2020-07-09T05:50:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 13
  • 89

What can businesses do to improve their security posture?

What steps should businesses take to assess and improve their security posture? What tools would you recommend for this purpose?

11
PeerSpot user
11 Answers
SimonClark - PeerSpot reviewer
Cyber Security Advisor - Director at Fort Net UK
MSP/MSSP
Top 5Leaderboard
2021-07-20T08:49:29Z
Jul 20, 2021

The question is very broad as it depends on what industry you are in and if you are B2B or B2C and how transactional your website is. Ideally, you should request a cyber security consultant to provide some advice.


My priority would be to request a comprehensive IT & Risk Assessment. Small MSP's can perform these at very affordable prices and sometimes credit the fee back if you subsequently buy other products and services from them.


A good IT & Risk assessment will provide you with visibility of everything attached to your network(s) and a thorough analysis of each of them. One of the biggest threats to an organisation is leaving servers and applications on old versions of software - patching. That is what criminals are looking for as an easy route into your company. The second threat is poor password management. A good assessment will notify you about devices you didn't know you even had and their patch status. It will also notify you of users with passwords that need to be reset and their login history of all the systems they have access to. We sometimes find credentials of employees who left the company months ago are still being used to login to critical systems - That is a big alarm bell!


If you are considering a penetration test (pen test) - great, but have a network assessment first and clean up all the easy stuff so that the pen testers have to work hard for their money.


The contributors to this article who talked about staff being the weakest link are correct. Email phish simulation and training can cost as little as $1.5 per person per week. Over a fairly short time, it makes a massive difference to the likelihood of an attack getting into your company. MSP's that provide assessments usually offer a staff awareness platform too. Staff benefits from vital cyber skills in their personal lives too.

Search for a product comparison in ATP (Advanced Threat Protection)
PL
IT Consultant Supervisor at a financial services firm with 5,001-10,000 employees
Consultant
2022-08-10T02:25:35Z
Aug 10, 2022

1) Awareness - educate people. People is the weakest link in security


2) Move your infra to cloud. Its cheaper and easier to protect. 


3) Adapt Desktop-as-a-service for all employees. They can easily work anywhere using any of there own device or the company can just provide chromebook or tablet to access there workstation on the cloud.


4) Protect your cloud environment by adapting best practice suitable to your setup and size.


Manoj Nair - PeerSpot reviewer
Tech consultant at select softwares
Real User
Top 5
2021-07-25T06:51:10Z
Jul 25, 2021

1. People buy - very important - it's not the technology adopted but the mindset and willingness of the people.


2. Choose your technology based on actual need and available budget.


3. Ensure that all possible exposure points are covered in your defense mechanism - laptops, server, firewalls, VPN - all are exposure points. 


4. At the time of final design consider the threat landscape you are in and what all factors are contributory to it - your industry type and technology used, the endpoints involved, the type of people who are using these endpoints 

The product and technology you finally choose AFTER you answer these basic questions will define your future defense mechanism as this will be the start point of your company's defense mechanism and its future evolution.

MK
Deputy Technical Manager (SOC Operations) at a tech services company with 1,001-5,000 employees
Real User
Top 5
2021-07-20T04:55:28Z
Jul 20, 2021

People are the weakest link in security so frequent awareness training is a must. 


The top management needs to understand the implications of data/security breaches and also understand that they also need to comply with security policies. Form a TI team for detailed information on what threats are most likely to affect the organization/industry, and indicators to help prevent and detect more attacks. 

PB
Infrastructure Team Lead at a comms service provider with 1,001-5,000 employees
Real User
2021-07-20T04:20:20Z
Jul 20, 2021

Training & awareness to the insider, understand the risk involved and have mitigation plans. 


The recommended tools are APT Patch Management tools and Content filtering.

NE
VP Global Network Security at Chubb
User
2022-08-10T13:03:34Z
Aug 10, 2022

There is no one-size-fits all. This is more of a knowledge and process challenge than a technology purchase gap, at least to start. Get in a security consultant for what ever amount of time your budget permits, and they can look at your business, risks and technology and set direction.


