I have been assessing the security postures of organizations for years. As time has passed, the technology has improved, the attack surfaces have grown, and business have adapted to more advanced threats. Conversations about safely enabled applications are now peppered with orchestration and automation tutorials. Discussions on gaining total visibility now yield introductions into strategies to increase the signal through the noise. Yes, integrating technologies, using machine learning and “artificial intelligence” products can increase effectiveness in detecting and preventing advanced threats.
But what I find in most cases and what has not changed over the last two decades is that many organizations have challenges implementing the basic but critical security measures. They will spend thousands on the latest appliances and endpoint software. Yet, they have no policing between internal network segments if segmentation exists at all. The identity protection strategy is limited to users changing their passwords every 90 days, and anyone with a domain name can log into any workstation or server in the environment onsite or remotely.
Don’t get me wrong, the basics are easier said then done throughout an entire organization. Identifying and managing sensitive data is a bear to get under control. Organizing and inventorying hardware and software assets is challenging. Let alone, continuously identifying and patching vulnerable systems no matter where they reside. However, the basic security controls are the table stakes. Knowing and implementing the these controls should be a priority for your organization.
Given that even the basics are challenging to deploy organization wide, start with identifying where your critical data resides. Limit access to it with need to know policies and use the appropriate fundamental controls to protect it. Controlled use of administrative privileges, inventory control, vulnerability management, secure configuration standards, log aggregation. These are some of the rudimentary controls that provide for effective attack mitigation. The broccoli of cyber defense if you will. A bit boring compared to supervised and unsupervised machine learning enabled threat detection, but necessary.
Jimmy can get the shiny new toys to make him more effective in some aspect of security but only after he eats his broccoli, or he won’t see the forest for the trees.
Reading time: 120 seconds