Identify, determine, and prioritize.
That is the risk we take in a digitally connected world. Cybersecurity is all about the management and mitigation of risk. That starts with identifying where risks lie, determining which risks are worth accepting, and prioritizing the risks to mitigate.
Every enterprise is exposed to attack avenues.
The biggest avenue is your internet connection, but singularly focusing your efforts to defend this gate would be a mistake. There are many avenues into your network, and that number has vastly increased with the growth of remote work. Remote work architectures represent a large attack artery that companies must contend with. For instance, remote access solutions now offer remote users to copy and paste between their consumer grade laptop and their on-premise corporate desktop. These small but permissive attack avenues are but one example of how challenging it is to secure an IT estate.
1One layer would be an email security solution that would eradicate phishing attacks that target user inboxes. Of course, no email security solution is failsafe, which is why another supplementary layer is an educated user that can identify a suspicious embedded link or attachment and know not to click on it.
2Another layer would be an enforced configuration policy that denies access to removable drives, preventing users from transferring infected files using USB sticks.
3Organizations should also consider bringing their firewall inside the organization. Rather than treating the firewall exclusively as a perimeter tool, additional firewalls can be strategically placed to segment, analyze and scrub traffic crisscrossing VLANs or traveling between sites, thus creating more security layers.
Remoting into the server that hosts backup solution
Joining backup system to Microsoft Active Directory
Installing backup software on virtual server
Relying on passwords to protect log-on processes
Read Full Article
The effectiveness of multiple security layers to mitigate ransomware threats is further augmented if these layers work together.
For instance, a user decides to download a file from the internet that contains malicious code. Because the code is part of a zero-day attack that is part of a zero-day threat, the firewall mistakenly lets it through. That’s why you have an EDR client serving as another layer that detects something isn’t right about the file and contains it. While the immediate threat has been avoided, the containment doesn’t deter other users from downloading the file. This means the battle might be fought a thousand times, increasing the chances of a successful infiltration.
But what if……the EDR sent the file to a sandbox where it was detonated and identified as malicious? The sandbox could then forward the code signature to the firewall where it then blocks it from that point on, preventing anyone within the organization from downloading the code ever again. Under this scenario, the EDR clients work as sensors, digital sentries that alert central command, ensuring that the battle only be fought once.
That is the power of layered security working in unison under a united front!
