Originally Posted by Infosecurity Magazine – via infosecurity-magazine.com – January 25, 2021
Recent high-profile data breaches, such as the Fireeye attack at the end of last year, present a hotbed of opportunities for cybersecurity experts and enterprises. It is time businesses and security experts take cues from these exploitations and secure their systems and infrastructure against such nasty incidents.
First things first, as a part of their risk assessment plan, organizations ought to conduct penetration testing; i.e. ethical hacking, pen testing or white-hat hacking, when building enterprise applications and network systems. Penetration testing is a type of security assessment that tests a network, system or software application to find security loopholes or vulnerabilities that the attackers could exploit in future. The scope of pen testing can vary from single web-application penetration testing to a company-wide or full-scale pen testing, aka adversarial simulation or red-teaming.
Next, organizations and security personnel ought to continue what they are already doing i.e. managing patches within the stipulated timeframe, conducting code reviews before going live, fine tuning, patching vulnerabilities, etc. to have a robust alerting and threat intelligence infrastructure for their IPS/DPS firewalls and manage their critical assets sensibly to contain such breaches and curb risks.
Benefits of risk assessment are manifold. It not only helps you to plan patch rollouts in a better manner, but it also empowers you to lay down policies and architectural modifications to enhance subsequent patch deployments and your overall network security infrastructure.
Remember that each system that you skip to remediate in a given cycle is a looming threat to your business and assets. It can be an employee’s home PC or laptop connected through a VPN or a developer’s server that is connected to a production environment. The whole point of patch management is to get as close to 100% as you can.
Know Thy Endpoints
Devices and endpoints that are intermittently connected to a dynamic network including laptops, mobile devices, BYOD, third party vendors and contractor servers, etc. These account for most of the systems that security experts and businesses tend to miss when it comes to network scans and conducting patch deployments. Bringing them under risk assessment scans will not only improve your coverage significantly, but will also enable deployment of endpoint security tools and products to scan these devices against security policies and regulatory compliance rules before allowing network connections.
Key aspects of cybersecurity hygiene are as crucial as ever, which is staying updated, having an in-depth and emergency incident response and defense system and educating end users to report any suspicious or malicious events immediately.
Recent high-profile breaches unlock an opportunity for cybersecurity experts to reassess malware research and detection tools/rules and rethink about the behaviors, techniques and tactics being exposed instead of just detecting the tools, as it would help security experts understand and learn from the style of exploitation and targeting as carried out by the attackers.
It would not be a tough nut to crack for the attackers to alter the leaked toolsets when it comes to evading detection rules if they wanted to. Therefore, detecting the techniques used by the attackers instead could prove a game-changer.
It is pointless if you are breached to only find out about it a year later! Therefore, businesses need to have an advanced/intelligence threat detection and emergency incident response mechanism in place to immediately detect and respond in reasonable amount of time to minimize the impact significantly. This greatly helps to boost a company’s overall resilience to novel and sophisticated attacks.
It is advisable to employ the right mix of resources and skillsets for 24×7 operational administration and cybersecurity monitoring of IDS/IPS technology and next-generation firewalls. Managed security service providers can provide round the clock protection by leveraging advanced threat intelligence and incident response tools such as the Firewall Intrusion Prevention System (IPS), Web Application Firewall (WAF) Tools and other toolsets to help you manage network access and distribute, protect, and monitor network services efficiently 24×7.
Backed by proactive and reactive practical goals, a managed security service provider (MSSP) can help you prevent cybersecurity incidents in the nick of time, monitor as well as detect potential intrusions/breaches, identify backdoor/security loopholes, perform emergency incident response rapidly, provide actionable security analytics and create situational awareness.
The prime objective of a modern cybersecurity program or model ought to be managing and taming the risks before they turn ugly. The key is to brace and equip yourself to tackle such incidents in an efficient manner and minimize the impact to the organization. It’s time businesses and cybersecurity experts get ahead of the threat. A data breach is every organization’s worst nightmare. Instead of distressing about it, businesses and security experts ought to take the time at hand to assess their security infrastructure and leverage advanced threat intelligence and intrusion to protect their assets from the menace of cyber-threats.