Page 50 - Cyber Defense eMagazine August 2023
P. 50
1. Awareness and Monitoring - Get familiar with your attack surface and make sure you have up-to-
date documentation of all connected assets. Use a Security Information and Event Management
(SIEM) baselining software, a rogue system detection device, and a vulnerability scanner to help
with the identification.
2. Cybersecurity Training - It’s crucial to ensure the IT team knows how to identify potential
compromises and the knowledge to report and escalate a response when needed correctly.
3. Impact Reduction - Limit sensitive information and connectivity to vulnerable systems and have a
well-trained Incident Response Plan (in-house or third-party) to address cyber threats.
4. Vulnerability Management - A Vulnerability Management program will collect the latest threats
and vulnerabilities, including threat intelligence. The data for the intelligence collection can be
produced by a vulnerability scanner tailored to individual networks with a SIEM.
5. Threat Information Sharing - Participation in threat information sharing platforms such as the
Cybersecurity and Industrial Security Agency’s Automated Information Sharing program and the
Cybersecurity Incident Response Center’s (CIRCL) Malware Information Sharing Platform
(MISP), which is also known as the Open Source Threat Intelligence Platform (OSTIP) is highly
recommended.
6. Incident Response Training -Finally, prioritized training for SOC/NOC personnel that emphasizes
how to conduct the processes outlined in the Incident Response Plan is needed, along with
periodic (monthly) reviews of the Vulnerability Management Plan to ensure that it accurately
incorporates assets and addresses all vulnerabilities.
New technologies indeed bring advancements in communication and computation. But these advanced
technologies come with the warning that each newly connected device holds an additional gateway for
hacker entrance. Enterprises are facing new vulnerability challenges against the backdrop of inadequate
IT protection.
Cybersecurity professionals must automate network security using SIEM, rogue systems detectors, and
vulnerability scanners to identify potential threats. For organizations lacking cybersecurity personnel or
the necessary monitoring/analyzing tools, highly-trained, third-party cybersecurity professionals can
perform all these preventative threat measures—often at a lower cost than one highly-trained
cybersecurity professional.
Outsourcing cybersecurity responsibilities to a third-party security provider is similar to outsourcing data
storage and processing to a cloud provider. Both bring cost, scale, and expert knowledge advantages to
the table. As the border of today’s enterprise networks continues to creep beyond the confines of
corporate walls, more skilled cybersecurity teams and advanced automation tools are needed to mitigate
risks and diminish attack surfaces.
Cyber Defense eMagazine – August 2023 Edition 50
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.