Cyber Attacks: Prepare with Zero Trust
Many people are uncertain about the future after recent events in Ukraine. We are thinking of the families whose lives have been impacted by this historical tragedy. We hope that they can find a peaceful solution soon.
We hear everyone who is anxiously awaiting the next cyberattack.
We wanted to give you some tips to help you prepare for the worst case scenario. These concerns are not limited to the obvious threats, but also include additional actors, provocateurs and anarchists who could leverage script kitsties, lonewolf actors or resources of the nation state.
There is so much to think about. We can only recommend that you adopt the Zero Trust approach. Zero Trust allows you to protect every corner of your environment from potential (and unknowable!) cyber-attacks. Below are some ideas to get you started with Zero Trust, and some of its key principles.
Zero Trust – Simpler
It is best to adopt a Zero Trust mindset, align your security procedures, procedures, guidelines around it, to eliminate any unwanted access to your environment. Why? Let’s take a look at the key principles of Zero Trust Architecture.
Treat all users and devices as “Untrusted” Create granular and specific policies that limit unnecessary access to the network or traffic.Continuously validate the identities of users and devices on the network. Monitor your network traffic for threats.
The Top Priorities You Should Consider
Consider these things as you increase your defenses of the environment
Performing Regular Patch Updates (as prescribed)Maintaining a thorough asset inventoryDeploying Multi-Factor Authentication (MFA)Implementing Network segmentationIncreasing environment visibility Performing active threat huntingLet’s break these down.
Regular Patch Updates (as required)
Regularly update your patch software. Cisco Talos Patch Tuesday is a great place to keep up-to-date with the latest patches. Each month, they release new bugs and patches. You can ensure that your environment is secure by staying on top of these updates. This will reduce the hacker’s ability exploit any unintended weaknesses within your security posture.
Subscribe to the Cisco Talos blog for more information and monthly updates
Maintaining a complete asset inventory
Know your environment! You can identify your environment’s endpoints, applications and hardware. You can then deploy the security protocol to protect your environment from being used by threat actors.
Multi-Factor Authentication (MFA),
MFA is one of our first steps towards Zero Trust Adoption. It is key to establishing trust among users. This Zero Trust component has the greatest impact on threat mitigation. But we’ll get to that later.
Implementing Network Segmentation
According to Palo Alto Networks
Segmentation should be done from within. First, you must determine what you are protecting. This usually includes data, applications, assets, and services that are important, sensitive, regulated or in other ways to your company. This is the protect surface. It is the smallest possible outcome to our mandate to reduce attack surface.
Network segmentation is a way to limit access privileges to only those who really need them and to reduce the number network users in different areas. This reduces gaps and vulnerabilities by eliminating unnecessary cooks from the kitchen.
Visibility in the Environment
You can monitor the activity of your environment to detect potential risks and account for takeover attempts. There have been instances when customers didn’t know how many devices were running in their environment. This is especially true if the number of devices in an environment is large. Cisco ThousandEyes solutions can help you monitor and reclaim your devices with optimal visibility.
Cisco ThousandEyes can be tried for free.
Active Threat Hunting
You’ll be able to avoid being caught off guard by continuous threat hunting and environmental monitoring. Sometimes it takes just a few seconds for a threat or virus to strike your internal system. Ransomware of the metamorphic type can change file names and jump from one computer or another in a matter of seconds. This is essential for threat containment, which limits exposure and damages, and results in more efficient mitigation.
Security Controls & Training with the greatest impact on threat mitigation
We recommend that you first focus on these three components if you are not ready or in the process of adopting Zero Trust architecture.
Multi-factor authentication (MFA)Endpoint detection and response (EDR)Security awareness training
Multi-factor Authentication (MFA)
MFA, as we have already mentioned, is the first step in implementing a Zero Trust strategy. It ensures that only authorized users have access to resources. According to Cisco, 90%+ of their Talos Incident Response(IR) engagements relate to:
Not properly configuring or monitoring MFA or Endpoint Detection & Respond (EDR). Get a free trial of Cisco DUO.
Endpoint Detection and Response
This solution is crucial for endpoint security, especially if there are multiple employees in your network. EDR continuously monitors end-user devices in order to detect cyber threats and respond accordingly.