Deepwatch’s Network Security Best Practices
By Kevin Manson,
The number of cyber attacks against organizations has greatly increased over the past few years and are only expected to grow in the future. Even in “normal” times, that’s cause for concerns. With more people working from home than ever before, cybersecurity professionals today find there is a much higher need to protect all devices in their enterprise wherever they may be, be it across the country or even across the globe. To get the ball rolling getting your business secure, we compiled a number of our top suggestions for some basic network security best practices.
Maintain your software
A critical component of cybersecurity is ensuring that you are patching all your systems all the time for security vulnerabilities. To do that, you must ensure that you have an accurate inventory of all your systems as you only know what to patch if you know what you have. Standardizing all your devices’ operating systems and versions, like having all the same Linux distros or mac/windows versions, will exponentially speed up both patching and testing and make the process all that much easier. As the old saying goes, “simplify, simplify, simplify.”
And pay special attention to that word testing. It’s crucial to test the patches in a lab environment to ensure the reliability of your network. Deployment speed is important here as well because once a vulnerability is disclosed, attack odds are greatly increased. Even with the best patch management, you’ll need to scan your network and systems with a vulnerability management tool. If you rely on manual memory, systems might be missed, or you may find that additional configuration is required to fully remediate the issue.
Read More: What is Patch Management?
Monitor your systems
It’s important to log what is happening both on your network and your systems. Once you have the data, it can be run through threat intelligence, behavioral analytics, traffic analysis and human assisted threat hunting. With these advanced detection techniques, you can put a stop to the attackers before they infiltrate your entire network.
Consider implementing zero trust
The traditional network boundary has changed. Employees aren’t always driving to offices and working on isolated networks protected from attackers. You should look at shifting your access controls from network perimeters to individual users in order to better protect what actually happens in your business day to day.
The three core components for zero trust are:
- Access to services must not be determined by the network from which you connect
- Access to services is granted based on contextual factors from the user and their device
- Access to services must be authenticated, authorized and encrypted.
Check out how Google’s implemented their version of zero trust, called BeyondCorp, to secure work without relying on traditional VPNs: https://cloud.google.com/beyondcorp/
Passwords & Multi Factor Authentication (MFA)
Passwords are just one factor in the authentication process and are a simple way to authenticate a user. It’s 2021, and if you don’t have MFA enabled for your organization, this should be on the top of your priorities list. MFA allows you to go past the traditional password and greatly enhance your security posture. Here are four common factors for authentication:
- Something you know (password)
- Something you have (smartcards, security tokens Google Titan/Yubikey).
- Something you use for biometric authentication (fingerprint, faceid, iris,etc).
- Somewhere you are with location based authentication (IP address geolocation, GPS, etc).
Looking for advanced authentication? Consider enabling FIDO2 + Webauth for strong authentication with biometrics. This combines the two factors of something you have and something you are into one step. Not only is this authentication safe and secure, but it’s also simple for the end-users to sign-in to your systems.
Now that you have done all this work to secure your network it’s also important to not forget about the human users on your systems. Make sure you build in security awareness training for new hires and provide refresher courses for all employees throughout the year. This can be done with live presentations or pre-recorded videos in your learning management system. Simulated phishing tests are a great way to both test and provide user education on identifying phishing emails. For more details on this topic, see our article on How to Defend Against and Identify Phishing Emails.
Protect your network with Deepwatch
You can follow these network security best practices to ensure the safety of your information and devices, but know that your security needs more than just these few tips. With Deepwatch’s suite of best-in-class security technologies, it has never been easier to protect your network. We are here to help, so if you still feel a little unsure about where to start, let Deepwatch get you going. Contact us to learn more.