Best Practices

SIEM - Must - Capability

While organizations come across array of SIEM solutions, what peculiarities they must focus on?  A brief list. 

  • Unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics
  • Vulnerability management, get regular updates from OEM on vulnerabilities and rules
  • Advanced threat detection, greater ease of use, lower TCO, Near real-time correlation and behavioral anomaly detection
  • Auto-discovery of assets and automated updates for conditions & rules.
  • Application Layer Flow analysis(Layer 7)
  • Automated regulatory compliance by collection, correlation & reporting   capabilities.(PCI, NERC, SOX, HIPPA, GLBA)

Application Layer 7 flow visibility:

What helps administrator to get layer 7 application traffic visibility?

Approaches to cyber risk mitigation

Approaches to cyber risk mitigation

Risk management focuses on realizing security through the management and control of known risks. The rapid evolution risks is outpacing. Today, Cyber resilience requires organizations to prepare to deal with severe impacts from cyber threats that are impossible to predict. Cyber resilience requires that enterprises have the ability to prevent, detect and respond quickly and effectively, in order to manage, respond and mitigate negative impacts of breach. It is about sustaining the success of an enterprise, even when it has been subjected to the almost inescapable attack. It puts the power in the hands of people, and arms them with the ability to recognize risks, draw on the collective intelligence of others, and take preventive or corrective action.

End Point Security First Step

End Point Security First Step

End point security Suite plays a key role for any enterprise. Enterprise can be protect the environment from malware out brake, malicious hit, data leakage, SPAM, back door attacks. The end points (Desktop, Laptop, Servers) can be protected even better with the way we configure the policies/rules.

As a best practice, the signature updates plays a key role to avoid any malware outbreaks inside the environment. Most of the vendor release signatures at least twice a day and one signature release over the weekend. The policies should be in line to update the signatures at the end point level by having a distributed load for the management servers or by placing the different distribution servers to reach the end points for signature update. The frequency can be every 4-6 hours to check for any new signature release from the respective vendor.  

Governance around Privileged Account Management

Governance around Privileged Account Management

In today's day and age, Privileged account (read as accounts that can really create havoc) has become a nightmare to manage. While automation is required using tools like CyberArk, Arcos etc., it may not be sufficient. So how do you really provide governance around such accounts?
Firstly, we need to understand that there are different types of privileged accounts.

Keep a Sharp Eye on Insiders

Few years back may be security was not of much importance to organizations but now the time has changed and the approach has been changed. Organizations are seeing various cyber attacks and security breaches which cause loss of reputation, customer trust, money and bring serious legal troubles. They are now are highly concerned about security so they are investing and focusing more on the protection of their data, resources etc and seriously paying huge attention towards it. Obviously, legal troubles by not abiding by the various security laws and standards can put the decision makers behind bars also.
Threat

Maximizing the benefit of Security Investment

Many times an organization undergoing security transformation decides to take up too many projects. This leads to: -

  1. Overload on workforce
  2. Operating Cost escalations
  3. Mismanagement of projects

As such it is imperative for an organization undergoing a security transformation program to first clearly identify and enlist security initiatives needed based on a proper security gap assessment.
Once the initiatives are identified they should be prioritized based on criticality, organization strategy and cost-benefit analysis. All the security initiatives for an organization can be divided between initiatives focused on applications and the ones focused on infrastructure. As such, it is wise to invest first on security initiatives that encompass both applications and infrastructure. The benefits of such a strategy can be reaped in the form of: -

Five Techniques to Keep Employees Computing Secure

There is never too much security in place when it comes to a company's data center, employees, and clients. US companies have embraced the Bring-Your-Own-Device trend, and this movement continues to gain traction in 2015.
Research firm Gartner predicts that by 2017, half of employers will ask their employees to bring their own device for work. As enterprise BYOD programs continue to become more commonplace, 38% of companies expect to stop providing devices to workers by 2016, according to a global survey of CIOs conducted by the firm.

Pages

Subscribe to RSS - Best Practices