This project is intended to make it harder for attackers to access privileged accounts and should allow security teams to monitor behaviors for unusual access. At a minimum, CISOs should institute mandatory multifactor authentication (MFA) for all administrators. It is also recommended that CISOs use MFA for third-party access, such as contractors.
Tip: Phase in using a risk-based approach (high value, high risk) systems first. Monitor behaviors.
SECU recommended solution: Secret Server + Gemalto SAS
Inspired by the Gartner continuous adaptive risk and trust assessment (CARTA) approach, this project is a great way to tackle vulnerability management and has significant risk reduction potential. Consider exploring when the patching process is broken and IT operations is unable to keep up with the number of vulnerabilities. You can’t patch everything, but you can significantly reduce risk by prioritizing risk management efforts.
Tip: Require your virtual assistant/virtual machine vendor to provide this and consider mitigating controls in your analysis, such as firewalls.
SECU recommended solution: SentinelOne Deep Visibility + FortiSIEM.
Trend Micro Officescan + Endpoint Encryption for encrypting sensitive data
Aimed at organizations that continue to experience successful phishing attacks against their employees. This requires a three-pronged strategy: technical controls, end-user controls and process redesign. Use technical controls to block as many phishing attacks as possible. But make users an active part of the defense strategy.
Tips: Don’t single out groups or individuals for doing the wrong thing; spotlight those who exhibit the right behaviors. Ask your email security vendor if they can undertake this project. If not, why?
SECU recommended solution: FortiMail
Organizations looking for a “default deny” or zero trust posture for server workloads should consider this option. This project uses application control to block the majority of malware as most malware is not whitelisted. “This is a very powerful security posture,” said MacDonald. It has proven to be successful against Spectre and Meltdown.
Tip: Combine with comprehensive memory protection. Is an excellent project for the Internet of Things (IoT) and systems that no longer have vendor support.
SECU recommended solution: Thycotic Privilege Manager
This project is well-suited for organizations with flat network topologies — both on-premise and infrastructure as a service (IaaS) — that want visibility and control of traffic flows within data centers. The goal is to thwart the lateral spread of data center attacks. “If and when the bad guys get in, they can’t move unimpeded,” explained MacDonald.
Tip: Make visibility the starting point for segmentation, but don’t over segment. Start with critical applications and require your vendors to support native segmentation.
SECU recommended solution: FortiGate
This project is for organizations that know compromise is inevitable and are looking for endpoint, network or user-based approaches for advanced threat detection, investigation and response capabilities. There are three variants from which to choose:
• Endpoint protection platforms (EPP) + enhanced data rate (EDR)
• User and entity behavior analytics (UEBA)
The latter is a small but emerging market ideal for organizations looking for in-depth ways to strengthen their threat detection mechanisms with high-fidelity events.
Tip: Pressure EPP vendors to deliver EDR and security information and event management (SIEM) vendors to provide UEBA capabilities. Require a rich portfolio of deception targets. Consider MDR “lite” services directly from the vendor.
SECU recommended solution: SentinelOne, Deep Visibility + FortiSIEM
This should be considered by organizations in search of a comprehensive, automated assessment of their IaaS/platform as a service (PaaS) cloud security posture to identify areas of excessive risk. Organizations can choose from several vendors including cloud access security brokers (CASBs).
Tip: If you have a single IaaS look to Amazon and Microsoft first. Make this a requirement for your CASB vendor.
SECU recommended solution: Symantec CASB
This project is for organizations that want to integrate security controls into DevOps-style workflows. Begin with an open source software composition analysis and integrate testing as a seamless part of DevSecOps workflows, including containers.
Tip: Don’t make developers switch tools. Require full application programming interface (API) enablement for automation.
SECU recommended solution: SECU VMS Service, Tenable Security Center, Tenable.io
This project is for organizations with a mobile workforce looking for a control point for visibility and policybased management of multiple-enterprise, cloud-based services.
Tip: Start with discovery to justify the project. Weight-sensitive data discovery and monitoring as a critical use case for 2018 and 2019.
SECU recommended solution: Symantec CASB
This project is aimed at organizations that want to reduce the surface area of attacks by limiting the exposure of digital systems and information to only named sets of external partners, remote workers and contractors.
Tip: Re-evaluate risk of legacy virtual private network (VPN)-based access. Pilot a deployment in 2018 using a digital business service linked to partners as a use case.
SECU comment: Expected future solution. SDP is based upon software, and we therefore expect Symantec and Trend Micro to provide SDP technology in the nearest future.