this is the archive page

Cybersecurity outsourcing: how to keep flat budgets from adversely affecting your organization

2021 is expected to bring flat—if not decreased budgeting—for businesses. The security of your network and data cannot afford to be compromised by those cuts. One way to ensure the security of your most valuable asset is to outsource. This article takes a look at cybersecurity outsourcing considerations using the NIST Cybersecurity Framework.

Consider outsourcing cybersecurity using the NIST Cybersecurity Framework

Developing and managing a successful security program is both expensive and time consuming. Because of this, cybersecurity outsourcing has become mainstream for companies of every size across all industries. Companies can choose from outsourcing a small portion, or all of their IT security to a managed security provider. Following the NIST Cybersecurity Framework, we’ll take a look at available outsourcing security services to help safeguard your business.

Identify. The first step to understanding how to best mitigate your risk requires a comprehensive view of your organizations business drivers and security considerations specific to its use of data, systems, assets and capabilities. A Security Assessment will unlock this information, align it to your gaps versus your goals, and provide a roadmap for success.

Protect. Your customers and employees depend on the delivery of critical infrastructure services and on your ability to safeguard their data. Protecting these services and data in a way that is consistent with your roadmap will give you the ability to limit or contain the impact of a potential cybersecurity event. These include control of access to digital and physical assets; defined processes for data security; network configuration updates; and deploying the appropriate security technologies.

Detect: The constant changes in both IT practices and the threat landscape place an exorbitant amount of pressure on IT staff. 24×7 monitoring solutions that detect threat activity and provide operational continuity are effective ways to analyze and quickly detect a cyber event without requiring the buildout of an SOC or security monitoring team.

By outsourcing cybersecurity, you’ll help your organization with:
  • Underlying technologies.
  • Alert fatigue.
  • Network monitoring.
  • Investigation and verification.
  • Threat awareness.
  • Incident response.
  • Compliance reporting.
  • Compliance reporting.

Respond: As corporations move toward digital transformation to create a future-forward business, a comprehensive security plan must also be in place to protect your business. When a cybersecurity event is detected, the action taken to contain the impact of the incident must be a pre-planned, documented process in order to minimize impact to the organization. Cybersecurity outsourcing for risk and management governance brings expertise and objectivity that are paramount to creating a sound plan, testing your capabilities, and lining up expert help for incident response.

Recover: Documented activities, communication, and processes are required to restore affected services during and following a cybersecurity event. The implementation of improvements based off lessons learned and reviews of existing strategies will ensure your security posture is up to date. 

If you have limited on-site expertise, we recommend partnering with a trusted incident response provider to assist in creating a plan. A strong plan will guide you to:

  • Properly and effectively prepare for an attack.
  • Detect and analyze an intruder.
  • Contain the attacker, eradicate their presence on your network, and recover the impacted assets.
  • Assess your learnings.

Contact the security experts at CBTS to get started on or update your cybersecurity plan.

5 questions you’ll need to answer for an improved security posture in 2021

Are you a security practitioner that was blindsided by 2020? You’re obviously not alone.

As we noted earlier in the year (man, I wrote that nine months ago? Feels like nine years), it’s unlikely that a global pandemic was on your risk radar. With the year drawing to a close, it’s a good time to reflect on how things have changed for your business’ risk priorities and what you’ll need to do next to keep pace with those changes. Here are a few questions you can pose to your security team:

Question 1: How are you reevaluating your risk priorities?

Let’s first think about why a pandemic wasn’t high on your list of risk priorities. If you don’t have a list of risk priorities, that’s a good reason, and the absolute first thing you should address. Document your business’ risk—including “cyber” risk that affects your data and assets— and stack-rank them in terms of priority. As you’re doing so, consider where your list came from. What were the sources of the risk you documented? Did it just come from your own imagination?

