Companies are getting hacked with impunity because we’re not doing the basics. It’s not because we lack Threat Intelligence. It’s not because of APTs. It’s not because of China.
It’s because we’re failing at stand, walk, run. We’re stuck at the standing phase debating the intricacies of hurdles and long-jump. It’s our first day in Karate class and we’re trying on black belts. We’re a gaping chest wound, and people are showing up with smiles, kale, and yoga pamphlets.
If you have a friend, customer—whatever—that’s on infosec life support, here are the three things to have them focus on.
1. Asset Control
You can’t defend what you don’t know exists.
Find all your assets
Put them in a list
Update the list regularly
Constantly look for shadow IT
2. Patch Management
If you’re not patched, patching is the priority.
Using that list of assets, patch everything
Upgrade to modern versions of your operating systems
Upgrade to modern versions of your applications
If you can’t upgrade your apps, consider SaaS alternatives
3. Egress Traffic
Outbound traffic is a window to your compromised soul.
Gain control of your DNS traffic
Move from blacklisting to whitelisting
Stop systems from communicating with known-malicious hosts
Use an IDS/IPS to detect known-malicious outbound communication
These are triage steps—the very basics in each category. The next few I’m less sure of the order of, and they depend more on your organization. But they look something like:
Logging and Monitoring
But don’t think about 4, 5, and 6. Think about 1, 2, and 3.
Stand, walk, run.
Jeremiah Grossman got me thinking about this list with a tweet last week.