Cyber Security News & Current Events

Security Fundamentals - Part 1: Do this before buying the next security product

Posted by Tim on 24/11/2016 8:50:00 AM

A common theme amongst many engagements and discussions are “we are having issues maintaining control over our environment what products can solve this problem for us”. Questions like this are tackling the problem by jumping to a solution without identifying the cause and they can usually be addressed without buying a new security product.

Consideration prior to purchasing more cyber security productsImproving information security maturity requires strong foundations to be effective and strong foundations will ensure tools can be implemented correctly to utilise their full potential.

The Center for Internet Security (CIS) publish a list of the Top 20 security controls, which are prioritised list of controls to implement to improve an organisation’s information security maturity level. The first two items on the list relate to hardware and software inventory, which is the most important foundational aspect of securing the information technology environment.

System inventory is so critical because it is very difficult to secure an environment that is unknown and uncontrolled – how does someone secure something they know nothing about? For example, how will your new automatic patching product work if you don’t understand the system it is patching and the risks involved. The most likely outcome will be the new patching tool will be put into manual mode and the value of the new tool is diminished.

The other issues with poor inventory management are systems not getting patched because the administrator did not know they existed, increased operational costs through management of assets that are not required, and systems being exposed to the Internet when they shouldn’t be.

When the information security system is well known and understood, security risk can be significantly reduced by applying basic hardening, decommissioning unused services, patching, migrating unsupported services and removing unrequired public access from internal assets. Discovery of the environment can be done using a combination of interviews with various departments and free scanning tools.

This article has just touched on the crucial first step of improving information security. If this step is done well, the following steps to improve will become significantly easier.

 

Related:

Security Fundamentals - Part 2: Managing Hardware and Software Assets

Security Fundamentals - Part 3: Controlling Admin Privileges

Topics: Fundamentals

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe:

Recent Posts