Nearly thirteen years ago, I worked on the largest outbreaks in corporate history. As a third-party validator for ExecHot, the Top 500 Microsoft customers, I traveled to client sites to mitigate the impacts of Nimda, CodeRed and SQL Slammer. Today I attended Microsoft’s Cybersecurity Virtual Summit. For a professional with many years of current experience, it offered no surprises. Yet something struck me about its keynote. Chief Information Security Officer (CISO) Bret Arsenault again illustrated the effectiveness of what I learned at MSFT ten plus years ago.
At 02:42 (HH:MM) Mr. Arsenault mentions five low to m
oderate cost things which can prevent 85% of all breaches. These are the five that I have used to eliminate, mitigate and prevent thousands and hundreds of thousands of risks at dozens of clients in as many years
- Good Patch Management
- Keeping your OS’es current
- [Current] Anti-virus
- Good Identity and Access Management (IDAM)
- Security Monitoring
The first one started back in 2003. We rolled out Windows Update Services (WUS) which quickly changed to Windows Software Update Services (WSUS) as no one wanted to be the “WUS Administrator.” This allowed administrators to update all Microsoft products in an integrated fashion with or without Active Directory and Systems Center Configuration Manager (SCCM). Companies that perform this health and hygiene on their Microsoft Software drastically reduce their vulnerability.
Next comes Operating System or software version control. Eliminating Windows XP for example further reduces potential openings for malicious actors to exploit. Take this and patch management a step further and expand it to all software and operating system products and attackers have to find another ways into your infrastructure. An example helps illustrate this idea. A phishing email targeted at a vulnerable version of Adobe or Office cannot take control of your user’s systems if the software is updated and patched.
Yet if you patch and update all of your systems, but do not manage your users’ access, an insider or cracker can use legitimate credentials to wreak havoc at your firm. It is vital that firms use Identity and Access Management (IDAM) Privileged Access Management (PAM), or some form of control for privileged accounts. Couple patching and PAM with reporting Security Monitoring and your firm has a greater chance of preventing and catching unauthorized agents early.