fbpx
5 Building Blocks for a Solid Cybersecurity Foundation

5 Building Blocks for a Solid Cybersecurity Foundation

by | May 7, 2019

The cybersecurity sector is constantly growing and is already a part of the strategy of many organizations. This article will give you complete information on How to Build a Solid Cybersecurity Foundation.

What is the current state of cybersecurity?

Technology has evolved and innovated making our lives easier and our jobs more productive. Today, technology is controlling critical aspects of our society such as financial markets, electricity networks, air routes, hospitals, etc.

In addition, we increasingly rely on smart devices (telephones, cars, televisions, and refrigerators). This overwhelming pace of innovation and adoption of technology, in times of digital transformation and therefore increased the complexity of systems, requires global awareness of the security, fraud, and privacy risks that are increasing even more rapidly.

These risks of which senior management must be aware must be continuously measured and monitored, forming part of the organization’s strategy and establishing a culture of cybersecurity.

Here we will learn about the main 5 building blocks for a solid cybersecurity foundation.

#1. SIEM (Security Information and Event Management):

Many abnormal attitudes, tendencies, and patterns are not in the ordinary. This is achieved by SIEM (Security Information and Event Management).

What the SIEM system does is centralize the storage and interpretation of records, so that it offers almost real-time analysis to the digital security team which can thus act much faster.

For its part, the SIEM system is collecting data in a central database to track trends and achieve patterns of behavior that can serve to detect others that are not common.

This system, of course, also provides central reports. From the union of both the acronyms, we are trying, SIEM, that can unite in a single system all the virtues of its two origins.

Undoubtedly, what is achieved by working with SIEM is not only better management of the working time of the security team and a greater facility to carry out their tasks but it also shortens the times of action, something fundamental for a company in case of threat urgent.

Learn more about Managed SIEM here.

#2. EDR (Endpoint Detection and Response):

The traditional protection systems which we all know as antivirus have until now pretty well-controlled viruses that have historically infected millions of computers. These types of viruses are executable files that aim to contaminate as many computers as possible so that they can be controlled and used for illicit purposes.

Unfortunately, cybercriminals have managed to find different ways to get control of computers, mobile devices, and web servers as they have a great ability to recycle their methods.

The EDR (Endpoint Detection & Response) technology promises to be the missing piece to complete that shield against the computer crime we need.

EDR produces a specific list for each client since their executables are analyzed and their behavior is ensured that they do not change. So if one of them gets out of the mold, an alert is activated.

EDR serves to detect new threats and avoid the need to block all malware by working specifically. EDR platforms monitor all executable programs by performing more thorough control.

Learn more about Managed EDR here.

#3. Patch Management:

Patch Management is also one of the parts of a Cybersecurity Foundation. Many large companies want to reduce the vulnerability of their systems. Mostly they make use of a security patch. As cybercriminals intensify their attacks, it is essential to maintain the pace for defense against these attacks.

A security patch is a cybersecurity solution for an organization and although no application is perfect, they are highly effective, even years after a program has been launched.

Its application depends not on the business sector but on the type of vulnerability that is had within the organization.

Types of patches according to their codes:

Patches to binary files: They constitute an update of the executable file of a program.

Patches to the source code: Includes a text file that details modifications to be made in the source code of the program in question.

Benefits of Patch Management:

  • Designed to work in On-Premise and Cloud environments.
  • Highly scalable.
  • Easy to install.
  • Fully automated and highly customizable.

Learn more about Managed Patch Management.

#4. Vulnerability Management:

Vulnerability Management is also one of the essential blocks for a solid Cybersecurity Foundation.

Vulnerability management is a continuous IT process consisting of the identification, evaluation, and correction of vulnerabilities in the information systems and applications of an organization.

Faced with sophisticated IT environments and the growing list of possible problems in the database and network security, IT departments with budgetary constraints find it impossible to deal with all known vulnerabilities at present.

Due to the high number of distributed update reviews and the difficulty in quantifying the value of security repairs for business managers, mitigating the weakness of critical networks and applications is a constant challenge.

Without a vulnerability management process that helps to prioritize correction tasks, companies can neglect to take the necessary measures to prevent harmful network attacks. In addition, vulnerability management not only helps the company to proactively solve urgent security problems but also contributes to compliance with industry standards.

Learn more about Real-Time Vulnerability Management. 

