We have all heard the statement loved by security folks, is not a question of “…if you will get attacked.” it is a question of “…when will you get attacked.”
What are we doing to discover, prevent, and react to those attacks?
Discovery is an important piece to protecting yourself from a cyber threat. As time moves on in your organization things change. People leave, old technology is EOL or replaced with new technology, the business changes, and so much more. As time changes, vulnerabilities change, the threat landscape evolves, and gaps can be created in your security posture.
Getting a comprehensive playbook of your security environment allows you to know where you sit currently, where you may be going, and what things are particularly critical to keeping your company and customer data safe from the bad guys.
Once you have discovered where you currently stand in regards to your security posture it is important to be proactive in preventing an attack. Many times, discovery and prevention come after a compromise but for the sake of this blog, I will assume that everyone is being proactive initially, rather than reactive.
There are couple things that you can do to be proactive when it comes to preventing an attack. One method is Red Teaming. Consistently testing your employees, your infrastructure, and solutions to ensure that you discover the gaps and vulnerabilities before the bad guys do. Common methods such as Social Engineering, Penetration Testing, and reoccurring assessments of your environment and security posture.
You can also get technology health checks. A technology health check is a reoccurring service, typically quarterly, where an expert team will come in and analyze your security solutions and make sure they are being fully optimized using all available features and best practices. This will not only insure that the technology is being utilized to its fullest but improve the value to the customer’s overall investment. Included in a health check is a deep analysis of how the product is performing, where there have been vulnerabilities, and a prioritized remediation check list on how you can improve. Health checks also cover the importance of realigning the configuration of the technology for the constantly changing needs of the organization. Health checks are sometimes the reason why a small vulnerability does not allow an attacker inside your organization.
Finally, there is the reactive junk that we never want to happen but at some point, will. For those in a reactive state there are Incident Response services. You have just been compromised and you hit the fire alarm for an expert team to come out and bring your systems back up. Incident response can be the difference between losing some data and thousands of dollars to losing excessive data and hundreds of thousands of dollars.
After a compromise, systems can be contaminated and quarantined, data distorted or inaccessible, and applications broken. That is when you can utilize a service for System Rebuild. Essentially, bringing all your compromised systems back to their original functioning state as if nothing had happened.
The final piece and service that falls somewhere in between discovery and prevention is a Compromise Assessment. This is an assessment to see if your systems have already been compromised and you did not know it. With this assessment, you can find where you have been compromised and then remediate.
Bird Rock Systems and next generation security partners have aligned their expertise and services to present a full circle of security services no matter what stage your organization may be in.
What strategies do you have in place to proactively defend against threats? If you’re interested in bouncing ideas off of our security team contact Bird Rock today!