What does good cybersecurity hygiene look like?

Security & GRCSecurity Operations Center (SOC)Strategy & Architecture+1 more
874 views1 Upvote4 Comments
Sort By:
Oldest
CISO in Software3 years ago
Knowing what you have in your environment and what all those things are doing on a 24/7 basis, so you can catch it while it's happening, instead of six months later. I look at networks, and I'll see a windows machine is connected to everything it can possibly be connected to in the network, including things that shouldn't be connected to it. So how do you automatically limit what these things are connected to? Whether it's a computer or a switch or whatever. Those to me are the fundamentals.
CEO and Co-Founder in Software3 years ago
If we look at the basic CIS controls the first two things are do I know what I have right from a hardware and a software perspective? Know what you have, and understand what you have on them. Then let's start understanding the behavior of what they are. Other than about six or seven states today, they truly don't know what they have. They don't even know what their hardware inventory is, software inventory is, let alone their true attack surface. I've seen expenses for a billion dollars from an ASM perspective. To do ASM, I need to understand my asset discovery. If I do asset discovery, I need to understand my software discovery, then of course, then I can come back and say this is your exposure from an attacker perspective.

It's truly the RCA that matters. I don't care about the ultimate hash or recreation. What is the underlying one ability? What was the cause for that? Is it a missing patch, misconfiguration, or recording error? Once you have those variables, then you can decide whether you want it immediate or not, or have your red team or your pen testers validate that. If they can validate it, then you know your controls are not working, so why even bother about anything else? Then you just have to do your own math on, okay, is it persistent or non-persistent, is lateral or non-lateral. All these things come back to the fundamentals of do I know the RCA? And it's always coming down to three simple pillars. It's your misconfigs, coding errors, and no patching. And always whenever you can look at an incident, or when you look at a threat, bring it back to those three fundamentals, and then start working from a proactive perspective.
2 Replies
Head of Information and Data Analytics in Software3 years ago

And on top of that, accepting that resilience is also important, right?

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CEO and Co-Founder in Software3 years ago

Absolutely.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship ManagementSecurity & GRCSecurity Strategy & Roadmap+1 more
Director of IT in Healthcare and Biotech9 days ago
Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more
Read More Comments
1.3k views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

Has anyone been successful switching cloud backup solutions?  We are using CommVault for our M365 data (Exchange, SPO, One Drive, Teams, etc). I'd like to move to another solution, however the sticking point has been that some of the data has a 1 year backup retention period. I'd rather not pay for 2 backup solutions at the same time, so how do we get our data out of one place and into another? One recommendation has been to restore the data to an alternative tenant/location and then back it up with the new solution.  In our case, we're talking about thousands of SPO sites with daily backups which is not likely to work. Any other options, aside from letting the data age-off and being forced into paying "double"? 

Vendor/Product AssessmentVendor/Product RecommendationCloud
Director of IT in Healthcare and Biotech7 days ago
In my experience we've always had some overlap between technologies when replacing one, especially a cornerstone technology. Switching platforms isn't easy, there's a lot of risk, teething issues, staff learning, and time ...read more
Read More Comments
613 views2 Comments