Phishing and spear-phishing attacks are one of the quickest and easiest ways to compromise an otherwise secure environment. SPAM still accounts for around 70% of most company’s email traffic. Even with perimeter defenses, patch management and build processes, end-user interaction with messaging systems and links to external resources can still expose well maintained systems. Use of cloud-based solutions may provide some protection (as many have integrated anti-spam solutions), but any user interaction with messaging system-based malware may expose whatever assets that specific user (and their current workstation) has access to.
4. Network segmentation and isolation of critical assets
Many environments still allow interaction with critical systems from virtually anywhere within the organization; this has become a business imperative. Network segmentation helps to control access to critical internal systems from users and applications that have no need to interact with them. Separating critical assets and ensuring that only authorized personnel, systems, or applications can interact with them, significantly reduces exposure and chance of opportunistic attack from insiders.
Network segmentation can also reduce the scope of audit activities (if you can demonstrate effective segmentation controls), which saves time and money.
5. Patch management
Patch management provides direct reduction of risk associated with newly discovered vulnerabilities. These core security processes are well known as foundational to any security program, yet lack of effective patch management is still one of the most common issues with environments reviewed by security consultants. While patch management is a required control for many standards and regulations, many organizations are still missing significant elements of an effective patch management program.
Many solutions do not adequately address third-party applications or COTS solutions. Many organizations are not being aggressive enough with patch management. It is common to see global organizations with only quarterly or semi-annual patch schedules, and product vendors with patch cycles that exceed a year. Any gap in system or application patching exposes those systems to directed and opportunistic attacks.
6. Anti-virus, anti-spyware, and anti-malware
Users remain a significant target within most organizations. Anti-virus, anti-spyware and anti-malware solutions provide some defense against user interaction with Internet sites, malicious files, and email content. Just having the control is not enough, it requires management, review and integration with the overall vulnerability management program. Further, integration with edge-controls, such as IDS/IPS, threat-monitoring and even Internet Access Controls can help with detection of virus/malware events and the efforts necessary for remediation or clean-up activities.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.