The IT industry has a constant stream of sales waffle and acronyms for the latest and greatest technology. Whether it's Next-gen Firewalls, CNAPP, CSPM, EDR, XDR etc we're continuously bombarded with solutions that will solve not only our security posture but also world peace.
Now don't get me wrong, I absolutely support and encourage businesses to implement solutions that help reduce risks and protect them from the ever growing threat landscape. But it's also important to understand that all of these solutions are only part of the complicated puzzle of maintaining a good level of security.
What do I mean by that?
Before you go down the route of getting all fancy with new tech, have you actually got the fundamentals in place yet?
Identity Management
Do you have a good process for Joiners, Leavers & Movers?
Do you know where all your identities are?
Do you regularly review user & privileged accounts?
Do you enforce a good Mult-factor authentication system that is also phishing & smishing resistant?
Can you quickly remove someone's privileges in response to an incident?
Endpoint Security
Can you 100% demonstrate that all endpoint devices have up to date & working Antivirus?
Do users have local admin privileges?
Can you perform vulnerability scans on the operating system and applications?
Can you identity applications that shouldn't be installed?
Do you apply regular operating system and application updates?
Can you deploy updates in the event of an emergency?
Network Security
Do you have a full grasp of network traffic inbound & outbound?
Do you have IPS or IDS?
Do you logging in place?
Server Security
Got a gold build in place to ensure all new servers are configured using an agreed standard?
What about vulnerability management?
How's your antivirus coverage? Is it up to date?
How's your access management?
Think like a Malicious Actor
Say what now?
Don't just put security tools in to tick a box. Are you implementing them to address a specific risk? Are there any additional configurations you can make to further secure systems from a hacker or insider who wants to obtain unfettered access or perhaps install ransomware. Keep up to date with the latest trends and see how they correlate to your own environment. Pro-active security is still fairly rare, but worth every penny you can invest in it.
I won't bang on anymore, but you get the idea. All of these tasks require a good level of knowledge and maintenance on a daily basis. So before you even think about getting lulled by a fancy sales pitch, ask yourself some of those questions above and have a think about where you're currently at.
If you're reading this and you're not in Security, please also have a little consideration for your Security Team (InfoSec, Operational & Assurance) as they're under a great deal of pressure to keep the business protected at all times.
Good security isn't a simple A to B trip It's a continual journey of self improvement, through awareness, training, monitoring, tweaking, reporting, risk management, future road maps and more.
If you'd like to discuss your current challenges, I'd be more than happy to help, just reach out via the contact page!
Comments