Page 89 - Cyber Defense eMagazine April 2021 Edition
P. 89

Can you answer these questions to your satisfaction?

          •      Have you reviewed and ensured strong configuration management for your devices? You’ll need a
                 good MDM to stay on top of that.
          •      Can you effectively say who has access to what?
          •      What is your identity and access management solution, and what are its security vulnerabilities?
                 State of your system
          •      Do you know everything that is running in your environment?
          •      Do you know what their patch status is?
          •      Do you know how many published vulnerabilities there are?
          •      Do you know what state individual workstations are in?
          •      Can you track this? Can you verify that it’s correct?

          SIX: Consistent tracking and remediation, or: finding weird stuff

          Effective endpoint security, effective monitoring and visibility and an effective system to set a response to
          patches can set you well on your way. Effective patching on a well-understood cadence based on this
          tracking is crucial.


          If something weird happens, like 1500 logins for a user in a country you don’t do business in, or from one
          dude in marketing (which is totally a true story), will you see it? Does your setup notice that sort of thing, and
          does it highlight things that are strange quickly?

          Behavioral security doesn’t just guard against known malware. It looks closely at activity, and at what is
          unusual or suspicious activity. What’s weird, in whatever scenario? JavaScript running or programs
          downloading payloads in the middle of the night? Good behavioral endpoint protection identifies activity that
          acts like a virus or like a setup for malware, sandboxes it and reports it. In our current security climate, you
          can’t really afford to not understand and measure for anomalous behavior.

          Mitigation, not lockdown

          I’ll say it again: there is no flashy — and certainly no easy — solution for dealing with the risks inherent in
          using third-party tools. It’s all about covering your basics, doing due diligence and maintenance, and keeping
          your ear to the ground.

          Following these best practices, maybe you can’t say “I’m not vulnerable to anything today,” but perhaps you
          can say with confidence “I’m not vulnerable to anything that came out last month.” Or “I have 2020 on
          lockdown.” If you can make it that far, and trust that if you have a well-planned process, you will be catching
          all sorts of problems before they even arise.


          Remember: security should enable business, not throttle it. Drag your risk into a window you are comfortable
          with, and you’ll be in a much better position to protect your system.
          Even from ninjas.




















             89    Cyber Defense eMagazine – April 2021 Edition
                   Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.
   84   85   86   87   88   89   90   91   92   93   94