Managing Your IT Security With One Multi-Layered Approach
As the prevalence of directed cyber-attacks increase at an exponential rate, it has never been more important to monitor your IT security defences, effectiveness and policies in real time. How to go about it though when different areas of defence are controlled by different applications and different processes.
How would you quantify your security posture?
The ASD Top 4 strategies to mitigate cyber-attack would be a suitable place to start.
So, what is the ASD Top 4?
The Australian Signals Directorate top 4 strategies to mitigate targeted cyber intrusions, they consist of Application Whitelisting, Patching Applications, Patching the Operating System and Minimising Local Admin Privileges.
By definition, only allowing known, clean applications to run in the environment and stopping all others from running. Depending on the tool, this can be maintained with a unique hash, allowing executables from known manufacturers to run or the simplest method by allowing only programs with trusted ownership to run. Without whitelisting in an organisation, a hacker can send a targeted email to a recipient ie. (An attached file labelled as an invoice to someone responsible for processing invoices, they double click on the file and run the malicious code), with whitelisting the code will be stopped instantly and the threat contained.
Patching Applications Software
An Application is any software that is not part of the core operating system. Application patching is far more challenging than patching the operating system as there is a vast number of manufacturers and each may have a unique way of applying or configuring their patches. It is essential that these patches are kept up to date as failure to maintain compliance can drastically increase the potential for cyber intrusion into the network. US-CERT, the United States computer readiness team have released the top 30 targeted high-risk vulnerabilities and they are some of the most commonly used applications in business. Don’t keep these patched with the latest releases and your company is a prime target for cyber-attack.
Patching Operating Systems
The Operating System is the core on which all other systems and software are dependent, unless this is stable and secure then all other security functions are pointless. Patching of the OS then underpins all other security considerations, patches and/or Service Packs must be applied in a timely fashion relative to their importance. Automation of this process is integral to maintaining a consistently secure environment. The most publicised attack aimed directly at an OS would have to be the WannaCry attacks of 2017, these were devastating for the businesses that they infected. It infiltrated systems through an exploit in older Windows systems. Although Microsoft had released patches to close the exploit, WannaCry infected machines that had not been patched and the reported total damage was estimated in the hundreds of millions if not billions of dollars.
Restricting Admin Privileges
When systems are targeted, the perpetrator will firstly look for user accounts with Admin rights since they have an elevated level of access to the organisation’s ICT system and can cause the most damage. Reducing administrative privileges to an absolute minimum while maintain access and rights to users required for them to carry out their duties should be a focus of all IT security managers. How many local admins in your organisation? Australian National University’s IT systems were infiltrated by someone who managed to acquire account credentials of an Admin account which gave them access deep into the organisation, the attack believed to have originated in China was aimed at access to key defence research projects.
Security Live View
No one application can manage all of the ASD Top 4 strategies so how then can one dashboard display all the relevant information?
At Ivanti we have a tool called Xtraction which can connect to multiple data sources simultaneously giving a live data feed to disparate data sources in a single dashboard. Refresh cycles can be adjusted from 5 seconds to 10 minutes complete with customisable alerts that can fire on any anomalies that may occur. Regular reports can be scheduled through the in-built reporting engine and can be distributed via email, file share or server access without the need for any manual processing.
Not only can Xtraction show the company’s security posture at this point in time but by storing key data over a period of time can show trends such as unpatched machines, average time to patch and critical patches not applied. This gives the business a clear view of the success of patching initiatives and how their processes stack up against industry standards.
In addition, Xtraction has pre-defined data models eliminating the need for any coding as well as pre-built Out Of The Box dashboards that can be tailored for any organisation. Here, Xtraction is displaying information related to each of the ASD Top 4 Strategies in a single pane of glass giving a live view into the organisation’s security posture at any moment in time. With this visibility, maintaining an acceptable security posture is within the grasp of any organisation.