Is Prevention Better Than Remediation?
I want to open discussion around Zero Day attacks. More specifically - how to best prepare for one.
So as an organisation, how the hell do you possibly prevent a Zero Day attack? If you're asked to achieve this - you're essentially being asked to protect your environment from what you don't know exists. Impossible? Not quite. So what's the answer? Turn off every end point on your network and walking away? Probably not the best solution.
Preparation. Proper preparation prevents poor performance.
Okay - so none of us reading this can really predict exactly when the next Zero Day attack will be, but there are two things you can be doing right now to minimize it being your organisation that is the victim.
Patching. I've read a lifetime worth of articles that relate to the importance of patching. Patching is not important.... it is the absolute bare essential to network security maintenance. If you're providing yourself with the correct patch management solution - you're providing yourself with a tool that will never leave an end point vulnerable to flaws or weaknesses. There are still far too many organisations I speak to daily that are not confident with either their ability to patch or the speed at which they are able to patch. A speedy response to any event within your network is CRITICAL in order to best deal with it. Quite often, the people I speak with who are responsible for patching on their organisations network - are using patch management that is missing a feature that could be the feature that saves their organisation from the next dreaded Zero Day attack or are simply just using a product that on paper meets requirements or may have met requirements 1 year ago, but is no longer having the effect they need to be fully prepared. Again, I cannot stress the importance of speed patching. How quickly are you able to go from identifying a vulnerability on your end point, to acquiring the patch and deploying it?
Which leads to ask the question - do you have a patch management strategy in place within your organisation? I hear it often and often I am left surprised - the common answer is a solid 'no'. If you currently do not have a patch management strategy in place or don't think it's overly important - I really encourage you to go read this article.
Equally, if you do have a strategy in place - are you reviewing it often enough? However, please remember that patching is not equal to being prepared. Being prepared is knowing which person is getting up at a moments notice at 3 AM to patch every machine in your network because a new Zero Day has been discovered. Patching and a solid management plan, however can only go so far on their own...
If you've read my previous articles on here - you'll know my stance on end user training, not only the benefits of it but how critical it is. You could have a network with 3 firewalls, 3 AV's, 3 vulnerability scanners etc - but your biggest threat is still on your network.
How!? Internal threats are quite often greater than external threats.
Here is a great all round article relating to end user training.
Patches stop exploits, not morons
The end user will always be the weakest link. Think of end user training like patching. A new vulnerability is discovered, highlighted in the next MS Security Bulletin - which you then address and deploy. Vulnerability taken care of. Now, lets address the issue of what happens when that vulnerability or threat is only exposed due to human intervention or error. What your end users were taught in terms of good cyber security practice at the start of the year, may be forgotten within a very short time. They're now vulnerable and require maintenance. Are they even aware of how the latest threats are targeting weak links such as end users? Patch your end users with sufficient, up to date training. Staying on top of end user awareness is just as critical as any other network security tool. In my opinion - the biggest risk to any organisation is an end user. I talk to plenty of CIO's/CISO's that rely on a form of redundant learning management platform for basic end user training. Almost every time - I tend to find that common LMS platforms provide only one thing for the end user; the encouragement to just 'get it done and tick the box'. Would you rather have your staff and end users operating at a level where they can retain and actually use the knowledge that's been provided to them or would you rather they just take the 'let's tick this box' attitude towards training?
Don't let it be your organisation that employs the end user that was responsible for the click that resulted in the network being held to ransom.
This article is intended to highlight a few simple, easily achievable steps that will help you be best prepared for a Zero Day attack. It is not realistic to say that there is a way to make a Zero Day attack completely avoidable, but these are just a few simple ways to drastically lessen the possibility.
Please, as always - feel free to give me feedback on the articles; they are here to open discussion. If you'd like to talk to me further regarding patch management or end user training, please drop me a message or give me a call. 01582439727.
Interested in learning more about Patch Management? Register today for our Ivanti User Group in London on Wednesday 4th October.