What does good cybersecurity hygiene look like?
Sort By:
Oldest
CISO in Software3 years ago
Knowing what you have in your environment and what all those things are doing on a 24/7 basis, so you can catch it while it's happening, instead of six months later. I look at networks, and I'll see a windows machine is connected to everything it can possibly be connected to in the network, including things that shouldn't be connected to it. So how do you automatically limit what these things are connected to? Whether it's a computer or a switch or whatever. Those to me are the fundamentals.CEO and Co-Founder in Software3 years ago
If we look at the basic CIS controls the first two things are do I know what I have right from a hardware and a software perspective? Know what you have, and understand what you have on them. Then let's start understanding the behavior of what they are. Other than about six or seven states today, they truly don't know what they have. They don't even know what their hardware inventory is, software inventory is, let alone their true attack surface. I've seen expenses for a billion dollars from an ASM perspective. To do ASM, I need to understand my asset discovery. If I do asset discovery, I need to understand my software discovery, then of course, then I can come back and say this is your exposure from an attacker perspective.It's truly the RCA that matters. I don't care about the ultimate hash or recreation. What is the underlying one ability? What was the cause for that? Is it a missing patch, misconfiguration, or recording error? Once you have those variables, then you can decide whether you want it immediate or not, or have your red team or your pen testers validate that. If they can validate it, then you know your controls are not working, so why even bother about anything else? Then you just have to do your own math on, okay, is it persistent or non-persistent, is lateral or non-lateral. All these things come back to the fundamentals of do I know the RCA? And it's always coming down to three simple pillars. It's your misconfigs, coding errors, and no patching. And always whenever you can look at an incident, or when you look at a threat, bring it back to those three fundamentals, and then start working from a proactive perspective.
Head of Information and Data Analytics in Software3 years ago
And on top of that, accepting that resilience is also important, right?
CEO and Co-Founder in Software3 years ago
Absolutely.