It’s hard to secure your network against all threats. Even when following every best practice, there are still going to be zero-day exploits and undiscovered tactics that you need a plan in place for. However, here is some baseline requirements which can help get started with implementing better security policies:
1. Use strong passwords and never reuse them
2. Educate your employees about phishing scams
3. Keep your software up to date
4. Use a firewall
5. Limit access to sensitive data
6. Backup your data regularly
7. Use encryption for all confidential information
8. Monitor your network for suspicious activity
Note: These tips are still just a starting point. You’ll need to dig deeper for the best protection.
Insights into Observability
Where is the majority of your inbound traffic coming from today? Where is the majority of your outbound traffic going? Have these traffic patterns changed recently? Incoming and outgoing network traffic should be observed and tracked. Understanding what’s normal or odd in terms of shape, tempo, and structure is crucial to recognizing anomalies or normalcy.
Like to use the example of an empty classroom. If all the desks are in their rightful place and there’s no one in the room, that would be considered “normal.” However, if you walk into the room and all the desks have been overturned and papers are strewn everywhere, that would be considered “abnormal.” In this analogy, network traffic would be the desk, while packets would be the papers.
In order to get Observability insights into your network traffic, you need to implement a tool or system that can give you visibility into all aspects of your network. This includes things like firewalls, routers, switches, applications, and even user activity. Once you have this data, you can start to look for patterns and would recommend using a tool like Squillo, which can give you visibility into all aspects of your network traffic.
This is just a starting point, but by understanding your network traffic patterns, you can start to get a better handle on what’s normal and what’s suspicious. From there, you can take steps to implement the appropriate security measures to protect your data and your business.
Ingress (entry) and Egress (exit)
Switches, routers, and firewalls can all handle bidirectional traffic. The management of what you expect inbound as well as outbound is critical. Consider utilizing a proxy or an egress filter to manage the flow. A Proxy server is an intermediary between your internal network and the internet. It can cache content from websites you visit often to speed up loading times, as well as block unwanted content such as ads or malware.
An egress filter is a type of firewall that controls outgoing traffic from your network. It can be used to block certain types of traffic, such as unencrypted data or traffic going to known malicious IP addresses.
Configuring your devices to use a proxy or an egress filter can help protect your network from external threats.
Application Inventory.
Many next-level security controls, such as application whitelisting, require an app inventory. You need to be certain what’s functional on your network. There are a slew of tools to keep track of network applications, and they’ll all be determined by the type of architecture you have in place. InTune or SCCM would be ideal for environments with big Microsoft deployments. If your organization is heavy on Linux, you might want to consider Satellite for Red Hat or Landscape for Ubuntu. These applications will help you figure out what’s going on in your environment and set you up to understand the type of network traffic that’s coming. They’re also a great place to start when it comes to developing a disaster recovery strategy.
User Behavior Analytics (UBA)
In order to detect malicious or suspicious activity, you need to understand what “normal” looks like. This is where User Behavior Analytics (UBA) comes in. UBA uses machine learning and artificial intelligence to build a model of what normal user behavior looks like. Once this model is built, UBA can then flag anything that falls outside of the norm as potentially suspicious.
There are a number of different UBA tools on the market, such as Splunk Enterprise Security and IBM QRadar. Implementing a UBA solution can help you detect threats that might otherwise go unnoticed.
Staying up to date aka Patching
Patching is one of the most difficult issues that IT organizations struggle with. There are an infinite number of patches to apply at every level of the infrastructure stack. Don’t cut corners or neglect other needs in order to speed up the process. Regularly, OS tools are and will continue to be targeted. To avoid having known components of your OS and applications become an issue, keep up with patching.
Geo-blocking refers to restrictions on internet access based on location.
Geo-blocking IP addresses is not a definitive shield against amateur hackers, but it may help you block more casual assaults. A malicious assault is just as likely to come from within your country as it is from without. When combined with other defenses discussed below, geo-blocking can be quite beneficial – especially for blocking traffic that you know isn’t relevant to your company.
IDS/IPS Settings
The IDS/IPS: It’s simple to acquire and turn on, yet it requires a significant amount of effort to configure and maintain. Make sure you have someone on staff (either full-time or a trusted advisor) who understands what they’re seeing from the IDS/IPS system and can interpret its potential impact on your systems and company. Application environments/servers that are not supposed to be running applications such as HTTP, FTP, and other protocols are frequent.
Backups & Recovery Plans
In addition, you should have a well-defined backup and recovery strategy in place, including air-gapped backups, immutable data environments, and 24x7x365 support that is ready, willing, and able to failover or restore production environments if something goes wrong.
It’s crucial to remember that this is not a comprehensive list of procedures or activities. It would be in your advantage to use a framework to guide you. There are several different ones available; however, depending on your sector, there may be one specifically designed for you.
If you’re unsure where to start, please join our community. We’d be delighted to have a talk with you that leads you down the correct road.