Do you know what is traveling in and out of your network? What kinds of information and files are crossing the boundary between internal protection and the outside world? It’s important to have strong defensive security and patrol your online boundaries with perimeter visibility and OSINT visibility.
These recommendations assume you have already taken care of the prior steps in this series: 1. Asking what you have to lose (identifying critical data and assets) and 2. Minding cybersecurity gaps (closing gaps in network and host visibility).
Watch Traffic for Perimeter Visibility
Perimeter visibility means you have identified threats coming at your network from outside. As we have mentioned in the past, it’s best if you are constantly monitoring so that you know what is normal traffic and what might be a red flag.
What are the red flags to watch for as you patrol your online boundaries? Here are some protocols and traffic that should cause you to ask questions.
Anomalies or significant changes in bandwidth.
Outbound DNS traffic not originating from your internal DNS servers.
Encrypted traffic on ephemeral (high numbered or uncommon) ports.
Inbound emails with known malicious or otherwise suspicious activity.
Traffic destined to known malicious domains.
If any of the above are happening, it’s time for more questions and some investigation. Why is this happening? Is it malicious or accidental? Is it a real threat?
Check What’s in the Public Eye
In addition to internal visibility, you need to know what is going on outside. Open Source Intelligence Tool (OSINT) visibility means that you know your exposed organizational footprint, including what information is publicly available.
When you know which pieces of data are easily found in the public domain, you can better prepare for possible attackers because you know what information they may already have about you. You also may have some clues about the motivations of cyber attackers, which will help you protect your valuable assets.
In this step, it’s also key to educate yourself about attack methodologies, both technological and social engineering. Knowing what information is available, how your online boundaries could be breached, and what attackers might be interested in is invaluable to your defense strategy.
How visibility fits in to asset management and protection:
Choose Your Strategy
Mitigation of security risks is an important task, which you can assign to your Security Team or hire a third party like us to handle.
Once you have your data and assets recorded, closed gaps where possible, and know your weaknesses, you can identify your ongoing risk better. This additionally helps determine your team’s people needs, budget, compliance steps, and how and where to close additional gaps.
Patrol your online boundaries. Take one step at a time. We’re here when you need us.
For more, read David Evenden's article Increasing Your Security Posture at PenTest Mag.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.