We’re officially in the busiest season of delivery as all hiring is complete, budgets released, and work continues on improvement before the holiday season. So, how can organisations keep their focus on what’s important and what can they do to stay aware of the course corrections they might need to take? The answer is cyber risk prioritisation – this means putting risk reduction back to the top of security-related decision making.
Read on as we explore what the process of cyber risk prioritisation should look like and why it matters, with a focus on security controls, managing the unknowns, telemetry and zero trust.
#1 Managing Controls
Security vendors are moving at such a rate that new features and updates are coming thick and fast, so it’s crucial you’re checking your controls regularly. It’s imperative that after you apply patches, you go back, look at the estate to find out which machines haven’t taken the patch or are appearing to be offline and not connected to management.
However, the most significant gap is where those controls are missing or not working as required. These are your blindspots, that is where you are vulnerable, and that is where you should be prioritising because it is your weakest point.
Another priority is getting familiar with your network footprint. You’ve got to know what is on your network and what normal looks like – so that when you use tools to monitor the network, you’ve got a baseline to marry against.
It’s about collecting data that can be modelled and categorised; by device type, traffic type, the typical numbers of devices in your network, and then looking at it consistently and keeping track of what’s changing. It’s a good way of keeping a barometer on what’s happening inside your environment.
You must also consider ways to passively monitor your networks and identify any IP based devices. Tools like Nessus can give you open-source methods to scan and create lists, but turning this into actionable intelligence can be cumbersome. Thankfully there are platforms available that provide the capability at the right price point, which passively monitor networks using SPAN ports or SNMP walk to communicate with switch fabric.
EPP/EDR tools are also starting to introduce peer to peer capability to check network neighbours. Aggregating these results and classifying them into device types is quicker and easier than it’s ever been, with some systems even obtaining a view on vulnerability. These methods help to illuminate the unknowns in your network.