Securing increasingly complex network infrastructures requires smart investments and organization-wide commitment. Ron Gula, CEO of Tenable Network Security recommends that security teams boil down these efforts into five core cyber controls, all of which tie to breach containment. This creates an easily articulated framework for getting buy-in from executives, board members and other stakeholders.
1. Embark on Asset Discovery
Know all your assets to defend them. For breach containment purposes, IT teams use discovery data to analyze attack vectors, such as mobile apps that aren’t getting patched or cloud services purchased without IT approval.
2. Implement Vulnerability Management
This can cover everything from securing custom web apps to hardening desktop configurations. For example, an organization may have 1,000 notebooks. And, it’s likely they’re configured the same way. Therefore, if attackers exploit vulnerability on one, they’ll probably get to all of them.
3. Kick Off User Discovery
This process ensures that users have proper access privileges. An IT shop can patch all systems and have the best security controls, but it won’t help much if the wrong user has administrator credentials.
4. Institute Strong Security Controls
These can include logging, firewalls, antivirus, intrusion protection, sandboxing, application whitelisting and endpoint forensics. For auditing and other purposes, a security team should be able to conduct an automated check of every system for the presence of security technologies.
5. Roll Out Continuous Monitoring
Organizations can do everything by the book and still get breached. To minimize risk, they should continuously scan for malware, exploits and suspicious user behavior.