As a leading MSP, GreenPages has to be the best of the best steward of cybersecurity for our customers, who are across all verticals and range from SMB to enterprise, with the largest portion falling in the commercial space.
In this article, I share cybersecurity advice I give to our customers: Know your assets to enable detection
A lot of our customers are moving very quickly to advance digitalization, but they don't have good control over digital asset management. They don't know what they have, which is understandable, because what they have keeps changing, sometimes in ways outside of their purview and processes. We call that “shadow IT,” and most companies struggle with it, especially in the world of hybrid and cloud computing.
An asset that you don’t know about is a point of vulnerability, and you can’t detect an attack against it until it’s too late. You may not be gathering the right logs from the right assets — that is, the assets that matter most to the business, your crown jewels.
To decrease vulnerability to cyberattack, you have to get control of your digital assets. The first step is asset discovery. The next is identifying which assets are critical to the business. And then you need to be sure you have the right telemetry for detection — to shore up your defenses, focusing on those that matter most to the business, in the most effective way.
1. Prepare Operationally for Incident Response
Another priority I discuss with our customers is how quickly they can respond to incidents. Many start out ill prepared, so they’re not ready when an event happens. You need to prepare for events with processes, training, and testing on a regular basis.
I advise our customers to operationalize incident response. On a regular, basic practice, what to do when events happen, and run-through different scenarios. Model your practices like you play the real game, as if incidents are really happening. Practice should be well orchestrated, so you don't lose time. Time means everything in cybersecurity, and you should measure how long it takes for incident response.
2. Excel at Observability
It’s nearly impossible to protect what you can’t observe, so you have to excel at observability. We have found this is one way that Netenrich Resolution Intelligence Cloud is so powerful. Resolution Intelligence takes observability to the next level: You can get predictive about events that are going to happen and prepare proactively.
Alert fatigue is real. You get five million alerts coming at you, and you need to decompose breaches. Later, you find out that there was an alert of the breach, but it was buried in millions of alerts. How can you expect a human to find that one critical alert, or the set of alerts spanning multiple devices that represents a pattern indicating a breach? You can’t.
You have to get better with predictability, automation and observability across your entire digital landscape. Resolution Intelligence provides the best observability I’ve seen. It finds the critical alert or combination of alerts that matter, the patterns of behavior, and gives us the context we need to detect malicious activity.
1. Get Proactive with Threat Hunting
Waiting and observing isn’t enough. You have to be aware of your attack surface and hunt down potential threats. Threat hunting enables you to find vulnerabilities faster than your adversaries can find them. Then you can shore up your defenses proactively. Or if a breach is underway, you can launch response immediately. To learn more, download this ebook: 7 Ways to Attack Your Attack Surface.
2. Train Everyone in Your Organization
There's a motto at GreenPages that I preach: Security is not one person or one team's job. Security is every person's job in the company. Make sure everyone understands what they can and should do to ensure security by providing good security training. People need to be aware of when they're getting phished, when erroneous things are happening that are out of the normal for them.
Internally, we’re going a step further to ensure teams are accountable to maintaining security. We put security people on the infrastructure team, the development team, etc. So there’s no more “throw the code over the wall” to the security team. We’re taking a software approach to infrastructure.
3. Use Managed Security Services If You Need To
Most of our customers don’t have the expertise to build out their own SOC. Hiring a security team is expensive, and there’s a lack of talent out there. Plus, the field of cybersecurity is changing fast – you have to keep up.
Our customers are often overwhelmed with too many security tools — and too many security acronyms — so they come to us.
The outcome they ask for is that they can sleep at night, that if they get a call about a security incident it's real, and we have a plan in place to respond fast.
It may sound simple, but it’s not. Companies are becoming more complex as they move faster than ever into digital transformation. So how do they keep up with security tools?
I advise them to build a good security program that encompasses the different aspects of cybersecurity. When you have a comprehensive, well-architected security program, the tools are interchangeable as new technology comes out, and it shouldn't turn your business upside down.
This is a huge benefit of Netenrich Resolution Intelligence Cloud. It enables us to help our customers run comprehensive, well-architected security programs. Resolution Intelligence brings in all the data they have from any source, identifies their assets automatically, enables faster and proactive incident response, provides observability, and enables advanced threat hunting. Learn more in this discussion I have with Netenrich.
About the author: Jay Pasteris is the CIO and CISO at GreenPages. Jay drives and expands GreenPages’ intellectual property and services portfolio; oversees systems security, compliance, and quality assurance; and leads the technical pre-sales and business advisory services teams.