#5. Experienced Team:

An experienced team recognizes the high level of experience, specialization, professional quality, and demonstrated and accredited training of its cybersecurity solutions.

Our experienced team offers cutting-edge technology to offer various services such as secure web browsing and protecting its clients’ access to services and applications hosted in the cloud.

We prevent the accidental download of malware that can cause information leaks or interrupt the activity in the company or organization. More than half of cybersecurity clashes registered are related to this type of attack which causes high economic damage and losses the esteem of the institution or company.

In addition to offering secure navigation services and protection of cloud services, we provide a comprehensive security service from its network that manages all the companies’ environments to reduce the exposure of their resources to an attack and the risk of suffering a security incident.

If your organization lacks the resources required to build a solid Cybersecurity Foundation, do not hesitate to contact us. We are very well experienced and will help you to put the right solutions in the right place and manage them suitably.

Financial Cybersecurity: Are Banks Doing Enough to Protect You?

Build a Cybersecurity Foundation

Start Today
3 Rules for Risk-Based Vulnerability Management

3 Rules for Risk-Based Vulnerability Management

by | Aug 28, 2018

Consider risk-based vulnerability management to be able to confidently visualize, analyze, and measure cyber risk in real-time while reducing your cyber exposure. 

I was reading an article recently where the author said that he was presented with the question, “Why bother focusing on vulnerabilities at all?” The point they made was that you can be:

  • Not patched and hacked
  • Patched and not hacked
  • Not patched and not hacked
  • Patched and still hacked (via social engineering, phishing, zero-day, or an asset not covered by your VM program)

I understand his frustration, but it’s always better to be prepared. Cybriant obviously recommends covering your bases as much as possible to reduce your threat landscape.

The modern attack surface has created a massive gap in an organization’s ability to truly understand its cyber exposure.

The larger the gap, the greater the risk of a business-impacting cyber event occurring.

Traditional Vulnerability Management is no longer sufficient. Risk-based vulnerability management extends vulnerability management by covering the breadth of the attack surface (IT, Cloud, IoT/OT) and provide a depth of insight into the data (including prioritization/analytics/decision support).

We help security leaders answer the following questions:

  • Where are we exposed?
  • Where should we prioritize based on risk?
  • How are we reducing exposure over time?

Security leaders should be prepared to take traditional vulnerability assessment and vulnerability management to the next level. Use the results from your assessment and remediate your issues to reduce your risk.

Risk-Based Vulnerability Management

Vulnerability scanning (especially done continuously) is an important part of your overall security strategy. If you are scanning, say – only for compliance reasons – but not taking action on the issues, what’s the point?

With a risk-based vulnerability management program, you are able to take the logical next step to reduce your threat surface by focusing on the top priorities for remediation.

If you are using internal resources to scan, sometimes the report is difficult to understand. This is a huge benefit of working with Cybriant. We’ll help customize the reports, so you are easily guided through how to remediate any issues.

By using a risk-based vulnerability management approach, you will save money by fixing only the highest priority vulnerabilities and time by being able to focus on the remediation steps.

Remediation is Key

In a risk-based vulnerability management program, the vulnerability scans need to run continuously. With eyes on your systems at all times, you’ll be alerted to issues as they are presented. Therefore, you’ll be advised on how to fix them faster.

This is why remediation in a risk-based vulnerability management program is key.

According to the article I previously mentioned:

Vulnerability assessment has absolutely no security value … unless you utilize the results to reduce your risk.

Vulnerability management done without significant thinking about remediation priority may in fact also be pointless (vs the labor spent).

However,”risk-based” vulnerability management does deliver real security value – as long as you actually practice it!

Source

Therefore, Cybriant uses a risk-based vulnerability management approach.

By offering continuous vulnerability scanning plus remediation advice, you’ll have a complete risk-based vulnerability management program easily.

Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities.

The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.

Prioritize Risk

Patching is time-consuming and expensive! So, how should you handle it? You know you need to patch. The answer is risk prioritization. If you have 1000 known vulnerabilities, the best option is to “Patch Smarter.”

If your organization is able to prioritize the top 100 highest-risk patches, then focus on those. We use this process internally with our risk prioritization program. Our ticketing system will alert you to only those issues with your defined priority level.

