This is Part 13 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.
If you search recent cybersecurity news it's easy to find the threats that keep your CISO awake at night. While there are many, a short list is:
- Ransomware
- Phishing attacks
- OT (operations technology) threats
- Insider threats
- Supply chain attacks
However, it's quite a bit harder to find articles discussing defenses against these attacks, so let me help out by offering a select set of security best practices that, if properly deployed, should help your CISO sleep at night.
Architecture
- Use vendor provided or industry standard security architectures (see 'well architected framework' and 'zero trust') and controls (e.g. NIST 800.53) to understand and build good security solutions.
Inventory
Build a comprehensive asset Inventory, which should include:
- Endpoints: Defender for Endpoint/Server
- Cloud resources: Defender for Cloud
- Storage
- Applications
- Network
- D4C Secure Score
Backups
- Prepare and test a backup/recovery procedure for all the above operationally critical assets.
- Include with your backup procedures a ransomware readiness plan.
Identity
Centralize and monitor identity access controls using features such as:
- 2 Factor Authentication
- Conditional Access
- Access Reviews
- Role Reviews
- UEBA
- SIEM
Secops
- Develop an effective monitoring and alerting process for all your critical assets.
- Constant testing, evaluation, and improvement is essential for a good Secops architecture.
DevSecops
- Automate the security controls for your developers using tools such as GitHub Enterprise for automatically scanning all DevOps related code.
- Protect all applications using a layered defensive architecture (firewalls, WAF, etc.).
- Perform regular pen tests, focusing on the most vulnerable points in your application.
Logging/Reporting/Alerting
- Collect all relevant security logs for all of the above critical inventory.
- Use a SIEM to detect anomalies and report on compliance controls.
- Create a variety of dashboards for better visualization of data.
Security Assessments
- Red/Blue/Purple Teaming.
- Vulnerability Scanning.
Data Protection
- Tag all data based on its level of sensitivity.
- Encrypt all sensitive data.
- Scan all media including email, and data.
EDR/XDR
- Protect all endpoints and servers. Modern EDR (XDR) communicates across several layers of defense so better insight across the entire attack path is possible.
Security Research
- Use a variety of threat intelligence services and research sites to understand the threat landscape and how it may affect your business.
- Use tools like Mitre ATT&CK and perform attack simulations to educate your SecOps team on how to tune defenses and how to react during an incident.
Cost Monitoring
Use reporting and analytics tools like Power BI or vendor provided reporting to present clear operational costs for security operations.
Summary
Defending an organization is not impossible. There are many key security tools which can actively protect your organization and every organization should understand the fundamental security architectures needed for effective security defenses. This will ensure not only a more secure environment, but that your CISO is well rested.
References
About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions.
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.
Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.
Compliance
All topics mentioned in this series have been mapped to several compliance controls here.
David Broggy, Trustwave’s Senior Solutions Architect, Implementation Services, was selected last year for Microsoft's Most Valuable Professional (MVP) Award.