1.  Awareness and Monitoring - Get familiar with your attack surface and make sure you have up-to-
                   date documentation of all connected assets. Use a Security Information and Event Management
                   (SIEM) baselining software, a rogue system detection device, and a vulnerability scanner to help
                   with the identification.
               2.  Cybersecurity  Training  -  It’s  crucial  to  ensure  the  IT  team  knows  how  to  identify  potential
                   compromises and the knowledge to report and escalate a response when needed correctly.
               3.  Impact Reduction - Limit sensitive information and connectivity to vulnerable systems and have a
                   well-trained Incident Response Plan (in-house or third-party) to address cyber threats.
               4.  Vulnerability  Management  - A Vulnerability  Management  program  will collect  the  latest  threats
                   and  vulnerabilities,  including  threat  intelligence.  The  data for  the intelligence  collection  can be
                   produced by a vulnerability scanner tailored to individual networks with a SIEM.
               5.  Threat  Information  Sharing  -  Participation  in  threat  information  sharing  platforms  such  as  the
                   Cybersecurity and Industrial Security Agency’s Automated Information Sharing program and the
                   Cybersecurity  Incident  Response  Center’s  (CIRCL)  Malware  Information  Sharing  Platform
                   (MISP), which is also known as the Open Source Threat Intelligence  Platform (OSTIP) is highly
                   recommended.
               6.  Incident Response Training -Finally, prioritized training for SOC/NOC personnel that emphasizes
                   how  to  conduct  the  processes  outlined  in  the  Incident  Response  Plan  is  needed,  along  with
                   periodic  (monthly)  reviews  of  the  Vulnerability  Management  Plan  to  ensure  that  it  accurately
                   incorporates assets and addresses all vulnerabilities.



            New technologies  indeed bring advancements  in communication and computation.  But these advanced
            technologies  come with the warning that each newly connected  device holds an additional gateway for
            hacker entrance. Enterprises are facing new vulnerability challenges against the backdrop of inadequate
            IT protection.

            Cybersecurity professionals must automate network security using SIEM, rogue systems detectors, and
            vulnerability  scanners to identify potential threats. For organizations  lacking cybersecurity  personnel or
            the  necessary  monitoring/analyzing  tools,  highly-trained,  third-party  cybersecurity  professionals  can
            perform  all  these  preventative  threat  measures—often  at  a  lower  cost  than  one  highly-trained
            cybersecurity professional.

            Outsourcing cybersecurity responsibilities  to a third-party security provider is similar to outsourcing data
            storage and processing to a cloud provider. Both bring cost, scale, and expert knowledge advantages to
            the  table.  As  the  border  of  today’s  enterprise  networks  continues  to  creep  beyond  the  confines  of
            corporate walls, more skilled cybersecurity teams and advanced automation tools are needed to mitigate
            risks and diminish attack surfaces.












            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               50
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.