Comprehensive risk management looks at a wide range of factors. Certainly other stakeholders in the business need to weigh in. You also want to look at the output of security and risk assessments which are designed to highlight gaps that need to be addressed. Most of all, look at the assets that are most valuable—your customer database, your IP, your reputation, your third-party relationships—and determine what actions could damage those. Don’t just focus on current events, either—do some research. Examine what historically has affected others in your industry or region. Those may bring some risk ideas to light that you hadn’t previously considered.

Question 2: How are you protecting your remote workforce?

Did your users take their company workstations home during the pandemic? Who knows what kind of coffee stains are on them now? On top of that, it’s likely that their home Internet connections do not have the same network defenses you might have on your company network. That might mean malware has found itself on that machine. It also might mean your company’s sensitive data has found itself places it doesn’t belong—a home printer, a recycle bin on the curb, or your employees’ personal iPad.

Many security teams build their controls with the assumption that sensitive data, or company assets, won’t be far from the office for very long, Have you reconsidered that strategy since the pandemic? If there is a breach or incident, how will you approach the incident response process if the device in question is remote?

Question 3: What is your ransomware strategy?

One of the most pervasive threats to the enterprise network today is ransomware. Cyber criminals continue to develop more effective ransomware kits, with more sophisticated features. Their methodology is changing, too—many human attackers are stealing sensitive data before encrypting it, and threatening to expose that data publicly, doubling the incentive for a victim to pay up.

Cyber criminals are also using “pay the ransom” tactics in threatening distributed denial-of-service attacks—using botnets they create or rent to point a massive amount of bandwidth at a target server or network to knock it offline.

It’s helpful to decide ahead of time the decision tree you will follow if this happens, and prepare a response. It’s also helpful to establish a set of controls to prevent this from happening in the first place!

Question 4: Are your users trained to spot social engineering?

We’ve seen an uptick in phishing, social networking, phone, text, and other social engineering campaigns using the U.S. elections, the pandemic, racial tension, and other issues as fuel. When your employees’ e-mail boxes are blasted with convincing-looking messages that promise details of a problem with vaccines, do you trust them to avoid the scams? To report the attempts to the security team?

The key practice that addresses these issues is awareness training, and in that vein, we need to be made aware of current threats more often than once a year, as the threat landscape changes, and attacker tactics mimic the fears and concerns of the victims they target.

Question 5: Are your security operations running smoothly?

In our experience, most security teams aren’t blessed with a ton of margin. They run lean and frenetic, tasked with keeping security controls healthy, monitoring their output, and putting out fires with the assistance of other IT operations teams. Isolating those teams, amping up the pressure, adding distractions at home—times are tough, and we are finding customers looking to managed security services to take over some core practices. Security monitoring, vulnerability management, incident response, BC/DR and backups are some of these core functions that are ripe for outsourcing, to achieve more cost-effective, scalable, and operationally rigorous and sound security practice.

This year has been painful and memorable, but if we’re honest, intentional, and we muster our courage, it can present a tremendous opportunity to improve our security posture and the essential practices on which our business will depend. Our mission to protect data and assets isn’t going away, it simply continues to mutate. Our “what” and “why” stay the same, our “how” shifts continually—and this won’t be the last time! We continue to look for ways to help our partners stay current and grow their security programs.

Contact us today to learn more about how we can help your security teams prepare for the future.

How to move your network security strategy forward with automation

Network security remains a vital issue for CEOs, especially considering that 32% of organizations have experienced major cyber attacks in the past two years, according to the 2019 Harvey Nash/KPMG CIO survey.

The cost of security breaches continues to grow as well. According to data from IBM Security, the average cost of a data breach rose to $3.92 million in 2019, a figure that should concern anyone keeping a close eye on today’s rapidly evolving IT landscape. To keep ahead of malicious digital threats that seem to grow more sophisticated every day, a truly modern cyber security strategy is called for.

As speed, time, and security are watchwords for any unified automation platform, CBTS is simplifying security environments for modern enterprises by leveraging the Red Hat Ansible Automation Platform. This technology provides role-based access control, security, auditing, and delegation, utilizing both the REST API and the traditional command line interface (CLI).