By using risk prioritization, our security experts have the skills to understand exposures in context. They will prioritize remediation based on asset criticality, threat context, and vulnerability severity. Our reporting will help you prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique

Unknown Assets

The greatest challenge for many security teams is simply seeing all the assets in their environment. Adversaries now have a much larger attack surface to probe and attack you across – and those adversaries can see everything and will attack you wherever they find a weak link.

It’s not just that the attack surface is expanding. It’s that legacy tools aren’t sufficient to cover it.

Vulnerability management (VM) tools were often deployed for compliance reasons – to cover just the assets in scope for specific regulations. Then security teams realized VM provides a value proposition around risk/visibility and started expanding the scope to cover all traditional IT assets.

But technology has leapfrogged those tools. We live in a world of cloud, DevOps (containers and microservices and web apps), and IoT/OT. Your organization needs an approach that is flexible enough to cover the entire modern attack surface, as well as expand and contract with it as changes occur.

The bottom line is that legacy tools and approaches simply don’t get the job done today.

Consider risk-based vulnerability management with Cybriant. You’ll get real-actionable results on a regular basis.

Related: How to Prevent Zero-Day Attacks in 5 Steps

How to Create a Patch Management Strategy

 

Risk-Based Vulnerability Management

Learn More
State of the (Cybersecurity) Union

State of the (Cybersecurity) Union

by | Feb 1, 2018

The state of the cybersecurity union today is that all businesses – large or small – should assume the worst and prepare for cybersecurity attacks. It may be impossible to prepare for every potential attack, but you can create a foundation of security throughout your entire organization. Workforces are expanding and using more connected devices, which makes it even more difficult to maintain a human defense firewall.

According to a recent EY survey, many companies may not be prepared as they would like to be. In fact:

  • 87% of respondents say they need up to 50% more cybersecurity budget
  • 48% do not have a Security Operation Center, even though they are becoming increasingly common.
  • 17% of boards have sufficient cybersecurity knowledge for effective oversight of cyber risks.
  • 12% feel it is very likely they would detect a sophisticated cyber attack.
  • 57% do not have, or only have an informal threat intelligence program.
  • 89% say their cybersecurity function does not fully meet their organization’s needs.

Let’s talk about your threat surface

Phishing: You know that nation-states and terrorist groups are constantly out to get us. But, have you considered a poor decision made by an employee that thought a phishing email was an actual email?  We discussed recently that insider threats are the top threat to organizations. 1 in 131 emails contains malware and over 4,000 ransomware attacks occur daily.

Poor Patch Management: You might have heard about the infamous Equifax breach of 2017. That could have been prevented with a simple patch. 45% of companies are not using a dedicated patch management solution to distribute and manage software updates.

Vulnerabilities: 85% of successful hacks use the top 10 known exploits (meaning the companies did nothing about known vulnerabilities in their system). 8,000 vulnerabilities a year were disclosed over the past decade. It’s tough for an IT department to keep up with all of those. Gartner argues that the biggest threats are not the ones that risk causing the most damage to you, but simply the vulnerabilities in your organization’s environment that are being actively exploited “in the wild.

Mobile Cyber Attacks: In Q1 of 2017 alone, mobile ransomware attacks increased by  253%. And 66% of security professionals doubt their organization can prevent a breach of employees’ devices. For hackers, phishing is easy. And profitable. The average phishing attack costs a mid-sized company $1.6 million.

No Security Monitoring: Do you know the threats that are coming into your network? 81% of data breach victims do not have a system in place to self-detect data breaches. Another issue may be that you have a tool in place to detect security incidents, but do you have the expertise on staff to know how to detect and remediate those incidents?

The Financial Industry’s Biggest Threat

What is Firewall Logging and Why is it Important?

PREtect

Learn More
FBI Warning: Hackers don’t stop for the Holidays

FBI Warning: Hackers don’t stop for the Holidays

by | Dec 22, 2017

The FBI has released a warning about a fraudulent email scam, just in time for the holidays. According to the release, “The emails claim to be from one of three shipping businesses and claim that a package intended for the email recipient cannot be delivered. The messages include a link that recipients are encouraged to open in order to get an invoice to pick up the package, however, the link connects to a site containing malware that can infect computers and steal the user’s account credentials, log into the accounts to obtain credit card information, additional personal information, and learn about a user’s shipping history for future cyber attacks.

