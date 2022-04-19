4 Critical Cybersecurity Areas You Should be Focusing on Now

WALTHAM, Mass., April 19, 2022 /PRNewswire/ -- Aqueduct Technologies, Inc., New England's leading IT solutions provider -- As a result of international tensions that have arisen surrounding the Russia/Ukraine conflict, the Cybersecurity, and Infrastructure Security Agency (CISA) recently released the "Shields Up Advisory", recommending that organizations be on heightened alert.

What exactly does this mean? What actions should we take? Getting started down a path toward applying this information to your environment can feel overwhelming. Not to worry – we can call upon one of our favorite industry terms: Actionable Intelligence.

We need to take the general advice being given and expand on it, so we can do something with it. The best place to begin when interpreting the advisory and your overall security posture is to start with the basics and build a plan.

Below is high-level guidance and resources on critical areas to consider:

1. Incident Response Handling

Develop an Incident Response Plan. Both NIST and SANS have standardized frameworks, summarized below:

Preparation

Identification (Detection & Analysis)

Containment

Eradication

Recovery

Lessons Learned

Having an action plan will reduce your need to pivot during times of crisis, ensure your strategy is aligned to the highest cybersecurity standards, and significantly improve the availability and integrity of your data and services.

Incident response handling is time-consuming, requiring detailed operational analysis, full-time staff, and ongoing adjustments. Leveraging a Managed Detection and Response solution may be considered to reduce operational overhead and accelerate response times.

2. Authentication & Identity Management

Leverage MFA across the board

Audit AD accounts and MFA policies

Audit cloud service provider Identity and Access Management (IAM) ruleset

Implement network segmentation and containment controls with Cisco ISE

3. Network & Infrastructure Security Controls

Audit firewall ruleset

Align firewall ruleset with Next-Generation Firewall (NGFW) architecture

Align VPN topologies to modern cryptographic standards

Audit cloud workflows

Leverage SIEM and NetFlow logging and traffic monitoring

Block browser-based encrypted DNS services

Leverage SaaS tenant controls

Maintain up-to-date software versions across the organization

Conduct regular penetration testing

Conduct regular DR testing

Conduct regular backups and ensure tiered 3-2-1 backup hierarchy

4. Endpoint Protection & Content Filtering

Audit Antivirus/Antimalware solution

Block traffic to/from high-threat geographies

Block proxy and anonymizer services

Leverage URL and content filtering

Leverage endpoint disk encryption

Leverage email encryption and security

Perform routine end-user educational training

