Cyber Defense eMagazine May 2019
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4. Establish Ongoing User Access Auditing<br />
For large organizations especially, keeping track of user permissions can be difficult. Are there users in<br />
your environment with local administrative access to all machines? Users with passwords that are not<br />
required or set to expire? Service accounts with keys to the kingdom? Even with strict access controls<br />
and regular policies, creating an ongoing auditing process is needed to ensure proper access rights.<br />
5. Implement Security Policy Validation<br />
The biggest question left to ask is this: How can I be sure that my security policies are being adhered to<br />
continuously? Whether you mandate that all assets must be scanned weekly, or you’ve determined that<br />
all Windows machines must have a specific endpoint agent, any security policy on paper is only as good<br />
as it is enforced and validated in reality.<br />
Implementing a security policy validation process is the only way to make sure that nothing is being<br />
missed and that exceptions are being addressed and fixed instead of being exploited.<br />
A Basic Framework<br />
Putting solutions and technologies aside, cybersecurity is a discipline centered around understanding,<br />
addressing, and minimizing risk. Until you have a credible, comprehensive understanding of your<br />
environment and are able to understand where coverage gaps exist, you’re at a disadvantage to those<br />
looking for a simple way in. With an understanding of all assets, gaps in security coverage, and the ability<br />
to see where the security policy is not being adhered to, organizations are in the best possible position<br />
to minimize their attack risk.<br />
About the Author<br />
Nathan Burke is the Chief Marketing Officer at Axonius.<br />
Passionate about bringing new technologies to market to solve<br />
real problems, he has held marketing leadership roles at<br />
Hexadite (acquired by Microsoft), Intralinks (acquired by<br />
Synchronoss), MineralTree, CloudLock (acquired by Cisco),<br />
and is a frequent speaker and contributing author on topics<br />
related to the intersection of collaboration and security. He<br />
lives on Cape Cod with his wife, daughter, and dogs, and<br />
enjoys watching the unfairly dominant New England Patriots.<br />
Nathan can be reached on Twitter at @nathanwburke, through LinkedIn, and on www.axonius.com.<br />
72