October is National Cyber Security Awareness Month. This month is a great opportunity for us to educate those that may not have the expertise or experience. Some of the basics that we take for granted – everyday items that we do by default – are game-changers for organizations that don’t have the expertise in-house. In observance of Cyber Security Awareness Month, we’ll be producing blogs to cover some of the small things that can make a huge impact.
As a primer for next month, we want to start with keeping it simple. Sometimes big spend isn’t the fastest way to reduce risk. Checking boxes for your compliance audit doesn’t mean you have the right configuration or architecture in place for your business need or risk profile. Taking a 30,000’ view of your strategy for implementing security and IT products will help save your budget and reduce your risk at the same time.
Security is a very broad term. Even the word cybersecurity encompasses a lot of different topics today. With the explosion of digital transformation and cloud services, cybersecurity affects a much wider array of environments now than it used to. But that doesn’t mean you should abandon some of the foundational pieces of security to protect your environment.
Network Security Products
With hundreds of different network security products on the market and even more vendors for each product category, it can often be daunting to figure out how to secure a network. But it all starts with the basics. If your overall network architecture isn’t built outright or you don’t have a firewall protecting your network, then an advanced product like a Sandbox or SIEM or Threat Feed or Cloud Migration isn’t going to help. Oftentimes, we get caught up with the newest buzz-worthy product or service to help ensure we are secure when there are much easier ways for threat actors to infiltrate a network.
Advanced security products like sandboxes and SIEMs have a huge impact on securing various environments, and they are great options to go with when you are ready. But if you aren’t doing the basics to ensure you are protected, then those products won’t do much good to prevent a breach from happening.
All too often we see customers looking at items that are great products, but just don’t make sense to implement with their current security posture. If a router with ACLs is in place as an edge device and unlimited RDP access open to internal servers in an environment without any other security features, then it is more important to consider a firewall and VPN solution rather than a Sandbox or SIEM.
Starting with the Architecture
Even the architecture of an environment can make more difference than a specific product. It is always good to review a network and ensure it is architected in the most secure way prior to migrating to or adding a new product into the network. Step back and think about what may happen if there is some sort of malicious attempt on a specific device. If a device is hit with a virus, will it propagate to other networks? What impact could ransomware have? Who else will be impacted by malware on a single user’s laptop? These questions are important to ask.
Secure environments start with the simple things. Is the architecture favorable to security? Does all traffic flow through a firewall before getting to a different network? Are your wireless networks segmented from each other and from your internal network? Do you have Antivirus and IPS configured between all of your VLANs? Are you seeing all traffic coming across your VPN tunnels? These are great places to start, and when you feel confident that the basics are covered, then move onto the advanced products to help prevent zero-day attacks and help correlate logs between all devices.
This isn’t to say that advanced products won’t help improve your security. There is a very big opportunity to plug specific gaps in every environment with each of these products. This is especially true in organizations with a robust, mature information security program. To use an old and tired cliché, adding an alarm system, cameras, and a guard dog doesn’t do a lot to increase the security of your home when you leave your doors unlocked. If you don’t have a robust and mature security program, maybe it is better to take a step back and find the open doors in your existing architecture.