If your checkbook is burning a hole in your pocket, invest in security awareness training for your people, as hacking the human is the most common entry point for a problem. Back that up with relentless patching of operating systems and applications, coupled with locking down computers so people can't install whatever eye candy they browse to on the internet.

Learn what your peers think about Palo Alto Networks VM-Series. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,994 professionals have used our research since 2012.
Norman Freitag - PeerSpot reviewer
Account-Manager at Consist ITU Environmental Software GmbH
Real User
Top 5
2020-07-09T12:03:15Z
Jul 9, 2020

Awareness Awareness and Awareness, the Problem is the Head.


True story, issues take place on the senior lvl (Open USB Port, no Clean Desk Policy, etc.)


Afterwards "we" (the working lvl) can talk about trainings and SW/HW Solutions.


So first is that security means not only buying a SIEM or ISMS Monitrin, its a mindset.


Some sort of taking care for the company like taking care for your family :)



Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Community Manager
Sep 6, 2020

@Norman Freitag great advice!

PeerSpot user
it_user1146165 - PeerSpot reviewer
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
2020-07-09T22:13:31Z
Jul 9, 2020

You must perform a vulnerability assessment on all your devices, for example with Tenable Vulnerability Management. Then you must remedy the critical and high vulnerabilities.

Shaik Sayeed - PeerSpot reviewer
Information Technology Solutions Manager at UBG
Real User
2020-07-09T13:37:45Z
Jul 9, 2020

Always evolving your technologies with security threats and trends is needed , similarly user awareness of security is a key . As an IT person with a limited budget of SMB organization they should opt for UTM (NGFW) , better endpoint with EDR,ATP and email security . An enterprise should be always ready for any targeted or rogue attacks hence a defence in layers is required , firewall, network layer ATP (sandboxing), Email with zero day attack intelligence, device controls, EDR and EPP , WAF for web servers and an honeypot to trap and known the threat vectors for their organization. 

VG
IT Security Head with 1,001-5,000 employees
Real User
2020-07-09T11:30:25Z
Jul 9, 2020

No matter what tool you used, we can't stop all the threats. 


We need 360 degree visibility and need to categorise the risk factor and work continuously to improvise on enhancing security posture. There are end number of tools available depending on the risk factor   

Hugo Thebas - PeerSpot reviewer
Security Analyst at Security4IT
Reseller
2020-09-03T11:56:59Z
Sep 3, 2020

First of all, you need to know what you have inside your company, not only computers, but every device that is connected to the network, this will help you to identify where are the potential threats. There are products focused on making inventory of your network assets.


After that you can plan the best approach, based on your needs.


Surprisingly, the worst threats can come from places you don't even know they exist.



