I Actually Don't Like The Phrase Best Practices Too Often In Security We Want To Abide By Best Practices But Who Decides What's Best And If Something Is Best For One? This Is Susan Bradley For Cso Online Best Practices I Actually Don't Like The Phrase Best Practices Too Often In Security We Want To Abide By Best Practices But Who Decides What's Best And If Something Is Best For One?
Is It Best For Your Firm So Often, We Don’t Take The Time To Analyze What We’re Protecting To Ensure That We’re Protecting It As Well As We Can, So I’m Going To Go Over Some Things That I’m Going To Call Minimum Practices Number One two-factor multi-authentication is now, in my opinion, more secure than two two-factor or multi-factor authentication. Many will argue that the goal here, especially in the short term, is not perfection but rather to be secure enough so the attacker passes you by and moves on to the next victim, but I would argue that the goal here, especially in the short term, is not perfection but rather to be secure enough so the attacker passes you by and moves on to the next victim. When You Get To The Second Tuesday Of Every Month, You Want To Look Around At The Patches That Are Being Released From All Of Your Vendors And Say Okay Which One, Of These Impact A Public-facing Thing Whether It's A Application A Server Even A Device A Network Hardware Think In Terms Of Vpn Devices Again Think In Terms Of How They Can Get Inside Your Environment And Prioritize The Patches For Those Those Vulnerab When You Get To The Second Tuesday
You must be more knowledgeable about your surroundings than we are.
Take a look at the Att Attack navigator view to see how they might be able to get inside your company, and think about it again. In Terms Of How Attackers Are Targeting These Days And How They're Getting In And What You Can Do To Change Things And Protect Yourself Better You Want To Look At Office Macros And Scripting Controls I've Said This Before Not Everyone In Your Organization Needs, To Have Office Macros Enabled So Identify Those People In Your Environment That Need It And Those People That Don't And Disable Macros Where Needed 1 Deployed; consider upgrading to Powershell 7 or 7a, which was recently released. 1 Passwords (And I’m Not Just Talking About Passwords That Gain Access To Your Environment) You Need To Consider Where You’re Storing Passwords For Applications We’ve Seen Passwords Stored In Github Repositories Too Often We’ve Seen Passwords Stored In Github Repositories So You Want To
Make Sure That When Developers Build Custom Deployments For You, They Do So In A Proper Way Hashes Salted Not Storing Them Make Sure That They're Trained To Handle Those Passwords Appropriately They Shouldn't Be Stored In Plain Text And Certainly Shouldn't Be Put In A Public Repository Microsoft Has Already Put In Something Called Secret Scanning That Scans Through The Publ That's Not Put Up There Don't Overlook The Tried And True Firewall Many Times We Don't, Put In Proper Ingress and Egress Rules Take The Time To Review To Understand What's Coming In And Out Of Your Environment And Put In The Appropriate Rules Next You Want To Make Sure You Have Proper Ingress And Egress Rules Take The Time To Review To Understand What's Coming In And Out Of Your Environment And Put In
Have Logging, And If You Haven’t Deployed Sysmon In Your Environment And Aren’t Storing Those Logs Either In Splunk Or Microsoft Sentinel, You Should Make Sure You Pull Those Log Files. Off and store them; you’ll need them at some point. Also, make sure you understand Sysmon and deploy it. It’s not the best, but it’s the bare minimum. How many are you doing right now? How can you improve? We all need to do better because the attackers are getting much better than we are. Until next time, make sure you subscribe to the Idg Tech Talk Youtube Channel.