The platform oversees a wide array of functions, including security, networking, line of business, operations, and development.

Read our infosheet on the automation potential of Red Hat Ansible

And, discover more about the Advanced Automation Platform and the advantages it can bring your organization.
 

Components for effective security

While there are many automation solutions available, not all have the capabilities needed for effective security automation, which involves automating the manual tasks associated with enterprise security. Organizations looking to modernize their cybersecurity strategy should seek out automation platforms offering:

  • A universal automation language that allows simple documentation of information between security team members
  • Integration with your security infrastructure and vendor ecosystem
  • A modular and extensible design for trouble-free deployment, which will help you accommodate new security tools in the future

How Red Hat Ansible enables network security

The Red Hat Ansible Automation Platform from CBTS delivers features necessary for security automation, combining easy-to-digest automation language with a composable execution environment alongside security-focused communication and collaboration capabilities.

The platform’s open foundation also allows for seamless connection to your security applications and IT infrastructure, creating a common platform for participation and sharing across an entire organization. A supported set of security-focused Ansible collections—modules, roles, playbooks, and more—is included with the platform. These assets coordinate a unified cybersecurity strategy to counter a variety of threats by providing:

  • Chain workflows and playbooks for modular reusability.
  • Consolidated and centralized logs.
  • Support of local directory services and access controls.
  • Integration of external apps using RESTful application programming interfaces (APIs).

Additionally, the Red Hat Ansible Automation Platform includes tools to help optimize automation:

  • Automation Analytics offers insights into how your organization processes automation.
  • Automation Hub lets team members access certified automation content via a centralized repository.
  • Content Collections streamline the management, distribution, and consumption of automation assets.

Modernize your security approach with the right automation platform

With CBTS as your trusted partner, the Red Hat Ansible Automation Platform can help bring your IT teams together to respondto growing security threats faster and at scale. Our certified Red Hat Ansible experts will consult with you to understand your current environment and work with your team to customize the platform to meet your automation business objectives.

Contact us for more information on how the Red Hat Ansible Automation Platform can modernize your cybersecurity strategy.

How to upgrade and modernize your e-mail security strategy

Amid all the talk these days about malware, spyware, ransomware, and all the other malicious activity targeting the enterprise, one crucial fact tends to get overlooked: the vast majority of these threats enter protected data environments not by breaching the firewall but by invitation through an e-mail scam.

According to Verizon, virtually all (94 percent) of malware is delivered via e-mail, with phishing scams accounting for 80 percent of the total. While most professionals have grown wise to the standard come-ons from Nigerian princes and time-share sales pitches, more recent attacks are showing greater degrees of deception, such as cleverly disguised missives from “accounting” or “the CEO.” As data mining and social engineering techniques become more sophisticated, expect to see increasingly personalized e-mails that will be even harder to detect as frauds.

Perhaps this is why the Ponemon Institute reports that nearly one in four people who receive phishing e-mails open them, and 10 percent of those will click on the link or attachment that launches the attack. This gives the cyber attacker a 90 percent chance of success after sending only 10 messages.

Help is on the way

The good news is that steps are being taken on national and international levels to thwart phishing scams and a wide range of other threats. Recently, Microsoft, Symantec and a host of industry partners dealt a body blow to Trickbot, a Trojan-horse botnet that has infected more than 1 million devices since 2016. Following a lengthy investigation into the net’s worldwide array of hosted servers, Microsoft was able to institute legal action that allowed it to quickly disable nearly all of its initial servers plus the replacements that Trickbot tried to spin up once it realized it was under attack. While the botnet is not down completely at this time, it is on life-support.

Undoubtedly, new threats continue to emerge even as others are neutralized, which makes it imperative for enterprises to ensure their own e-mail security strategy are as thorough as they can be. Training employees to spot fake e-mails will likely continue to be one of the best protective measures against intrusions, but there are also many ways in which technology can be leveraged to weed out the phishing attempts.

