We are facing an epidemic of cyber-attacks that threaten our vital supply chains for food and energy, steal military and government secrets, and rob American businesses of our intellectual property. More than ever, it is vital that organizations are applying foundational information security principles, and continuously adapting to new and emerging threats. I know it goes without saying, but to state the obvious, security controls must be applied in layers to be effective and resilient.
I hope these nuggets of experience are helpful to your organization.
Segmentation of systems, applications, and data helps to slow down attackers, hinders lateral movement by threat actors, and reduces the scope and impact of a successful intrusion. Consider using honeypots, canaries, and intrusion detection systems to catch threats in your environment early in the attack chain.
Managing, monitoring, and auditing privileged access reduces your exposure to threats like credential sharing, compromised accounts, and privilege elevation attacks. Implement the principle of least privilege as broadly as possible across systems, applications, and data environments.
Technologies like XDR, SIEM, and SOAR give you the ability to see and respond to cyber-threats across multiple elements of your environment like email & messaging, network, cloud, SaaS applications, workstations and servers.
Implement a standardized set of controls such as the CIS Controls and make it a business priority to measure your adherence, track and correct findings, and improve your security posture and risk management practices continuously.
Proactively conduct PenTesting and Red Teaming to uncover, validate, and correct weaknesses in your environment. Use a “Purple Team” approach where your offensive (Red) and defensive (Blue) teams collaborate and help each other improve. Do this on a frequent basis.
Configure your network firewalls to only allow inbound and outbound traffic that has a legitimate business purpose. One mitigation for the recent Log4Shell exploit was a simple firewall egress policy that prevented outbound LDAP traffic. Incorporate the attacker’s mindset as you design your firewall policies and your other security controls.