Vulnerabilities are lurking everywhere inside and outside enterprise networks. Security professionals know well that the question isn’t if a security incident will happen, but when, especially as their company’s attack surface continues to become more complex.
Some of the security staples organizations should have include endpoint security, network architecture security, email security and cloud security, each of which is described in more detail below.
Endpoints have expanded out from the desktop to mobile to the IoT and IIoT. Of those, IoT/IIoT security are the least mature because they’re relatively new, but it’s an essential part of end point security. IoT manufacturers have prioritized time to market and product features over security while the IIoT may be prone to physical tampering as well as cyberattacks.
More traditional endpoint security elements include:
- URL filtering to prevent employees from visiting potentially malicious websites.
- Antivirus solutions which scan files for viruses and malware.
- Endpoint detection and response which monitors traffic flowing to end points including applications, files and malware.
- Endpoint encryption which encrypts data stored on the device.
- Patching to remediate known vulnerabilities.
Perimeter security is the most mature of all the security categories. However, as enterprises have learned that a perimeter firewall won’t keep all bad actors out, though it’s a necessary element of defense.
Other perimeter cyber security measures include:
- A proxy server that sits between the users and the Internet which encrypts data in motion, blocks access to certain web pages, changes the user’s identifiers and provides firewall and web filtering capabilities.
- An intrusion detection system that detects suspicious activity.
- An intrusion prevention system that automatically senses and defends against attacks.
- A DMZ that separates the perimeter from internal and external networks.
Network Architecture Security
Two basic things are necessary to ensure network architecture security: A detailed understanding of network architecture (devices/equipment, network protocols, topologies) and a framework which specifies both technological and non-technological elements including policies, standards, security controls and incident response protocols.
Here, capabilities should include:
- Asset discovery to understand what makes up the network and is connected to it.
- Identity and Access Management (IAM) to control users’ access to assets.
- Network monitoring to identify anomalous behavior.
- Security configuration management to identify misconfigurations, ensure proper configurations, and expedite remediation.
Sadly, email is one of the easiest ways to infiltrate an organization. The recent Microsoft Exchange hack is just one example.
An email-based breach may involve social engineering, phishing, spear phishing or malware. Some of the necessary email security capabilities include:
- A secure email gateway that monitors messages for anomalous patterns and blocks suspicious traffic.
- Encryption to keep messages secure.
- Spam filtering to reduce the volume of potentially malicious messages.
- URL blocking to prevent traffic flowing from specific sources.
- Attachment scanning to minimize embedded threats.
Many organizations have concluded that cloud is more secure than their own data center. However, cloud environments are not inherently secure. While basic cloud services may provide minimal security protection, additional value-added services and solutions are required. In fact, cloud providers have a shared responsibility model because customers may inadvertently compromise their own security such as misconfiguring an AWS S3 bucket, for example. Capabilities from cloud providers and third parties include:
- Cloud perimeter security which protects cloud environments.
- Cloud workload protection monitoring which identifies misconfigurations, issues notifications about misconfigurations and identifies compromised/malicious data.
- IAM to prevent unauthorized access to cloud resources, applications or data.
- Monitoring (users, devices, cloud resources, applications, compliance, threats).
- Encryption and key management.
- DDoS protection.
- Incident detection and response.
Cross-Functional Collaboration and Training
Finally, good cyber security hygiene requires friendly collaboration and training. Some security professionals make a point of talking with organizational leaders and department heads to understand their goals and the technology they think they’ll need to reach those goals. That way, security can be designed into deployments rather than an afterthought. To succeed with this type of collaboration, the security team lead must be seen as an enabler instead of an obstacle.
More fundamentally, everyone in the company should have basic cyber hygiene training since security is only as strong as its weakest link. Such training should include:
- A basic overview of security policies and why they exist.
- Common methods hackers use to breach enterprises (phishing, spear phishing, social engineering).
- What’s expected of employees as individuals (passwords, downloads, use of company-owned tech, vigilance, etc.)
- Overview of tools the organization uses which could impact employees’ privacy such as behavioral monitoring (work with HR and legal on this).
- The consequences of non-compliance with security policies.
- Whom to contact with questions or to report potential issues.