Posted on January 28, 2020 by Frank Flores
The recent increase in tension between the US and Iran highlights, once again, our general vulnerability to cyber-attack, considering the vast array of potential targets among the business and government computer systems that serve vital public interests. Our vulnerability is particularly acute given our country’s shortage of skilled cyber security professionals to buttress our defenses.
Given the increase in tensions, we should certainly anticipate a continuing barrage of the familiar forms of cyber-attack, including the typical malicious emails and malicious attachments, SQL Injections, denial-of-service attack (DoS attack), man in the middle attacks (MitM) as well as Ransomware coming from Iran. Although these are just a few of the many resources they have available, it’s also reasonable to suppose, by this time, Iran’s hackers have been able to reverse engineer Stuxnet and weaponize these additional capabilities.
While the risk of cyber-attacks is increasing, so too are the strict requirements of real-time monitoring, which have contributed to a constant and overwhelming flow of noisy network alerts and notifications that cyber security professionals must contend with. Attending to this unending stream prevents these professionals from focusing on other crucial security practices, such as threat hunting, finding security gaps, and closing backdoors in the ocean of network devices.
So it is the confluence of these two trends – the increased threat posed by foreign bad actors, along with the increasing administrative burdens placed on our cyber security professionals -- which makes this a moment of heightened cyber-risk for our network perimeters, local businesses, and government computer systems.
Some Essential Advice to Enhance Your Cyber Security Procedures
I’ve been in the cyber security business for a long time, first as an analyst and then as security engineer and director, working in a variety of private sector environments. For the last year, I have been the director of Braintrace’s Security Operations Center, with general oversight responsibility for serving our clients’ security needs. Threat hunting, malware analysis, network risk management and incident response are the tasks that keep our staff busy every day.
So here are 8 essential tips I’d like to share with you. These are all critical practices that need to be incorporated into your security routine in order to stay 3 or 5 steps ahead of the bad actors who are out there now, probing and waiting for the chance to compromise your law firm’s security.
1. Firewall Policies:
Investing in a reputable and reliable firewall. Using perimeter defense tactics such as Geo-Filtering. This is by far one of the easiest firewall configurations to enable. This practice may not work for most large organizations, however, having a habit or policy of notifying the security monitoring team anytime an employee travels outside the U.S. should be encouraged as a matter of routine practice.
2. Security Compliance and Company Policies:
Enforcing group policy objects (GPO), limiting privilege admin rights to users in the entire organization, limiting access to removable drives, disabling executables from autorun and requiring Security administrators to install. These few practices alone could prove instrumental in stopping cold a reverse engineered version of Stuxnet.
3. Enhancing Email Security through filtering practices such as DMARC, DKIM, and SPF:
Applying these filters to email services will greatly decrease spam, phishing, email spoofing, and more.
4. Keeping an inventory of systems and software updates and patches.
5. Learning to co-exist with Two-Factor Authentication:
This simple practice will prevent most brute force attempts and password sprays. In addition, ensuring that vpn tunnels have layers of security before granting access.
6. Proactive Threat Hunting:
This requires security engineers cultivate the mindset of an attacker and develop proficiency with network forensic analysis.
7. Incident Response:
Investing in a reputable and reliable End Point Detection (EDR) tool to provide direct access for the security team in order to stop and prevent breaches.
8. Intelligent Security Orchestration and Automation:
A one-person security team is never a satisfactory approach especially considering the ever-growing threat landscape. This is why SOAR technology should be part of every Security Engineer’s arsenal, given the ease of integration and the ability to enable the orchestration of these essential security tools.
Working at Braintrace over the course of the last year, along with our great team of security engineers, we realized there would be tremendous value for our clients if we had a way to gain better visibility on network traffic, which would allow us to make better informed decisions on encrypted packets. We looked for a tool and couldn’t find one so instead, we decided to develope our own. We call it Deep Packet Inspection (DPI), a tool we use to help reveal the true identity of attacks, user behaviors, and anomalies.
This is the new era of Cyber-Security in which we have the ability to deploy a suite of powerful next generation tools and technologies to help stay ahead of the ever-growing threats. Real-time Network Traffic Analyzation (NTA), bundled with threat hunters, and, the use SOAR technology together can provide you with an essential edge. With SOAR and these other advanced tools at your disposal, your security team can overcome cyber security fatigue, decrease the risks posed by human error, and vastly improve the response time to critical incidents.
If you have any questions for the author Frank Flores, or want to learn more how to enhance your law firm's cyber preparedness, please call Braintrace at (866) 508-5471 or email us at media@braintrace.com.
****************
Frank Flores is the Director of the Security Operations Center for Braintrace,