in hand to provide a seamless solution that allows you to rest peacefully while we help defend your business. If you are struggling with how to improve your security posture reach out to Ballast and request a free consultation!
Modernize, Optimize, Stabilize, and Secure your organization today. Contact us at 813-568-9011, visit our website at https://ballastservices.com, or click on Get In Touch to speak with us today.