Our world is becoming more digital and more interconnected. Even though we need to protect ourselves, it would take all of us to protect the systems we rely on. The business threat environment changes frequently. New forms of attack emerge daily. To ensure the stability and security of your system, take an integrated approach. Ensure you put in place different levels of protection and regularly analyze possible threats.
Centrally Managed Updates and Patches
Utilize systems to centrally manage updates and software patches. To properly plan and prioritize updates, you should be aware of current threats. Use antivirus protection systems with a built-in sandbox to scan files in use. These solutions can also detect and block malicious files and other threats.
For best results, combine protection from several manufacturers. This would avoid gaps in protection as viruses missed by one would be discovered by the other. Furthermore, many of these programs can allow you to detect and block malicious activity in data streams. The solution should allow you to detect and block malicious activity in real-time. In addition, it should allow you to look for previously undetected threats.
SIEM solutions – for timely detection and effective response to information security incidents. This will allow timely detection of malicious activity, attempts to hack the infrastructure, and the presence of an attacker, and take prompt measures to neutralize threats.
Automated tools for analyzing security and identifying vulnerabilities in software.
Application layer firewalls (web application firewalls) – as a preventive measure to protect web resources.
Systems for deep analysis of network traffic – to detect complex targeted attacks both in real time and in saved copies of traffic. The use of such a solution will allow not only to see previously undiscovered hacking facts, but also to monitor network attacks in real time, including the launch of malware and hacker tools, the exploitation of software vulnerabilities, and attacks on a domain controller. This approach will significantly reduce the time of the intruder’s covert presence in the infrastructure, and thereby minimize the risks of leakage of important data and disruption of business systems, and reduce possible financial losses from the presence of intruders.
Protect your data
Data is valuable and should be treated with care. Do not store sensitive information in the clear or in the public domain. Best practice requires you to regularly create backup copies of systems and store them on dedicated servers separately from network segments of working systems.
Minimize, as far as possible, the privileges of users and services. Use different accounts and passwords to access different resources. Use two-factor authentication where possible, such as protecting privileged accounts.
Avoid simple passwords
Enforce a password policy that enforces strict minimum password length and complexity requirements. Also, limit the period of use of passwords (no more than 90 days). Change the default passwords to new ones that comply with a strict password policy.
Control the security of systems
Unpatched software is a critical attack surface. Timely update the software used as patches are released. Check and raise the awareness of employees in matters of information security. Control the appearance of unsafe resources on the network perimeter.
Regularly inventory the resources available for connection from the Internet. Analyze the security of such resources and eliminate vulnerabilities in the software used. It is good practice to constantly monitor publications about new vulnerabilities. This allows you to quickly identify such vulnerabilities in company resources and fix them in a timely manner.
Effectively filter traffic to minimize network service interfaces available to an external attacker. Special attention should be paid to interfaces for remote management of servers and network equipment. Regularly conduct penetration testing to timely identify new attack vectors on the internal infrastructure and evaluate the effectiveness of the protection measures taken.
Regularly analyze the security of web applications, including analysis of the source code, in order to identify and eliminate vulnerabilities that allow attacks, including on application clients.
Track the number of resource requests per second, configure servers and network devices in such a way as to neutralize typical attack scenarios (for example, TCP and UDP floods or multiple database requests).
Take care of customer safety
Raise awareness of customers in information security issues. Regularly remind customers about the rules of safe work on the Internet, explain attack methods and ways of protection. Warn customers against entering credentials on suspicious web resources, and even more so from giving such information to anyone by e-mail or during a telephone conversation. In addition, explain to customers what to do in case of suspected fraud. Notify customers of information security related events.