Perhaps one of the most crucial areas to shore up within the enterprise data environment is Microsoft 365. As the main repository of e-mail and other sensitive data, 365 should be deployed with an eye toward enhanced threat protection, data security, and other tools.

In complex office environments, however, this is a lot more difficult than it sounds. For one thing, Microsoft is continually updating its e-mail security features to keep up with the evolving threats from the outside. Ensuring that these tools are deployed thoroughly and are providing the needed protection for each enterprise’s unique data ecosystem is a full-time job, one that can significantly add to an organization’s IT budget if not handled in an appropriate manner.

Expert approach

This is why CBTS has teamed up with many of the foremost leading experts in the field of e-mail security and provides their expertise as a service. Using a combination of people-centric measures and cross-channel security platforms, these collaborations have shown that it is possible to e-mail security strategy and maintain a highly secure data environment even as the user base becomes increasingly reliant on mobile technology, social media, data sharing, and other technologies that tend to push data beyond the firewall.

CBTS has bundled several cutting-edge security capabilities into the Advanced E-Mail Security Services platform, providing a one-stop shop for all emerging threats to e-mail architectures. By including the latest in spam filtering, continuous monitoring for fake e-mails and targeted attacks, and business continuity measures in the event of system failure, our cloud-based program maintains the highest availability for critical e-mail communications.

Our three-tiered approach also allows clients to choose the right level of security for their needs. These include:

  • Business features – designed as a turnkey service for the foundational functions to protect users at the lowest cost;
  • Advanced features – for organizations that require tools such as Attachment Defense, E-Mail Encryption, and Social Media Account Protection;
  • Security Pro features – a fully managed service that extends protection to e-mail archives and e-discovery, plus up to 10 years of secure data retention.

In an uncertain and often hostile world, enterprises must remain vigilant against any threats to services that can erode the trust of the user community. By partnering with CBTS, you can ensure that the highest levels of security are being maintained without driving costs to unsustainable levels.

Read our recent infosheet for more information and contact CBTS to learn how our managed services can improve your e-mail security strategy.

How to build a full-spectrum cloud security strategy

The growing relevance of cloud technology shows no signs of slowing down. As more organizations migrate to cloud environments, their managers and IT specialists are grappling with the issue of cloud security.

However, a number of misconceptions currently muddy the water and could prevent your enterprise from achieving the secure cloud networking environment it needs to stay competitive. Before you embark on a comprehensive cloud migration journey with your organization, ensure that you have all the information you need to build a cloud-enabled security solution.

More isn’t always better

You may hear from time to time that the more cloud security tools your enterprise can bring to the table, the safer your data will be. This isn’t always necessarily the case. In fact, too many disparate systems, as well as too many security service providers, can overwhelm your staff and security experts and create additional avenues of attack.

It’s also vital to not simply rely on your cloud security provider to manage all aspects of your organization’s security solution. While working with a security provider, your team should remain responsible for the data it places in the framework of your managed cloud security environment. Overall, a streamlined and customized cloud security strategy, in which your organization has transparency into the entire process, is the best approach.

Stay ahead of the curve

The interconnected and comprehensive nature of cloud computing imposes some inherent risks and vulnerabilities, chief among them being the volume of access points to secure across the environment and the amount of auditing and review needed to prevent breaches.

Additionally, cyber attackers are constantly evolving their techniques and employing more advanced methods to break into protected stores of data. However, in most cases, successful security breaches are the result of lapses, errors, and lack of preparation on the part of the victim. To prevent opportunistic hackers from finding an open window into your network, a robust security policy must be instituted so that employees are held accountable for every possible network entry point.

This team-oriented approach to cyberattack defense may be counter-intuitive; after all, isn’t security best left to the professional providers and consultants? Not necessarily. Security is everyone’s responsibility—especially in the hyper-connected cloud era. Your developers should be involved in the ongoing process of securing your cloud environment with the assistance and guidance of your security provider.

