THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Remediating RiskBreaches can happen anywhere within a company. Unfortunately, one of the most common ways for a breach to happen is due to network infrastructure configuration failures. While these failures can come in many different forms, the majority of them will be because they failed to follow their own established standards and industry best practices. These failures could have been addressed right from the get go and would have never happened, but sadly that is not the case. Attackers will take advantage of any opening they can get. One of the easiest to close is following already established guidelines or best practices. When an organization fails to even do this then there are possible threats that come from that, and the biggest is a breach of the network and the loss of data. Network Assets Asset Management is one of the key pillars of IT Security and should be one of the top issues addressed by any organization. Unfortunately, most companies don’t have a program in place that tracks assets during their life within the business. From the time the asset is delivered to the business to the time the organization decides to get rid of it, it should be tracked. Asset control procedures are a way that the IT Department will have in order to determine what assets will have access to the corporate network. Not having an accurate list of assets can lead to allowing rouge devices on the network, (this also means BYOD too). Rogue devices or those not directly managed by the IT Security Team can be an open gate to potential threats or attackers. Remediation The solution for this would be have an automated process that tracks the asset from the time it is brought onto the enterprise network to the time that it is at the end of its life. All discrepancies with the “approved assets” listed should be removed from the network. This will permit only those assets that are known and managed by the IT Department to access the resources of your company. Thus limiting the potential exposure of rogue devices on the corporate network. Patch Management
Patch Management is one area that can’t be over emphasized as a requirement for preventing breaches and helping to mitigate potential threats. Applying security and software update patches should be the top of the list of items that an IT Security Department oversees on a monthly basis. Regardless of whether the patches are tested, (which testing should happen) they should be deployed to systems on the network in a timely manner. When vulnerabilities become known, manufacturers will try to send out updates as soon as possible. While this may take time and the manufacturer may have to make a public statement about the identified vulnerability as part of the notification process. Potential attackers get the same information, and will act upon it once it is known. This will leave a very small window in which to install updates or patches. Failure to follow through with this process will leave the company vulnerable. Remediation Install patches in a timely manner or as quickly as possible. Have an established rating system that rates patches and updates are deployed based on the potential impact that it might have on your business. Having a quick turnaround time on the patch deployment process will address many potential vulnerabilities that may surface. This one area alone will address the biggest reasons that businesses of all sizes are targeted by attackers. Process Control One of the largest areas that any IT Security Team will deal with in any given year will be on policy and process development documentation. Developing intricate processes or policies take time and effort. These policies and process documents take into consideration best practices and may have additional suggested controls that address specific vulnerabilities. Failure to follow them can lead to a potential compromise of the network. The following are areas can be of concern if the documentation or processes are not followed according to best practices:
Remediation The best way to remediate this potential threat would be to make sure the teams that are involved with the direct management of the assets use the documentation. Whether it is a firewall configuration guideline or an Incident Reporting Policy, all of these different documents will help to secure the enterprise from a potential breach, but only if they are followed. It is important to remember that all documentation should be followed and implemented in accordance with the established guidelines. They were written in order to address some specific need or requirement, but most of all to address potential threats to the enterprise. Summary While there are many areas to look at when protecting a company against a possible breach. The vulnerabilities within the enterprise should not be one of the largest contributors to a possible breach. Nevertheless, humans are the weakest link in protecting our networks. We need to take steps in order to mitigate the possible threats that attackers could take advantage of and breach our networks. Following the created documentation and best practices will do a lot in reducing the overall risk these areas pose. But it will take vigilance on the part of IT Security Pros and others on the IT Team to make sure things are configured and setup correctly.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|