You probably hear a lot of talk of cyber hardening and cyber resilience. Though you know it’s time to put your shields up and tighten defenses, you also may be weary or confused about what to do next. How can CISOs and business leaders keep up with so many threats and changes in the cyber world? Here we narrow it down to three basic cybersecurity needs for your business.
These needs are based on the list of important mitigations in CISA’s recent security alert. In short, the entire list can be achieved with these steps: (1) Start with a Managed Endpoint Detection and Response (EDR) system, (2) leverage Group Policy Object (GPO) settings, and (3) use API (application programming interface) integration through the EDR.
1. Managed EDR (Endpoint Detection and Response)
A good EDR will automatically handle many of the recommendations on CISA’s list. It can provide visibility into what is happening in your network devices, prevention of intruders, testing and scanning for security gaps, and automatic software updates and patches.
Visibility for endpoints – see what’s happening in all your network devices.
Intrusion detection/prevention – it’s best to keep intruders out from the beginning.
Penetration testing – tests your network to see if it will defend itself.
Vulnerability scanning – finds vulnerabilities across the network.
Cloud service provider monitoring tools – to detect abnormal activity.
Upgrade software – to keep security as current as possible.
Install patches – to fix known bugs or vulnerabilities.
Antivirus – to defend against malware.
For help with choosing an EDR solution, review this excellent buyer’s guide from Red Canary.
2. Leveraging GPOs (Group Policy Objects) to implement security rule sets
Group policies on your network allow you to configure and monitor the settings for who has access privileges, how much access each user has, and how they get to it. This includes settings for the path users take and ensuring they are in compliance with network policies. Use GPOs to define specific access controls.
Each of these goals may require multiple GPOs:
Define security settings – ensure settings are appropriate from the beginning of network installation, to meet the needs of each user’s role (but do not grant more access than is actually needed). For example, prohibiting a user from use of an RDP, requiring a certain complexity for passwords, etc.
Control access – use Zero Trust or Dedicated Trust settings to prevent malicious actors from entering the network.
Credential hardening – set up secure access procedures using MFA (multi-factor authentication), require strong passwords, and then set up monitoring on the network for compromised credentials.
Centralized log management – a GPO can be created to configure the vehicle that will be used to send logs to a centralized log management location. Ensure that log files record enough information to be helpful in a usable file format, and implement alerts for suspicious login attempts. Create policies and procedures for storing and securing log file data.
Configuration management – a GPO can be used to perform configuration management as well. Be sure that internet-accessible devices are secured with a firewall, network segmentation, and/or domain controllers. This needs to be assessed regularly.
3. API integration through EDR solutions
On top of your Managed EDR, it’s important to ensure the visibility and health of the entire network. This is where an add-on API (application programming interface) becomes important. An Automated Security Operations Center (Automated SOC) will connect all the elements of your security in one place and provide a full holistic view of the network – including asset management, patch and vulnerability management, monitoring and response, and threat hunting.
In order to maintain a full holistic view, you need to be able to view the software installed, what is the most recently deployed and available version, and whether the update/patch is installed. If the update/patch has not been applied, you can force the update. This can all be done via the APIs used with an EDR.
In just one API you can: employ detection tools and search for vulnerabilities, maintain rigorous configuration management programs, and initiate a software and patch management program.
This is GREAT news: you don’t have to do the individual steps on CISA’s list separately! It can all be accomplished through one API. We are leading the way with our Automated SOC – when it is layered on top, your EDR solution can handle everything you need for the best possible cybersecurity.
Keep up the good work! If you are taking these three steps, your organization is headed in the direction of increasing cyber maturity.
We are available and ready to help when you need us. Send us a note if you’re not sure how to meet these three basic cybersecurity needs, or if you need some additional support for your team. There is no obligation with our free consultation.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills.
We set the standard for cybersecurity excellence.