As you begin to establish goals and reevaluate critical business risks for the year ahead, cybersecurity must be at the very top of your list. According to the Breach Level Index, the number of lost, stolen or compromised records increased by a jaw-dropping 133% in the first half of 2018 compared to the same time the previous year. As attack methods continue to evolve, you not only need a strong security platform, but the knowledge and experience to put it all together. Without the right strategy and execution, you are taking a serious gamble with your livelihood.
Our Protelligent® engineers have compiled this handy cybersecurity checklist of tactics that can help you prevent initial compromise, along with measures to contain an attack after infiltration.
UP-FRONT TACTICS TO HELP PREVENT INITIAL COMPROMISE
- □ Patch vulnerable software and restrict network access to what you cannot quickly patch
- □ Restrict Access to Remote Desktop (RDP)
- Place RDP listening ports behind a firewall
- Use an RDP Gateway
- Enable network-level authentication
- Change the default listening port
- □ Use Server Message Block (SMB) Best Practices
- Disable SMBv1
- Restrict SMB network activity by using firewalls
- □ Block Malicious File Attachments in Email
- Executable and batch files (.EXE, .BAT)
- Script files (.JS, .VBS)
- Archive files (.ZIP, .SFX, .7z )
- □ Organizational Awareness
-
Ensure your employees know and understand the current cyber-threat landscape, from ransomware and phishing to whaling and more. As part of our Premonition
™ Security Suite,
Protelligent provides online courses led by seasoned experts to help you manage human risk more effectively.
- □ Utilize Ad Blockers in Web Browsers
- □ Secure Microsoft Office
- Enforce stringent macro controls to reduce potential infection from malware and malicious scripts
- Ensure the “update automatic links at open” setting in Microsoft Word is disabled to prevent the Microsoft Dynamic Data Exchange (DDE) feature from launching malware
- Disable Microsoft’s Object Linking and Embedding (OLE) feature when possible to reduce malicious file attacks
PRECAUTIONS TO CONTAIN ATTACKS AFTER INFILTRATION
- □ Secure Windows PowerShell to keep attackers from leveraging its range of functionality
- Update to the latest version
- Block unsigned PowerShell scripts to make potential attacks more visible
- Use PowerShell “constrained language mode” to avoid many fileless-attack techniques
- Enable extended PowerShell logging, carefully monitor events and utilize an auditing tool to help process them
- Disable PowerShell if it is not necessary for your business
- □ Utilize and Secure Windows Management Instrumentation (WMI)
- Use WMI to your advantage by setting up defensive permanent WMI event subscriptions to log and respond to malicious activity
- Set up a fixed port and block if remote WMI is not necessary for your business
- □ Apply Application and Restricted Privileges Controls
- Use AppLocker to limit executable files, DLLs and scripts
- Create rules to strengthen AppLocker against bypass
- Give users the least amount of access and privileges necessary to complete their job duties
- If possible, set User Account Control (UAE) to “always notify” when a program makes an attempt to change the machine or any Windows settings
- Enforce UAC by enabling admin approval mode to prevent privilege escalation attempts
- Eliminate users from the local administrators’ group
- Disable credential caching for network authentication
- Refrain from using the same credentials across systems
- Apply automatic log-out settings to your network after a period of inactivity
- Disable anonymous access to Network File Shares (NFS) and File Transfer Protocol (FTP)
- Require strong passwords
- Require multi-factor authentication
- Administer account lockout policies or successive delays for logins
- □ Create Continuous Monitoring Processes for any the following
- Changes in the registry
- Scheduled task creations
- Questionable WMI activity
- Sketchy API calls and processes
- Processes or tasks produced with the CREATE_SUSPENDED flag
While all of these safeguards can help mitigate risk, the biggest challenge is sustaining the gain. Our all-inclusive Premonition Security Suite is designed to align cybersecurity with your business goals and objectives, enabling you to confidently do more, innovate more and grow more today and into the future.
Level the playing field now. Contact us at (855) PRO-TELL and ensure your defenses are working for you, not against you.