Don’t count too much on automation

Although automated network security is an attractive goal to strive for, human input should not be underestimated or discounted. Studies have shown that both human specialists and computer-driven security systems are equally valuable in terms of identifying and mitigating weak spots in a cloud computing network.

Securing a cloud network environment is not a simple matter, and it can be difficult to know the first steps or to separate myths from the truth. However, by keeping these guiding principles in mind and choosing the right provider to meet your specific security challenges, you can set your organization up for success in an increasingly cloud-centric world.

To help future-facing enterprises secure their cloud computing environments, CBTS is bringing Check Point CloudGuard Security as a Service (SaaS) to market. CloudGuard SaaS is a cloud service tailored for real SaaS threats. More than just a cloud access security broker (CASB), it blocks attacks intended to steal data on common SaaS applications and cloud e-mail. It provides complete protection against malware and zero-day threats, sophisticated phishing attacks, and hijacking of employee SaaS accounts. Users also gain instant threat visibility and data control and protection.

“CBTS has leveraged SD-WAN technologies to help our customers along their journey to the cloud and their path to digital transformation,” said Jon Lloyd, Director of Cloud Networking for CBTS. “Organizations are now facing the challenge of how to secure this new, flexible, always-on network where an application can live anywhere in the world and employees can work from anywhere in the world. Check Point’s CloudGuard Connect and CloudGuard SaaS enable our customers to make the network decisions and application decisions that are best for their organization without the added difficulty of securing a malleable, distributed network. We are delivering peace of mind now along with our flexibility and convenience.”

Check Point and CBTS can offer differentiated security services to customers moving towards borderless compute (SASE and CASB).

Contact CBTS for more information on how to build a cloud security strategy that keeps your organization’s data and employees protected.


Read more: Protect your SD-WAN network with cloud-enabled security

Read more: Finding the right SD-WAN provider for your organization

Protecting your most vulnerable cyberattack vector: E-mail

Modern enterprises face security threats on a number of fronts. From DDoS attacks to malware and data theft, no organization is too large or too small to take the issue of security lightly.

While most breaches occur when a hacker penetrates a firewall or intercepts data in transit, this usually occurs after a password is cracked or malicious code is introduced into secure infrastructure willingly. And to do that, most hackers exploit perhaps the most common IT service of all: e-mail.

Crime of opportunity

E-mail’s status as the preferred attack vector of choice is nothing new and has proven to be financially rewarding for actors in the field. Targeted phishing attacks and other scams are typically the easiest way to breach an organization’s defenses, particularly now that security has emerged as a top priority following the much-publicized string of major data thefts in the past few years. Through sophisticated social engineering and messages disguised as those originating from legitimate sources, the cyber underground can circumvent even the most elaborate security regime to gain access to all manner of confidential information or introduce viruses and/or data scraping bots that can operate for months, even years, before they are discovered.

According to the Ponemon Institute, the threat from e-mail-based cyberattacks is growing. The group reports that nearly a quarter of people regularly open phishing e-mail, which in itself does not usually trigger an attack or data theft through ransomware. What’s worrisome is the fact that 10 percent will click on a malicious link or open a weaponized attachment. This means that an attacker has a 90 percent chance of scoring a hit after sending only 10 e-mails. This is in large part why the average business loses some $3.7 million per year to phishing scams.

And this is likely to get worse as the tools available to hackers on the dark web and elsewhere become more advanced. Using modern data mining techniques and AI-driven technology, fake e-mails are becoming increasingly difficult to spot, containing all manner of personal information that can fool even the most vigilant knowledge worker.

Safe and protected

To help shore up vulnerable e-mail infrastructure and fight back against e-mail cyberattacks, CBTS has created the Advanced E-mail Security Services platform. It provides all the necessary filtering to weed out infected spam, fake e-mail, and targeted attacks. At the same time, it delivers enhanced business continuity and cloud options to ensure high availability and continued e-mail service even in the event of a main server failure.

