Knowing how to prevent cybersecurity attacks is a critical job for today's IT and enterprise infosec teams. Indeed, the wide range and sheer scale can make the problem seem insurmountable.
Organizations must arm themselves against ransomware, advanced phishing campaigns, web application exploits and campaigns of lateral movement within their networks. And the ever-expanding profusion of platforms, such as mobile, cloud services and application frameworks creates pathways for hackers that security teams must address.
While there's absolutely no single best approach in considering how to prevent cybersecurity attacks, there are ways to stop many of them before they start -- or at least minimize the damage should they occur. Enterprises should consider these four defensive maneuvers to help boost cybersecurity and defense programs and reduce their overall risk of attack.
1. Focus on patching and configuration management
Most organizations are familiar with the struggle to configure and patch operating systems and applications, so tools for these tasks should be very familiar to all. However, there are some methodologies and products that can vastly improve the routine of patching and configuration.
First, the DevOps movement gives us a model of image management and production deployment that, when implemented, can ease the patching burden. In the part of this method, patches are installed on a virtual server or container image, which deploys new, fresh (and patched) images while simultaneously taking out the old ones. This is much easier said than done in legacy environments, of course, but moves us away from the old model of battling to keep systems operational for long periods of time, patching as we go.
The second improvement comes from the use of automation and orchestration platforms, such as Chef, Puppet, Ansible and others, where we enforce a known system state by defining all configuration standards in a "playbook" and then implement and enforce these controls continuously with the help of an automated management tool set.
While these methods have quickly gained traction in the cloud, some organizations have adopted these principles and tools for in-house systems, too. For systems that cannot move in this direction, ops and security pros should focus on the inventory of applications and software, patch as best as they can and lock them down as much as possible -- in other words, the same recommendations we've had for years.
2. Prioritize static code and dynamic web application testing
With the growing threat of ransomware and destructive malware, data backups and recovery tools should top every CISO's list of critical areas of focus.
With so many web application exploits in the wild, there must be more overall focus on software security. Development teams need automated static code scanning for code commits, with risk analysis and review from security and software analysts alike. Staged applications in quality assurance and testing environments should have dynamic scanning (and web application penetration testing) performed frequently to ensure there are no common application and architecture configuration vulnerabilities.
Organizations must commit time and resources here if they develop their own web applications and should likely invest in static code analysis and web application scanning and testing tools, as well. They should evaluate their findings for context and priority in alignment with sound vulnerability management practices.
3. Implement a comprehensive backup system
With the growing threat of ransomware and destructive malware, data backups and recovery tools should top every CISO's list of critical areas of focus. While many organizations still use local physical data storage, such as file servers, network-attached storage and tape, there is significant growth and acceptance of remote and cloud-based storage options. As the cost of remote storage drops, these options are increasingly affordable.
If security arrangements are comprehensive, remote storage should be a best practice. Be sure to back up all file shares and document stores regularly, especially those containing sensitive data, and do monthly tests of backups and recovery options. Microsoft, Google and Amazon all offer affordable cloud storage, along with DropBox, Box and others. Specialized cloud storage providers like CommVault, Zerto and others may be good options, as well.
4. Improve network and application segmentation
Traditional network access controls, such as switch and router access control lists and firewalls, will continue to have their place in our network segmentation designs. But security professionals have begun to rethink how they approach network security due to the proliferation of lateral movement scenarios in security incidents. Some steps to take include the following:
Look at our entire environment as potentially untrusted or compromised versus think in terms of outside-in attack vectors. Increasingly, the most damaging attack scenarios are usually internal due to advanced malware and phishing exercises that compromise end users.
Understand better how applications should behave at the endpoint, and look at what types of network communication the approved applications should transmit.
Focus on trust relationships and system-to-system relationships in general within all parts of our environment. Most of the communication in enterprise networks today is either wholly unnecessary or not relevant to the systems or applications really needed for business.
There are tools to help prevent cyberattacks through policies that tie system and application behavior to permitted versus unexpected network traffic patterns. Sometimes labeled microsegmentation, this category of software may require host agents; an enforcement plane, like switches; or virtualization (hypervisors), as well as a unique policy and application mapping engine that can profile behaviors in the environment and help to build more granular application-centric segmentation.
It's easy to become overwhelmed by the many, necessary tasks in cybersecurity planning. However, it's important to prioritize when mapping a strategy for how to prevent cybersecurity attacks. These four categories of controls are more critical than ever.
