Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Important Security Defenses to Help Your CISO Sleep at Night

This is Part 13 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

If you search recent cybersecurity news it's easy to find the threats that keep your CISO awake at night. While there are many, a short list is:

  • Ransomware
  • Phishing attacks
  • OT (operations technology) threats
  • Insider threats
  • Supply chain attacks

However, it's quite a bit harder to find articles discussing defenses against these attacks, so let me help out by offering a select set of security best practices that, if properly deployed, should help your CISO sleep at night.

 

Architecture

  • Use vendor provided or industry standard security architectures (see 'well architected framework' and 'zero trust') and controls (e.g. NIST 800.53) to understand and build good security solutions.

 

Inventory

Build a comprehensive asset Inventory, which should include:

  • Endpoints: Defender for Endpoint/Server
  • Cloud resources: Defender for Cloud
  • Storage
  • Applications
  • Network
  • D4C Secure Score

 

Backups

  • Prepare and test a backup/recovery procedure for all the above operationally critical assets.
  • Include with your backup procedures a ransomware readiness plan.

 

Identity

Centralize and monitor identity access controls using features such as:

  • 2 Factor Authentication
  • Conditional Access
  • Access Reviews
  • Role Reviews
  • UEBA
  • SIEM

 

Secops

  • Develop an effective monitoring and alerting process for all your critical assets.
  • Constant testing, evaluation, and improvement is essential for a good Secops architecture.

 

DevSecops

  • Automate the security controls for your developers using tools such as GitHub Enterprise for automatically scanning all DevOps related code.
  • Protect all applications using a layered defensive architecture (firewalls, WAF, etc.).
  • Perform regular pen tests, focusing on the most vulnerable points in your application.

 

Logging/Reporting/Alerting

  • Collect all relevant security logs for all of the above critical inventory.
  • Use a SIEM to detect anomalies and report on compliance controls.
  • Create a variety of dashboards for better visualization of data.

 

Security Assessments

  • Red/Blue/Purple Teaming.
  • Vulnerability Scanning.

 

Data Protection

  • Tag all data based on its level of sensitivity.
  • Encrypt all sensitive data.
  • Scan all media including email, and data.

 

EDR/XDR

  • Protect all endpoints and servers. Modern EDR (XDR) communicates across several layers of defense so better insight across the entire attack path is possible.

 

Security Research

  • Use a variety of threat intelligence services and research sites to understand the threat landscape and how it may affect your business.
  • Use tools like Mitre ATT&CK and perform attack simulations to educate your SecOps team on how to tune defenses and how to react during an incident.

 

Cost Monitoring

Use reporting and analytics tools like Power BI or vendor provided reporting to present clear operational costs for security operations.

 

Summary

Defending an organization is not impossible. There are many key security tools which can actively protect your organization and every organization should understand the fundamental security architectures needed for effective security defenses. This will ensure not only a more secure environment, but that your CISO is well rested.

 

References

 

About This Blog Series

Follow the full series here: Building Defenses with Modern Security Solutions.

This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.

 

Labs

For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.

 

Compliance

All topics mentioned in this series have been mapped to several compliance controls here.

David Broggy, Trustwave’s Senior Solutions Architect, Implementation Services, was selected last year for Microsoft's Most Valuable Professional (MVP) Award.

 

Operational Technology Security Maturity Diagnostic

Latest SpiderLabs Blogs

Secure Access Service Edge: Another Multi-Tool for the SOC

Over the years, several security defense architectures have merged into a single solution. Endpoint detection tools can perform sophisticated detections and correlations that used to require a...

Read More

Search & Spoof: Abuse of Windows Search to Redirect to Malware

Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware. We found the threat actors utilizing a...

Read More

The Sentinel’s Watch: Building a Security Reporting Framework

Imagine being on shift as the guard of a fortress. Your job is to identify threats as they approach the perimeter. The more methods you have for detecting those threats, the better your chances of...

Read More