The program provides three tiers of protection designed to meet the unique needs of individual enterprises. These include:

  • Business features – a cost-effective, managed e-mail security service that provides the foundational functions needed to run a business while protecting users.
  • Advanced features – a complete turnkey service that provides additional Attachment Defense, E-mail Encryption, and Social Media Account Protection.
  • Security Pro features – our highest level of protection that adds E-mail Archive & eDiscovery capabilities, plus Unlimited Storage with up to 10 years of data retention with end-user search capabilities.

One of the key aspects of e-mail security is transparency. Without that ability to peer into the workings of the e-mail environment, enterprises are left guessing as to what is happening and what level of risk they are experiencing. As part of its managed program, CBTS provides detailed reports documenting the health of e-mail systems and related security trends that may affect future performance. There is also a read-only access option to the platform, allowing users to view real-time dashboard information of overall system heath. In addition, custom reporting can always be configured to suit unique requirements.

Security solutions should also work quietly behind the scenes, so as not to disrupt critical business functions. All e-mail security services integrate seamlessly into existing CBTS operational processes, including ticket-tracking for issues generated with the security platform, as well as chronic event reporting and incident response up to and including those requiring customer contact.

In this day and age, e-mail is an essential business tool. Without the ability to effectively thwart intrusion, however, it can easily become your biggest problem. By delivering industry-leading software as an integrated managed service, CBTS not only provides world-class protection of critical e-mail assets, but backs it up with certified technical expertise, ongoing monitoring, management, and support, and even data migration as necessary.

With a secure e-mail environment in place, the enterprise not only protects itself but its employees, investors, partners, and perhaps most importantly, its customers. To learn more about CBTS E-mail Security and Data Protection, download the related infosheet.

Contact us for information on how CBTS can help protect your organization from e-mail cyberattacks.

You Virtualized My CISO! Security leadership with a virtual CISO

The Chief Information Security Officer position has become the mainstay of a formal information security program. The position—which you would rarely find at a Fortune 500 company 20 years ago—is now essential for a business that takes protecting data and assets seriously.

The role has grown from simply overseeing the rollout and management of a suite of technical controls to a force for cultural change in an organization: overseeing risk management, awareness training, data protection, regulatory compliance. Their efforts influence multiple areas of technology, including application development, network operations, and cloud migration.

For many of our customers, though, employing a CISO still feels excessive. Small businesses consider security as an extension of IT and rely on systems and network administrators to protect the environment using a disparate set of tools in between building new infrastructure, putting out fires, and supporting employees.

In 2020, if you make securing your business an afterthought, you are exposing the organization to risk. With no formal leadership, risk can go unidentified and may not be addressed; tools and products deployed may not be adequate or even targeted at the right threats and use cases; and controls may erode away over time with no ongoing oversight. Unfortunately it’s not always as simple as “hiring someone.” The right security leader is tough to find and even more challenging to afford. Over the last few years we’ve gotten requests from customers for security leadership with a smaller footprint, which is why we’ve begun offering Virtual CISO services (don’t worry, they’re actual humans, not sentient software!).

Imagine having a master chef step into your kitchen to help you craft amazing cuisine or a decorated NASCAR driver riding shotgun in your minivan to show you how to draft through neighborhood traffic (don’t tell me you’ve never wanted to!). This is what we envision with our Virtual CISO services: engaging a seasoned security leader that’s been where you’d like to go, and can show you the way.

Our long-standing position in the IT and security space, combined with our roster of technical talent, has provided us connections with some of the most capable, best-regarded security leaders in the world. We can provide this talent to assist with the development of a security program or risk management efforts, for strategy of ongoing security operations and initiatives, or even for help with specific decision points that might require a veteran’s expertise. We can design engagements that fit nearly any scenario, budget, or work schedule. Contact us if you’d like to explore engaging one of these experts to help jumpstart your organization’s security program.


More from Justin Hall: Security Trends of 2020

MDR: Another security fad? Think again.

Technology priorities from the C-Suite are ever-evolving. I’m fortunate to have the privilege to meet with leaders from all industries to discuss these priorities. They range from embracing digital transformation, to accelerating multi-cloud strategies, to attracting and retaining top technical talent, to enabling more effective communication and collaboration, to keeping internal customers happy. One theme, however, never changes.

