Architecture & Configuration 

A secure-by-design approach means not only ensuring that your systems are difficult to breach but also architected such that should a breach occur, it is difficult for an attacker to traverse and navigate your systems. 

There are many frameworks available to aid in building secure-by-design architectures MITRE ATT&CK for example, a framework based upon considering at how cyber-attacks are typically performed and architecting the systems to make it as difficult as possible for the cyber-attack techniques to be effectively applied as well as inhibiting lateral network movement. 

Configuration Control 

Configuration drift is an issue in any IT environment. With configuration drift comes risks, risk that the change will affect something important in an unexpected way, risk that a change will introduce a vulnerability or increase security exposure. For these reasons and many more it is sensible to adopt a change control process to manage, assess and co-ordinate changes that need to be made. 

Remote Working 

Remote working has brought with it the need to ensure that your users’ computers and devices are protected and effectively managed wherever they are and importantly have confidence that not only is it being applied, but that it is working as intended. Being able to effectively manage and having visibility of your end-user devices is critical to not only ensure they are secure but also to verify they are not being exposed to, and by association, exposing your infrastructure to unnecessary risks. 

Consider the cost 

Unsurprisingly these solutions can increase costs. But consider the cost that a single cyber-attack can easily cost an organisation the inability to conduct & transact normal business for days or weeks, staff costs for disruption and/or to rectify the incident, loss of reputation with customers, etc, then the price increase is justified. 

Want to know more about your Cyber Security posture?

Take Our FREE Security Assessment

Next-Gen Anti-malware

Since its large-scale adoption, the standard for anti-malware has been definition-based protection using a ‘naughty’ list of applications and processes that should be blocked, it’s becoming apparent that this approach no longer provides reliable protection against malware today. It is estimated that 600,000 new malware threats emerge each day, 25% of which are completely new and will not be detected via definition-based scanning.  

Next-gen solutions such as - Sophos Intercept X or Microsoft Defender for Endpoint - that use AI-based detection and Machine Learning behaviour analysis is now the standard that organisations need to be adopting in terms of anti-malware solutions. This is something that organisations need to be considering as soon as possible. 

Access Control 

Access control seems like a fairly obvious inclusion in securing your architecture and it’s something that pretty much everyone is familiar with in some form – usually a username and password, but it can go much farther that that with solutions today, the Sophos suite of hardware appliances for example can automate the access that devices have to network resource based upon the status of their anti-malware – when a threat is detected on an end-point, the hardware appliances can isolate the endpoint from the network to effectively prevent the threat from propagating.  

Alternatively, solutions such as Forcepoint can use user behaviour monitoring to detect insider threats or other potential indicators of compromise with regards to file, network or email traffic occurring that is not normally associated with a particular user.

Device management 

Ensuring adequate control and visibility of your devices in the mobile-cloud era is essential to not only ensure your devices are secure by means of security policy application but to ensure you are in control of where your organisational data resides by setting restrictions on what can be accessed from where and what data can be stored locally on devices to provide just two examples. Solutions such as Datto RMM and MS Endpoint Manager can be invaluable in providing the required levels of management, control and visibility. 

Patch Management 

Good patch management is one of the most important elements to running an IT system today. Software patches are released almost constantly in response to the constant discovery of vulnerabilities and exploits present in the software we use daily. Device management solutions (or their associated features) will often provide some measure of patching functionality – e.g. Datto RMM or Microsoft EM/Secure Score - and all will provide insight into the versions of software running on your environment. Additionally vulnerability assessments can be used to verify your patch management strategy is being effective, or to highlight the need for patch management in your environment. 

Firewalls

Firewalls are another technology that are familiar to most and anyone with an internet connection at home will have a firewall built into their router as a minimum. Next-Gen firewalls offer far greater flexibility and application awareness (i.e. they understand which application generated the network traffic) that traditional rule-based ones with the Sophos XGS line of firewalls proving to be both popular and effective across organisations of any size. 

Web Security 

Web security is another concept that is not new, complexity of course has increased as the nature of the cyber threats users face when browsing and accessing web content has changed, vendors such as Sophos, Forcepoint and Microsoft are amongst the leaders in the field of enterprise web security. 

Monitoring, Detection & Response 

Network monitoring is something that is not new, however its something that was often so complex that many IT professionals simply disregarded it as unachievable. There are not multiple solutions available that will assist with analysing network traffic with a view to understanding it where it came from, where it’s going to and what its purpose is, by using AI to analyse this information, SIEM/UEBA solutions such as LogPoint are able to pinpoint correlations and differentiate between noise and potential indicators of compromise. 

If a full SIEM solution is not justified for your environment then you can augment next-gen AM solutions with their vendors detection and response products, such as Sophos XDR and EDR for Microsoft Defender, these solutions offer great oversight but do not provide the breadth of coverage possible with a full SIEM. 

Zero Trust 

Utilising a Zero trust approach can revolutionise your system and data security, by assuming that no-one or no device should be allowed access until their identity has been established via multiple factors almost guarantees your data is protected from unauthorised access.  

There are a number of different approaches to achieve a zero-trust approach, Sophos Zero-Trust approaches it from a network perspective in a similar way to Cisco Meraki by establishing the pedigree of a device prior to allowing it access to resources, Microsoft uses it’s vast eco-system and cloud presence to apply controls to individual files and leverage telemetry from it’s other solutions such as Active directory and Endpoint Manager to determine whether access should be granted. 

Forcepoint CDR takes a different approach again with regards to interpreting zero trust from the perspective of trusting no emails and dynamically rebuilding every single email in realtime with sanitised links and in doing so almost guaranteeing email based threats are disarmed. 

SASE 

Secure Access Service Edge (SASE) is a new approach to networking and security that reinvents these technologies as converged cloud services. It provides uniform connectivity and protection everywhere so that people can work anywhere. 

Forcepoint’s SASE goes beyond just securing access to web, cloud, and private applications.  

The solution puts the vendors industry-leading data security at the centre of their SASE platform, giving unique control over how data is used even after it is downloaded. We help you make your people more productive and your business safer. 

If a full SIEM solution is not justified for your environment then you can augment next-gen AM solutions with their vendors detection and response products, such as Sophos XDR and EDR for Microsoft Defender, these solutions offer great oversight but do not provide the breadth of coverage possible with a full SIEM.