Defense

I chose these words on purpose, I don’t think keeping environments secure and working is easy. I don’t think anyone has all the answers, even with massive budgets large organisations fail to keep their data and systems secure. But I do know that by doing these activities we can massively change the game when compared to the security posture of an organisation compared to organisations that don’t do this! So, I thought I’d share some of the things I do to try and keep on top of environments cyber heigine. But to start let’s think about the kind of questions are we looking to answer:

  • Do we have any new risks? (identify)
  • What have we blocked? (protect)
  • What have we seen? (detect)
  • What have we had to do? (respond)
  • Are we resilient? (recover)

Now the whole domain of cyber is complex, and they are for sure not the only questions, however it gets you thinking about what your cyber DNA looks like.

To show how I personally tackle some of these here’s some of the activities we put into a security operations practise:

  • Vulnerability Scans
  • Conduct attack surface reviews
  • Password Audits
  • Security Event Reviews
  • High Privileged Access Reviews
  • Backup Restorations
  • Traffic Flow Reviews
  • Threat Awareness (I read the cyber news and threat intel)
  • Hunt the hunter (Purple team exercises)
  • The “can I get to restricted content test?”
  • Review DNS events for known or potential threats
  • Review web content filtering logs/reports
  • Review mail filtering logs/reports
  • Review firewall rules
  • Review malware detections
  • Vulnerability Review
  • Patch Deployment Review
  • Review Risk Register
  • Deploy decoys, canaries and honeypots
  • Review breach data
  • Pentest as an activity rather than as a project
  • Check certificate expirations
  • Find things to monitor that I’m not monitoring already
  • Patch as much as possible (be realistic I check orgs and no one patches everything, i don’t care what they write on the compliance forms)

I’ve not even touched on regulatory compliance and other areas that are required. Keeping on top of cyber hygiene alone is NOT an easy task, let alone keeping an environment operational, fighting technical debt, and enabling business change.

I’ve explicitly written this blog in this style. I could talk about all kinds of technology and security management frameworks that most people don’t even have the time to learn let alone use. So brief and to the point, baking security into your organisation’s DNA isn’t a two minute job. It also must come with the realisation that it might not be perfect, but that’s not an excuse for not even trying. Small incremental wins go along way to ensuring your business can stand out amongst the competition, unfortunately it doesn’t seem to take too much to make you think you are head and shoulders above the rest (and no one likes a security blanket)! Hopefully organisations are taking head of the barrage of cyber incidents we see in the mainstream news these days, unfortunately from where I stand I can see things getting worse before they get better, but it doesn’t have to be that way. It just requires building some security into your technology management DNA!

Leave a Reply