Being prepared for any eventuality by understanding the controls required to develop your own agenda are essential. You must see the need for battle if you wish to develop your own cause on any level, but you should not fight the battle if you cannot foresee winning the war.” - Sun Tzu, The Art of War
At the latest security industry meeting I was in attendance for, I was shocked by the defeatist attitude and overall scaremongering tone used by most of the participating security practitioners. Given the negative nature of the atmosphere and conversation, you would have thought performing any information security was a waste of time because ‘attackers have already infiltrated everything’. The situation reminded me of a line Dante used in Divine Comedy: “Abandon all hope ye who enter here.”
This attitude and perspective frustrates me quite a bit. It frustrates me even more when my peers use this type of tone in an attempt to increase interest in cybersecurity. Yes, it is true that attackers are getting more and more persistent. However, it is also true that we keep making the same mistakes. Small things like missing patches, default passwords, and poorly configured applications pushed out on the public internet are what is allowing bad actors to infiltrate time and time again. Practicing simple cyber hygiene can significantly increase overall security posture, making the likelihood of attack significantly lower.
Most of the basics in cyber hygiene address preparedness, but what about defense? These days, most firewalls now feature various types of advanced malware protection and deep packet inspection. The use of standalone Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) significantly decrease the likelihood of an attacker getting through your perimeter.
In your network, effective segmentation using virtual local area networks (vLANs) with appropriate access control lists (ACLs) make it extremely difficult for an attacker to pivot from a compromised system to deeper into the enterprise.
Security can be delivered by practicing situational awareness through the use of tools like NetFlow, log analysis, and system reporting. These tools act as an aid in alerting administrators of malicious activity when fed into advanced security information and event management (SIEM) systems. Many of these systems leverage machine learning to alert defenders before the attacker is ever even close to being successful.
The key takeaway from this post is understanding that cybersecurity is a battle we can win by using a layered defense strategy that applies machine patching, system hardening, network defenses, and user education. As always, if you have any questions feel free to reach out by emailing me at firstname.lastname@example.org.
Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution, visit www.automox.com/signup.