The messages may consist of subject lines such as: “Your Order is Ready for Shipment,” “We Could Not Deliver Your Package” or “Please Confirm Delivery.” The shipping companies say they do not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information and if you receive such a notice — don’t respond. You should delete the email immediately or forward it to the companies listed contact email address. If your interaction with the website resulted in a financial loss you should contact your bank immediately.”

I clicked! Now what?

We get it! Hackers are so good at creating emails that look very real, plus the timeliness of their messages – around the holidays –  could not be better. Many of us are waiting for packages to ship, wondering where the packages are, and hoping that they don’t get lost. If you click, you’ll probably know immediately that you messed up. The easiest way to check before you click is to hover over the link and see if the URL is one that you would trust. And then, just go to that URL and search for what you need – avoid clicking altogether.

If you click, close the browser, use task manager to end the browser process. Shut down your system and reboot.  By disconnecting, you reduce the risk of the browser reloading that malicious page once you have restarted. Immediately report to your IT team and they may recommend that you clear your cache and do a scan of your hard drive to check for malware.

Consider reporting the malicious email you received to the FBI through their Internet Crime Complaint Center (IC3). Start here: https://www.ic3.gov/default.aspx. The US is constantly being targeted by nation-state hackers and the FBI needs our help as consumers to help them learn more about these hackers and how they can protect us.

Our partner KnowBe4 has a free tool that allows your IT department (or Cybriant if you want us to manage it) to send you fake emails like the ones the FBI mentions just to see how many users at your company would click on those emails. It’s not a malicious email, so the only outcome will be that users that click on the fake emails may have to go through a little bit more security awareness training. After all, employees are the last line of defense if an email has gotten through all your organization’s firewalls, etc. Check out their free phishing security test here: https://info.knowbe4.com/phishing-security-test-partner?utm_medium=partnerurl&utm_source=Cybriant

Avoid it all together

At Cybriant, we discuss the idea of having a layered approach to security when it comes to the overall cyber risk defense of our clients. Hackers will try to get into your organization from every angle possible, so you have to be prepared, and think like a hacker. Many of the breaches you read about are the result of a small thing, like a forgotten patch, that the hackers realized before the organization’s security team. That ‘small thing’ has resulted in millions of dollars of loss for many organizations. Here’s what we recommend:

  • Real-time Vulnerability Management
  • Responsive Patch Management
  • Endpoint Detection and Response
  • 24×7 SIEM with Security Monitoring

 

Partner for Sending Data Breach Notifications

Notifying customers of a data breach is an essential step to protecting their safety and security. It gives customers the opportunity to take the necessary steps to protect their accounts.

This includes changing passwords, monitoring account activity, or even utilizing password manager accounts for extra protection. In addition to improving customer security, data breach notifications provide an important reminder to companies about the risks associated with storing sensitive information online.

Letting customers know that you are paying attention and taking action can help maintain trust and prevent any potential losses due to malicious activity. Contact Cybriant if you need a trusted partner for data breach monitoring.

Cybriant PREtect

Tell me more!
Cybriant in the News: PREtect Spotlight

Cybriant in the News: PREtect Spotlight

by | Nov 20, 2017

 

UPDATE: PREtect has been rebranded to CybriantXDR. Read more here: https://cybriant.com/cybriant-xdr/

Cyber security has been deemed as one of the biggest concerns for small businesses owners when it comes to protecting their digital assets. Cybriant is a holistic cyber security service startup which enables small and mid-size organizations to deploy and afford the same cyber defense strategies and tactics as the Fortune 500.

Their product suite, PREtect, contains 5 cyber risk management solutions designed to optimize the protection of data assets and the detection of malicious events by addressing the most common vulnerabilities in the enterprise. Utilizing leading technologies and seasoned security expertise, Cybriant delivers an affordable solution which addresses the most common yet challenging structural and operational security vulnerabilities. The services include: Comprehensive security monitoring with continuous, actionable threat intelligence; detect and deploy missing patches in one’s system; detect, identify, and contain advanced threats before they cause damage; full executive reporting with consistent detection and identification of vulnerabilities; and a Security Awareness Training and Simulated Phishing platform that will keep a company’s employees trained, with security top of mind. Any business, small or large is vulnerable today.

Read original article: https://tech.co/startup-spotlight-biometrics-car-grunt-work-2017-11