4 To-Do’s to Help Keep Your Company’s Network Safe from an Attack
You work hard to hire smart people, but people make mistakes, and it takes only one employee to click the link or run that nasty code–and suddenly an attacker has access to your network. Even your best employee is at risk of falling victim to a spear phishing attack.
So, what can you do? You can make it difficult for the bad guys to get what they want.
Protecting Your Network Security Starts Out of the Inbox
Stop the attack before it can reach your employees. Next-generation perimeter protection is the first step all companies should put in place. Email and web content filtering solutions monitor what is being presented to your end user, enabling these prevention technologies can block some of these attacks before they even arrive in the unsuspecting end user’s inbox or web browser.
Backing Up Your Network Requires an Effective Endpoint Security Solution
Assuming your perimeter defenses fail and the attack reaches the end user, what do you have in place? At the very least you should have an effective endpoint security solution. They operative word here is “effective”. Your traditional signature-based antivirus software solutions are easily circumvented. In fact, DirectDefense usually bypasses most antivirus solutions through our regular obfuscation techniques. So shop around to find a solution that is effective in the real world. DirectDefense experts are also happy to let you know which software we can circumvent easily, and which ones give us some trouble.
Mitigating a Breach Requires Effective Monitoring Controls
Are your monitoring controls effective? If an attacker successfully gains remote access to your internal network, and potentially the data it contains, would your organization be aware of this activity? If your organization is successfully compromised, you must have effective monitoring controls in place to alert the proper personnel so the damage can be mitigated as soon as possible.
Stopping the Attack with Controls at the Perimeter
Imagine your end user’s computer is now compromised and personnel have been notified. Now what? Ideally, your organization’s additional controls should be leveraged to stop the attack. Once a computer is compromised, the exploit usually needs a way to “phone home” to effectively do the most damage. Do you have effective egress controls at the perimeter to stop that outbound connection? Are there restrictive egress access controls at the network level? Are there application-aware firewalls that will recognize and prevent malicious activity originating from the internal network making outbound calls? What does your organization have in place to thwart an attack if it were to reach this stage?
At DirectDefense, we encourage any organization to allocate any available resources toward security awareness training because we believe it has its place in every security management program. We also strongly encourage our clientele to save part of any available budget for the additional controls to stop the attack that would ensue after an employee unknowingly clicks a bad link.
An attack can happen quietly and escalate rapidly. Don’t be caught unprepared. Test how well your organization has implemented technical controls and properly protect your sensitive data from the next big compromise,. Contact firstname.lastname@example.org to schedule an assessment today.
Written by: Dean Meyer
Dean Meyer is a principal security consultant with the DirectDefense assessment practice with over fifteen years of combined experience in information technology and information security consulting. Dean provides a broad range of information security assessment and consulting expertise targeting various components of the enterprise environment (perimeter, enterprise, applications, etc.).
Prior to joining DirectDefense, Dean worked for Accuvant and Business Network Consulting (BNC). While there, he focused his efforts on security assessment and penetration testing work for a broad range of industries including finance and banking, legal, healthcare, e-Commerce, manufacturing and government entities. Dean’s experience also includes performing assessment and penetration testing to meet compliance requirements with industry standards such as PCI, HIPAA, NERC-CIP, FCA and others.