Join our team of experts as we discuss questions previously submitted to our panel. Below is a shortened version of the answers provided. View the video to learn more.
How can we ensure vendors protect our sensitive data outside of a signed legal agreement?
- Look outside of the statement of work or contract and validate your vendors through assessment.
- Understand the implication to your organization if there is a disruption in service and assess appropriately, fully contemplating the trust aspects involved in working with that vendor. There are risk categories associated with the supply of the product, the supplier involved in the product sale, and the service provided through professional services.
- Be diligent, and ask for validation in the vendor’s security practice, you may not get a complete digest, but that will provide insight into the validity of representations.
- Define the risk if a vendor is bringing in a physical device into your environment. Define who is holding the responsibility for the management and maintenance of those devices.
- Make sure this process is cost-effective.
For full details and explanation, start this video at 4:04.
What is the best way to secure domain admins?
- Exercise “least privilege” practice’s only use domain admin accounts for required actions only.
- Use basic accounts for day to day activities.
- Service accounts should be configured per requirement and shouldn’t allow for interactive logins.
- Strong passwords – goes without saying.
- MFA – whenever possible and or find a solution that allows the same functionality.
- If in a cloud environment, pay strong attention to configurations – https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/govern-service-accounts
- Policy & Procedure monitoring who has access to what systems, Limit surface area for privileged accounts.
- Monitor with a SIEM and SOC (MDR) services for user behavior anomalies.
- Click to Learn More About Application Security Best Practices
For full details and explanation, start this video at 11:36.
With a successful collaboration between red and blue teams in a purple team exercise, how do the team’s combined efforts enhance an organization’s overall cybersecurity posture?
Red Team is on the offensive, Blue Team represents the monitoring or defensive posture. Purple Team sits in between those two, purple teams pay attention to the outcomes of that exercise responsible for the mitigation of what is found as a result of that exercise. Think of them as an across the board team focused on continuous improvement. For instance in a penetration test, when vulnerabilities are found the remediation or management of those issues are where that Purple Team sits.
For full details and explanation, start this video at 20:00
Why is it crucial to go beyond technology and consider other aspects when developing a comprehensive cybersecurity strategy?
Process, Procedure & Adoption are critical elements of a security program people are a really big factor. It cannot be just about putting the next tool in. At some point resources get limited, it’s 90% process & configuration and 10% tools. Adding more technology alone, will not solve real security issues. Security is complex there is no silver bullet or magic button. Getting cultural buy in and alignment is huge for improving an organizations cybersecurity posture.
Monitoring an environment, is where you get some gains, automated response is something that everyone in the industry is talking about however, people are key to validating that response.
For full details and explanation, start this video at 23:53.
What do I do with all the great reports I get from the SOC? What are my next steps?
Reports out of a SOC are a very standard thing. This is a reflection of how well the SOC and services are working for you and aligning to your expectations. These help you validate and support policies and procedures within your program. Reports on activities in your environment are meant to help you understand if processes are working. The misstep is not using these to help you validate things like configuration changes as an example. Changes to infrastructure is another thing to monitor with these types of reports are your change management processes in place? Basically look at these reports as validation. Is what you are monitoring in the SOC really what you are doing in your operational environment.
Goal is that the reports get lesser and lesser every month, operationalize what you are seeing and improve your environment.
For full details and explanation, start this video at 30:09.
What are some practical steps and considerations for translating pen test findings into actionable changes within the organization’s security practices?
Penetration tests often result in a narrative, often a single vulnerability can point to an operational failure somewhere in the organization. In a pen test report, Sedara will try to identify those trends but, without the intrinsic knowledge of the organization, it is difficult to “root cause” the vulnerability. That is where a gap assessment can come in. A gap assessment combined with a penetration test helps identify issues in vulnerabilities but, also issues internally with processes and procedures. The goal is when we execute the next pen test is, we don’t find new vulnerabilities that could have been resolved if the operational issue had been identified and managed. Generate a POAM Plan of Actions with Milestones and hold people accountable to resolution.
Don’t just fix the vulnerability, look beyond that to why is it happening.
For full details and explanation, start this video at 34:29.
What are some of the best ways to approach social engineering training?
Building a secure culture is the goal of social engineering training. There are many ways to get social engineering training, phishing emails are a great way to get started and gamify the experience. These really keep the concept of vulnerability in the forefront of peoples awareness. Making your users more aware of what they are doing. There are a lot of these programs out there make sure the one you choose aligns to your goals. On the practical level this training should be executed at on boarding and at least once a year to maximize the outcomes. Common gaps we see are:
- Now what, users don’t know who to contact, what to do if there is a suspected issue?
- Another is MFA exhaustion, where the user is being prompted multiple times for authentication and finally just says yes to stop the prompts.
- Weak passwords, train your teams on what makes a good password.
Make it fun! Think of new and creative ways to keep your culture focused on security. Get everyone on-board. Get buy-in from leadership, top down.
For full details and explanation, start this video at 40:38.
What is the difference between MDR & XDR?
The concepts of Managed Detection and Response (MDR) & Extended Detection and Response (XDR) and the new one – (MXDR) Managed Extended Detection and Response we have always approached this with response has to be a part of your managed detection program. With the speed of attack increasing, it is minutes now, it is essential that you have a response plan built into your monitoring plan. Security systems, Vendors, 3rd parties and software as a service, is where the XDR part of the monitoring program comes in. XDR is really about the the bigger view of what is happening outside of your immediate perimeter. The combination of the two is where you get the best results.
For full details and explanation, start this video at 45:34.
Why do you work in cybersecurity?
This one you will just have to listen to, start this video at 48:57
If Sedara can help answer your cybersecurity questions or if you want to learn more, we are here to help. Click here and get started!