Companies are getting hacked with impunity because we’re not doing the basics. It’s not because we lack Threat Intelligence. It’s not because of APTs. It’s not because of China.
It’s because we’re failing at stand, walk, run. We’re stuck at the standing phase debating the intricacies of hurdles and long-jump. It’s our first day in Karate class and we’re trying on black belts. We’re a gaping chest wound, and people are showing up with smiles, kale, and yoga pamphlets.
If you have a friend, customer—whatever—that’s on infosec life support, here are the three things to have them focus on.
- Asset Control
- Patch Management
- Egress Traffic
1. Asset Control
You can’t defend what you don’t know exists.
- Find all your assets
- Put them in a list
- Update the list regularly
- Constantly look for shadow IT
2. Patch Management
If you’re not patched, patching is the priority.
- Using that list of assets, patch everything
- Upgrade to modern versions of your operating systems
- Upgrade to modern versions of your applications
- If you can’t upgrade your apps, consider SaaS alternatives
3. Egress Traffic
Outbound traffic is a window to your compromised soul.
- Gain control of your DNS traffic
- Move from blacklisting to whitelisting
- Stop systems from communicating with known-malicious hosts
- Use an IDS/IPS to detect known-malicious outbound communication
These are triage steps—the very basics in each category. The next few I’m less sure of the order of, and they depend more on your organization. But they look something like:
- Endpoint Protection
- Logging and Monitoring
- Incident Response
But don’t think about 4, 5, and 6. Think about 1, 2, and 3.
Stand, walk, run.
- Jeremiah Grossman got me thinking about this list with a tweet last week.