“I’m afraid of a breach that will cripple our business.”

Cyber security has been a top priority for leaders everywhere, and will continue to be one well into the future. Organizations need to have a proactive mindset with their security posture to continue to protect and defend against internal and external threats. Protecting against threats has a significant and oft-misunderstood undertone: These threats are known to the security community. But how do you protect against unknown threats?

It’s important to understand that your security vendors, whether they are endpoint protection, e-mail protection, firewalls, etc., are protecting you (and for the most part, doing it well) against known threats. How organizations are protecting and defending themselves against unknown threats will be a critical discipline that helps leaders rest easy at night knowing the answer to the question:

“Am I being breached right now?”

So what is the answer? MDR, which AlertLogic defines as: Managed detection and response solutions identify active threats across an organization and then respond to eliminate, investigate, or contain them. MDR has increased in visibility and importance as organizations realize that no level of investment will provide 100% protection against threats and as the scale and complexity of the security challenge becomes intractable for individual organizations, regardless of size.

Why should organizations invest in MDR? Well, few organizations have the experts and infrastructure needed to protect themselves. The key question I like to ask technology leaders is: “If your IT team doesn’t work weekends, and you faced a security incident at 3 a.m., what would the implications be?

So no, MDR is not just another security fad. It’s an incredibly valuable service that leaders should consider adding to both security plans and budgets for years to come. While it’s important to realize you can never protect 100% against attacks, you can:

  • Reduce the likelihood or impacts of a successful attack.
  • Receive 24x7x365 visibility across all assets in your organization, with context-aware alerts.
  • Have a platform that is continually updated with the latest threats and vulnerabilities.
  • Augment technology platforms with human intelligence to achieve greater accuracy and value in your investment.
  • Respond to alerts based on business context. Not every threat should be assigned the same value.
  • Deliver results.

In closing, managed detection and response should be considered by organizations everywhere as they reach their next budget cycle. MDR is an advanced security service that provides threat intelligence, threat hunting, security monitoring, incident analysis, and incident response. This isn’t your traditional SIEM, it’s the future of managed security services.


Contact one of our security experts today about how we can better protect your business.

Know the components of an effective patch management program

Minimizing data security threats and keeping operations safe is a demanding task that every enterprise grapples with. Systems need to be kept up to date and potential intrusions must be screened for proactively. However, effective vulnerability and patch management is not a one-time event. To truly cover all the angles of your operations, a thorough and ongoing process of consultation, assessment, preparation, deployment, and support is needed. The following are the crucial areas that a comprehensive patch management program should cover:

  • Mapping of current network topology.
  • Establishing a baseline of vulnerabilities.
  • Application of all outstanding patches.
  • Determining cadence of patch application.
  • Review of ongoing critical patch escalation processes.
  • In-depth quarterly reviews.
  • Continuous, ongoing assessment and monitoring.
  • Auditing and compliance analytics.

When properly planned and executed, this process provides critical insight into the potential risks inherent in your network, as well as the methods that can be used to mitigate this risk and compile empirical data to prove regulatory compliance.

Taking the right steps

With the above components in mind, enterprises concerned about the effectiveness of their patch management strategies should be sure to carefully exercise a series of best practices. These best practices begin with a full self-audit of an enterprise’s software environment and hardware inventory to better understand any existing vulnerabilities and what patches should be prioritized.

After your organization has an up-to-date picture of its entire software and hardware landscape, it can then effectively assign relative levels of risk to each program or access point. The higher the risk level assigned to an aspect of your network, the faster it should be addressed in your patch management strategy. Additionally, if multiple instances of redundant software has accumulated in your portfolio, these can be consolidated to mitigate the risk of exposure.

