| | SEPTEMBER 20219CIOReviewpatches for all systems. Therefore, validation of the patches are done in production. Over the past couple of years, the quality of patches coming out of manufacturers have been sub-par at best causing outages for some companies. One way to reduce man-hours for patch are with automated patching systems. Automated patch management systems are newer to the market and can save employee resources while expediting patch installations and meeting SLAs. Application allow listing is a great solution to provide server and end point protection. The solution prevents unwanted changes to application and system files. It can also prevent unwanted scripts from being executed. There is no AI needed, either the program is allowed to run or it isn't. Centralized management of rules and authorize software installation points control what is allowed to run on your systems. Application allow listing can take time to implement in a large environment, but it comes with multiple benefits. It has been my experience that time spent on malware infections are almost zero which has freed up IT resources to perform other tasks and assists in maintaining compliance. Unauthorized application installation, file integrity monitoring, device control and memory protection are additional benefits of such a solution. Combine an application control solution along with the built in OS antivirus, group policies, and a good EDR solution to round out end point controls.The daily barrage of attacks and emails will continue to be a primary risks to organizations and should be a topic for all company boards. Phishing is the root cause for most breaches and a constant daily threat to individuals and companies alike. Due diligence is required by all employees and not just the security team for detection and reporting. A good anti-spam and anti-phishing solution to monitor and remove any invalid emails. Many of the top email providers do a good job for detecting phishing emails and there are several good third party solutions. Unfortunately, a small percentage will still find their way to a user's inbox. Regular user training for detecting phishing and business email compromise (BEC) emails will reduce the risk of someone opening a malicious attachment or clicking on an embedded link. The company's training program should be tested on a regular basis in order to validate its effectiveness. Back the users up with a quality end point protection program that contains an application control solution, as previously mention, will also reduce the risk for when a user fails to detect a malicious email.There are no guarantees or a silver bullet solution to prevent a breach. However, with the proper tools, monitoring and governance along with a supported security team, will reduce the risks for any organization against today's threats. Don't look for a "web designer" because we are no longer designing for the web. Instead, look for a UX designer because we need to design for the user
<
Page 8 |
Page 10 >