Related Questions
Satish Singh - PeerSpot reviewer
Cloud Security Architect at Kyndryl
Oct 26, 2021
Hi community members, I'm working as a Cloud Security Architect at a Tech Services Company with 10000+ employees. I'm looking for a security solution to detect and prevent APT attacks.  Can anyone suggest a good and cost-effective solution? Please explain why would you choose this particular tool or solution. Thank you!
2 out of 5 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Oct 25, 2021
Hi @Satish Singh, No single solution will 100% protect the environment. You need multiple layers of security working together, all the time, in addition to constant network monitoring. With that said, there are multiple ways to protect against advanced persistent threats. Install a Firewall Choosing a firewall is an essential first layer of defense against APT attacks. Software firewalls, hardware firewalls, and cloud firewalls are the 3 most common types of firewalls used – any of which will help you prevent advanced persistent threats. Enable a Web Application Firewall A web application firewall is a useful tool for defeating APT attacks because it can detect and prevent attacks coming from web applications by inspecting HTTP traffic. Install an Antivirus Up-to-date antivirus programs can detect and prevent a wide range of malware, trojans, and viruses, which APT hackers will use to exploit your system. Make sure that your antivirus can access real-time data and detect the newest threats, instead of only being able to recognize well-known malware. Implement Intrusion Prevention Systems Intrusion prevention systems (IPS) are an essential IT security service that monitors your network for any strange behavior or malicious code and alerts you if any is found. This is a powerful tool for recognizing network compromises before they can be exploited. Create a Sandboxing Environment A sandbox is a secure, virtual environment that allows you to open and run untrusted programs or codes without risking harm to your operating system. If a file is found to be infected, you isolate it, remove it, and prevent future infections. Install a VPN Remote access risks such as an insecure WiFi hotspot, present an easy opportunity for APT hackers to gain initial access to your company’s network. A virtual private network (VPN) provides an encrypted “tunnel” that you and your employees can use to access your network without cybercriminals snooping on your activity or gathering your data. Enable Email Protection Email is one of the most-used and most-effective forms of infiltration. Advanced persistent threat protection relies on good software as much as it does on good end-user behavior. Enable spam and malware protection for your email applications, and educate your employees on how to identify potentially malicious emails.
BobenGeorge - PeerSpot reviewer
Sr.Customer Engineer- Projects at a tech services company with 201-500 employees
Oct 25, 2021
When you are considering cost-effectiveness Hardening perimeter defenses such as firewalls and antivirus are pivot points of preventing APT malware from being installed on your computer systems. Not sharing account details, recognizing phishing attempts at the first stage, safe web browsing at work. As per me, no clear-cut solution is effective... it's a mixture of solutions / tools you may use when you are tackling the aftermath... There are solutions like Trend Micro XDR which can trace back but not so cost-effective.  APT attacks use cutting-edge technology and hacking methods to sneak into a company’s system, So the best thing is Prevention...
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Dec 7, 2021
Hi peers, What is the difference between a compromise assessment and threat hunting?  How do each contribute to Endpoint Protection?
2 out of 5 answers
JB
User at a computer retailer with 1-10 employees
Jun 22, 2020
This is an excelent article dealing with it. https://blogs.cisco.com/securi...
GP
Chief Information Security Officer at Dfnd
Jun 23, 2020
A Compromise Assessment (CA) is an active and generally scheduled engagement that is looking for malicious activity, undiscovered breaches, and threats. It generally is performed with a DIFFERENT set of security tools/services than what is being used by the team day today. Often they encompass active scanning and/or vulnerability assessments in addition to network and system analysis. The goal is to identify bad actors and initiate incident response and forensic plans. A common mistake happens when teams try to use this process to be the main component of the identification, containment, and forensics processes. In my experience, they should be considered separate to be effective. Threat Hunting (TH) is an ongoing process that leverages current datasets and tools to look at the data in a different way. TH comes in many forms, from manual searches looking for suspicious data to leveraging outlier and anomaly detection or other machine learning/advanced analytics. Really good threat hunting teams are able to take new Tactics, Techniques, and Procedures (TTPs) or Indicators of Compromise (IOCs) and specifically look for events, files, and/or behavior that would depict potential malicious activity specific to those TTPs or IOCs.  Generally, TH is a jump-off point to dig deeper into a dataset or system based on a good hypothesis with supporting data. If EPP was installed then it missed it. Both of these activities are looking for failures in a security process or tool. If EPP wasn't installed then the question is why and how do we get something deployed in the future (probably as part of the remediation phase of the incident response process) that would have identified or stopped the compromise/malicious activity.
Related Articles
Alex Vakulov - PeerSpot reviewer
Editor at a tech company with 11-50 employees
Sep 27, 2021
Small and big organizations often face targeted attacks. APT groups improve the quality of their operations, causing more serious damage. Timely detection and response, training of personnel, advanced training of information security department employees help reduce the risks associated with targeted attacks. The growth dynamics of APT (Advanced Persistent Threat) attacks has been declinin...
Related Articles
Alex Vakulov - PeerSpot reviewer
Editor at a tech company with 11-50 employees
Sep 27, 2021
More on Targeted Attacks and How to Protect Against Them
Small and big organizations often face targeted attacks. APT groups improve the quality of th...
Download Free Report
Download our free Palo Alto Networks VM-Series Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,994 professionals have used our research since 2012.