You have identified and documented all your critical data and assets. (Read our last blog for this step.) Now it’s time to find the gaps that already exist in your security. Mind the cybersecurity gaps that could potentially allow intruders in your Network and Host.
If you haven’t heard this before, “Mind the Gap” is a popular phrase in London because it’s a warning to watch your step as you board the subway system, crossing the gap between the platform and the train. In our cybersecurity world, we’re using this as a warning as well – watch closely for the gaps that could hurt you.
Gaps in your security system could be vulnerabilities you are aware of OR security weaknesses you have yet to discover. In either case, it is worth taking the time to look for and shore up these vulnerabilities. A proactive approach saves time and energy in the long run. One gap can allow access for an attacker, and then they may then gain access to other critical data or your entire network. Mind the cybersecurity gaps.
Network Event Logs
Know what’s happening in your network – use AND REVIEW event logs. Event logging provides a standard, centralized way for applications (and the operating system) to record important software and hardware events (as defined by Microsoft).
Event logs allow the tracking of actions and users, and reviewing these gives you a baseline for normal behavior on your network. This means that, if and when irregular activity happens in the future, your security team is more likely to detect the action and its location quickly. Closing this cybersecurity gap can save hours of work and thousands of dollars in mitigation of security breaches.
“Network visibility gaps in enterprise environments allow attackers to migrate, or move, around a victim’s network. Once you identify that network segment, work on network visibility to and from that space.” (David Evenden in PenTest mag)
When an attacker can migrate or move throughout the network, this is called pivoting. Once access is gained to one section of a network, sometimes it allows for further access to critical infrastructure.
Next up – how well do you know your Host? The Host is your physical hardware and has a number of potential cybersecurity gaps you need to close.
Start with antivirus. This is a very bare minimum for any machine or device. Next, follow these steps to increase your security maturity.
Lock down the host firewall. No access should be allowed without express permission.
Properly configure the host antivirus. Make sure to review every security setting and adjust where needed.
Check remote connections to & from hosts – are these still secure?
Review child processes and orphaned processes. Especially if you are in a company that has not updated processes for any length of time.
Use legitimate process slack space. Check for data that may have been inadvertently stored.
DLL hollowing and process injection. Has any malicious code been inserted in your processes?
It can be difficult to decide where to start. This is why your asset list is so important. If you have prioritized what is most important, you can start with the steps that apply to those items FIRST. Address the vulnerabilities you have identified in order of their probability and potential impact.
You're well on your way! Keep working on these steps to mind your cybersecurity gaps, and follow along with us for the next and final blog in this series.
For more, read David Evenden's article Increasing Your Security Posture at PenTest Mag.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.