Don’t miss out on the rest of our What is Cyber Resilience blog article series! Explore our previous articles to deepen your understanding, gain valuable insights and recommendation about strengthening cyber resilience.
Cyber Hygiene
Cyber hygiene at a high level refers to the practices and measures taken to maintain health and security in an organization’s digital environment. This can include:
Patch management programs.
Implementing secure architecture
Correctly configured policies on security controls
Properly implemented policies related to cybersecurity
The result of good cyber hygiene usually makes you “expensive to attack” as an organization because an attacker has to spend a tremendous number of resources looking for a weakness to exploit to get in.
Poor cyber hygiene can lead to you becoming “cheap to attack” as an organization because attackers may have to perform trivial tasks to obtain a way into your organization.
- Organizations are getting compromised through internet facing vulnerabilities.
- Organizations are getting compromised through compromised credentials that are single factor
- Patch vulnerabilities for systems connected to the internet.
- Implement multi-factor authentication.
If you have been around in cybersecurity, #1-#4 are common sense; however, it answers the question “am I cheap to attack?” Using single factor authentication only and not patching critical internet facing vulnerabilities is a good indication if you’re low-hanging fruit for threat actors.
Beyond evaluating the threat landscape from sources of intelligence for what to focus on for cyber hygiene, it is good to evaluate your maturity on if you have good cyber hygiene. Organizations that prioritize cybersecurity and consistently implement best practices often achieve strong cyber hygiene.
Check out our Cyber Resilience ondemand webinar here to learn more…
Response
Microsoft emphasizes “how fast can you kick them out when they get in?”
We believe Microsoft is onto something here as well by emphasizing measuring Mean Time To Remediation (MTTR) as a key metric to detail how effective you are at eliminating attacker presence in the environment. A high level definition of MTTR is is your mean time it takes to remediate security incidents or vulnerabilities.
If you have a low mean time (which can be in hours, days, or weeks depending on if you are dealing with security alerts, security incidents, or security vulnerabilities) to remediate, you’re taking proper action fast. As a result, if you do identify attacker activity, proper remediation actions are to kick them out. That’s the first step.
Beyond the manual aspects of performing mean time to remediation, automating playbooks around remediation also exist. Proficio has worked with clients to automate response either around the isolation action or remediation action. The most common responses we’ve seen being network perimeter, endpoint, and identity. Each is unique and requires its own approach.
Here is our approach we have found with implementing automated remediation steps for each:
Type | Network |
Common Actions | Block IP, Block subnet |
Frequency of Actions | Frequent |
Common Situations of Action |
|
Effects of False Positives | Block legitimate activities such as business partners, business applications, customers, cybersecurity vendors, or employees. |
Value |
|
Type | Endpoint |
Common Actions | Quarantine Endpoint |
Frequency of Actions | Rare |
Common Situations of Action |
|
Effects of False Positives | Block legitimate activities of end users on endpoints. Block legitimate business activities of servers if targeted. |
Value |
|
Type | Identity |
Common Actions | Disable user, clear sessions, reset password with 2nd factor |
Frequency of Actions | Disabling User – Rare |
Common Situations of Action |
|
Effects of False Positives | Block legitimate activities of end users that own those accounts. |
Value |
|
Closing Thoughts
Some vendors offer robust cyber resilience strategies that can assist with a cybersecurity management strategy.
For cyber resilience…have you thought about if your organization has the right mindset, has adapted key technologies, has good cyber hygiene, and can kick attackers out when they get in?
We think it’s a valuable investment.
Learn how our Proactive Protection Bundle builds cyber resilience. Request a demo
Bryan Borra, Vice President, Product and Content Management, Proficio
Bryan is responsible for leading Proficio’s product roadmap and managing our Threat Detection Engineers. He specializes in SIEM content engineering, network intrusion analysis, operational use case development, and threat intelligence.