Cyber Defense eMagazine May 2019
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4. Cloud and Speed: Companies that prioritize speed and convenience over adhering to security<br />
best practices to ensure all of their cloud instances are covered will be prime targets for costly<br />
data breaches.<br />
So how can these types of organizations best shore up their security postures?<br />
If you can identify with any of the above characteristics, the best course of action is to identify weaknesses<br />
and address the security fundamentals. Here are a few steps:<br />
1. Understand What Assets You Have<br />
You can only secure what you can see, and until you know which assets are in your environment, it’s<br />
impossible to know whether those devices are satisfactorily secure. Understanding your inventory of<br />
laptops, desktops, servers, VMs, mobile devices, IoT devices, and cloud instances sounds simple, but<br />
organizations have a remarkably difficult time doing this. The first step should be establishing an ongoing<br />
device discovery, classification and inventory process to help you keep track.<br />
2. Distinguish Between Managed and Unmanaged Assets<br />
In any environment, assets can be split into two distinct categories: known/managed and<br />
unknown/unmanaged. Managed assets are known to security management systems (think endpoint<br />
agents and Active Directory.) Meanwhile, unmanaged devices may be known to the network, but do not<br />
have any security solutions installed so you aren’t able to access its risk profile. Both types of devices<br />
are important but should be treated differently.<br />
For example, a smart TV in a conference room is different from the CEO’s laptop. While the Smart TV<br />
doesn’t need an endpoint security solution or isn’t part of a patch schedule, the laptop does. Creating a<br />
process to identify and take action based on asset classification is critical.<br />
3. Address the Gaps in Security<br />
Every organization has devices that are missing security solution coverage, whether it’s iPhones without<br />
Mobile Device Management, or AWS instances not known to a VA scanner. Addressing these gaps in<br />
an ongoing basis is necessary, especially given the dynamic and elastic nature of these assets.<br />
By following through on Steps 1 and 2, you’ll be in a position to know all of the assets and their type in<br />
your environment, making it easier to identify where security holes are and how to best close those gaps.<br />
71