Source: Security Boulevard
With more people getting vaccinated and the number of COVID-19 cases going down, lockdown restrictions are starting lift and offices will prepare to reopen again.
Just like the efflux of devices going to different homes last year when the pandemic started, the influx of new and returning devices that have been operating remotely pose high risks.
Organizations need to reevaluate their security policies to protect their networks and business operations from degraded devices that were being used remotely. The following best practices can help prepare for returning workers and their devices:
1. Implement real-time inventory procedures. Ensure you have full insight into all devices on your network and you’re able to monitor their state and network interactions in real time. Be sure your system uses multiple visibility techniques to eliminate any blind spots and provides real-time discovery, identification and classification upon device connection instead of point-in-time scans that miss transient devices.
2. Assess and remediate all connecting devices. Set up a system to inspect all connecting devices, fix any security issues and continuously monitor for potential device hygiene decay. This should be on-going.
3. Automate 'Zero Trust' policy enforcement. Adapt your Zero Trust policies to include device hygiene and fix security issues such as broken security agents, unauthorized apps and missing patches before provisioning least privilege access. Segment and contain non-compliant, vulnerable and high-risk devices to limit their access until they’re remediated.
4. Continuously monitor and track progress. Continuously monitor all devices while they’re on your network, maintain visibility into their state while off-network, and reassess their hygiene after extended absence. Constant vigilance will allow you to adjust your approach based on the volumes and types of devices connecting to your network and the issues/risks that appear over time.
5. Train and equip staff to help protect your network. All employees need to be aware of security protocols and the reasons they have been implemented to avoid issues. Employees should have basic awareness and skills about cybersecurity too.
Managing device decay is not a one-time activity, rather on-going especially since the return to offices won't be all at once. Some employees may work in the office a few days a week or month, or some may come in only a few times during the year.
Source: Security Boulevard
The five stages of incident response (IR):
To meet the IR process effectively, it needs to be automated. But response time needs to be faster, something that AI machines can do quicker and more thoroughly than humans.
Machine learning is used to teach the AI model how to investigate incidents. In the early stages of IR process, AI evaluates the artifacts and recommends appropriate responses.
But, AI can't work alone.
The automation lifts a lot of burden from the shoulders of the security team, but AI can’t do everything—at least not alone. There is still a need for human interaction with AI functionality, as mentioned in other posts. While AI can collect the incident data, humans are needed to teach AI what data to react to and how to react. AI and human investigators need to be a partnership. For instance, during the response stage, while the AI model comes up with how to respond to an incident, the human security professional is responsible for confirming the response or correcting the analysis if a mistake is found.