A ransomware attack is estimated to occur every 11 seconds. Last year, the largest ransom ever paid (40 million dollars!) was issued by an insurance agency. Data breaches are occurring at a rate never seen before, and all this malicious activity is being monetized and turned into a business. Faced with these problems that are only getting worse, how do we maintain a secure environment and protect our assets?
The answer is vigilance and hygiene. We must develop and maintain standards that holistically protect our networks and infrastructure. There are some fantastic resources out there that have templates and guidance on how to do this and what you should be doing. Keep reading for a list of resources. First, let's go through the basics of securing your network:
Documentation and Inventory
Documentation is key to maintaining a secure environment. To know where vulnerabilities are, what needs to be protected, and how best to protect it we have in-depth documentation of the environment.
Hardware that accesses the network, software that interfaces with servers and end users, and the end users themselves are all key items we need to track and take inventory.
Documentation of these items makes them auditable, which is critical to this process. Review of these lists we have created allows us to identify outliers and malicious items in those lists.
Auditing and Review
Review your documented items for unwanted software, end-users that are no longer needed, and devices that are not known to the enterprise. Keep track of items you want to eliminate from the environment. The discoveries you make here will allow you to develop policies which will keep the environment clean and standardized.
Once you have the proper intel on the environment, you can begin to process those findings into policies that will keep you on track in the future. As you begin to build these policies, you will need to keep in mind that policies do no good unless they are enforceable and auditable.
This is where things get tricky! Out of box networks have lots of great tools such as Active Directory group policies to begin enforcement. But many times, you will find they fall short of a complete solution. This next list includes the key items you should consider when creating your polices.
Items to Consider When Developing Policies:
- Anti-virus and EDR Tools - The first line of defense. When that user makes a risky click, you are going to need a toolset to prevent and react to that malware that gets pulled down.
- Device Encryption - Physical and logical data access by an external party is easily prevented. Encryption of the drives you do business with is Security 101.
- Secure Remote Connectivity - Post pandemic, our workforce is increasingly mobile. You don't control the network your end user us on, so how do you prevent data leakage and malicious attacks from the end user network? VPN solutions, Remote Desktops, and SaaS are all options to consider.
- Endpoint Management - You have released a laptop to a user, how do you keep control of that asset? Some form of endpoint management needs to be in place besides physically tracking it down and wrestling your sales guy for it.
- Patch Management - Zero days are scary. That exchange server that hasn't been patched since 2019 is terrifying. Having a good patch management and vulnerability assessment program in place is critical to maintaining a secure environment.
- Network Protection and Monitoring - Since the early days of networking, we have utilized military lingo to describe how network security is approached. Demilitarized zones, attack vectors, and read teams are all examples of lingo cybersecurity and networking experts have used to describe the battlefields that is our networks. Protect it like you would in a battle. Perimeters secured, alarms set, guards everywhere, constant watch.
- User Authentication and Control - Multi-factor authentication, visibility of user activity, and frequent review of user access are simple to implement and critical to securing the environment.
- Physical Access and Data Destruction - Maintaining physical control of the data is just as important as controlling networks and servers. This includes properly disposing of the data after it's useful life. Block level formatting and disk destruction are two ways to control that physical access.
Free Resources to Help Secure Your Network
Cybersecurity and Infrastructure Agency
CISA is a government organization that is there to help you. They offer items like free vulnerability scanning for critical industries and government. Visit resources.
National Institute of Standards and Technology
NIST is another agency that maintains a cybersecurity framework that defines the essential controls and policies that need to be in place. Download their framework for a great starting point.
Asset Inventory Template
We have created this useful template to audit and record your asset inventory, document policies, company contacts and emergency contracts. Included is also a great list of more free resources and websites to keep on file for future use and reference. Download template.
Reviewing the list above can be intimidating. But all of these toolsets can make it much easier to maintain and manage. We have put together a suite of tools that can help ease the transition.
- Auvik - Network Monitoring and Inventory
- Acronis - Patch Management, Endpoint Management, A/V and Anti-Ransomware, Software and Hardware Inventory, Backup
- Zerto - Continuous Replication and Disaster Recovery as a Service (DRaaS)
- Darktrace - Network Based Security and Response, User Activity Management
- Carbon Black - Device Based Detection and Response
If you are interested in learning more about your Network Security, contact us to speak with a Net3 Engineer.