Here is my "Top 5" list to up your cybersecurity defenses:
- Make sure that whatever your current endpoint protection strategy is, it is 100% in place. There are always better tools. However, repeatedly, the attackers are exploiting gaps in your cyber defenses. Deny the attackers easy access because of stupid mistakes.
- Ensure you have 100% visibility to whatever you use in #1. You are very exposed if you can't see what is going on with all your endpoints. All the major products have a console - use it. There are numerous console options for Windows Defender. Ignorance of what is going on in your network will end badly for you.
- Patch your servers and workstations. Attackers run vulnerability scanners against everything they encounter. These tools inventory and evaluate everything they see—operating systems, third-party applications, bios, and firmware. It is very frightening to watch how fast an attacker can land on a limited user, evaluate vulnerabilities, exploit them, and be sitting on a machine with local admin access. You must invest in tools to know and patch what they want to exploit.
- Implementing layers of protection—web filtering, endpoint protection, firewall monitoring, vulnerability monitoring, patching, and security monitoring are good examples to strive for.
- Invest in having 24x7x365 Security Operating System oversight. Attackers love to attack when few people actively pay attention - nights, weekends, holidays. Having someone paying attention dramatically reduces an attacker's "dwell time" in your network. Time and time again, we have seen that directly translate into attacks being shut down before any attacker can fully leverage them.
Bonus - Make the attackers make some noise. The harder the attackers have to work to search your network and access your resources, the more likely they are to be detected by one of your tools and the SOC. You can force them to be more aggressive to get what they want by denying them easy access and visibility. That more aggressive behavior is often picked up by good people and good tools, allowing you to quickly shut the attackers down before anything can be taken or damaged in your network.
CSI has the tools and services to help you wherever you are on this security spectrum.
Give us a call. We are happy to help!
-Scott Quimby, CISSP
You must be logged in to post a comment.