If your organization utilizes a third-party vendor for some of its software solutions, it’s crucial to involve this vendor in your patch management approach. Third-party software should be kept up-to-date alongside your proprietary software to ensure that no elements of your network environment fall behind. Lastly, these planned patches have the best chances for success when rigorously tested before being deployed. The unique characteristics of your hardware inventory, software environment, and business model mean that no patch can applied in the exact same way to any two networks.

The right approach and enough preparation can help any enterprise keep its systems updated and secure, but many organizations seek out managed service partners to ensure a smooth and comprehensive patch management process.

A managed, full-spectrum approach

CBTS is standing by to offer a thorough vulnerability assessment and patch management service backed by expert knowledge and wired into the entire range of your enterprise’s infrastructure. This service can assist you in identifying new and unexpected vectors through which your operations can be attacked, defining your highest-ranking vulnerabilities, evaluating your existing policies, reviewing compliance requirements, and more.

A managed vulnerability assessment and patch management program by CBTS covers every aspect of your network environment, from your endpoints to critical assets, equipment, and facilities. It also extends from the planning and deployment phases to an ongoing monitoring and auditing period, ensuring that your organization’s patch schedule is optimized for your specific needs.

Contact CBTS for more information on vulnerability assessment and patch management services.

Pentesting, Chicken Guns, and Mike Tyson

Here at CBTS, we do quite a few pentests every year. I’ll note for my readers that the term is an abbreviation for penetration tests. It’s funny how many folks think the “pen” is an acronym and spell it as “PEN test,” so let your friendly neighborhood pentester set you straight:

Penetration test = 🙂

Pentest = 🙂

PEN test = 😔

So what is a penetration test? Why does it sound so menacing and borderline inappropriate? Let me explain by referencing 1950s aerospace engineering.

Pentesting explained

In the 50s, fleets of aircraft were in use all over the world, but facing a dangerous problem: running into birds in midair. This led to technical advances in building new windshields and new engines, but engineers needed to ensure that their designs would satisfy their requirements. So how do you make sure your windshield stands up to a bird hitting it? You hit it with a bird!

This is how the “chicken gun” was born: a compressed-air cannon that would fire a dead chicken into a target. Over the following decades, several aircraft manufacturers developed these tools as a way to test the resilience of their safety measures.

Penetration tests are the chicken guns of the IT and information security field.

Think about how much effort you put into defending your organization and computing environments from attacks. You stack up security software on your endpoints, place box after box in a pile between your users and the Internet, write pages of policy—but are you actually sure those defenses and controls will stop the threats about which you are concerned, beyond what they promise on paper?

A penetration test is ultimately the only way to make sure.

We test whether we can penetrate your network, your database, your cloud environment, and so on.

They are simulated cyber attacks, performed in controlled conditions by trained, ethical hackers, and the intention is to mirror actual attacker tools, tactics, and procedures.

They’re mandatory for a lot of security frameworks and regulatory compliance requirements because they demonstrate the actual effectiveness of the entirety of the security strategy.
 

The bottom line is, if you want to know if your organization’s security strategy will truly stop your threats, a penetration test is essential. As the great philosopher Mike Tyson reminds us, “Everyone has a plan until they get punched in the mouth.”

It sounds like a straightforward idea, so why isn’t everyone doing them?

There’s a fear aspect, with leadership and technical folks uneasy with the idea of someone using attacker tools on them, to which we say: Attackers are out there, and they’ll use their tools, whether you’re comfortable or not, so let some friendly faces do it first and tell you how to fix what they found.

There are also budgetary challenges as it can seem extravagant to spend money on an assessment like this. Again, we would say that you’re going to incur cost if your defenses fail to stop an attacker and it may be much more substantial than the cost of the test. The cost of lost business, fines, ransom payments, legal fees, brand impact, and the like can stack up pretty quickly.

If you’d like to learn more about penetration tests, and specifically what a test designed for your business and environment would look like, we’d be happy to dream up one with you. We’ll leave the chickens at home!

 

Related Articles

Meet Justin Hall, Director of Security Services

Continuous Penetration Testing critical for security

Three steps to enhancing security solutions