3 Quick Wins for Risk Mitigation on Each Attack Vector

  • 6 June 2022
  • 0 replies
  • 186 views

Userlevel 2
Badge +3

It is crucial to protect yourself from cyber-attacks that can compromise your security posture and cause damage to your organization. With proper configurations and implementations, you can help prevent these cyber-attacks from impacting your organization. For each attack vector, we have compiled the top 3 recommendations for risk mitigation.  

Email Gateway 

  1. Block unnecessary attachment file types – allow the minimum that is required for operating your organization.  

  1. Enable aggressive anti-malware scanning such as advanced AV, Sandbox, or CDR. 

  1. Enable URL scanning, sandboxing, and rewriting – in email body and attachments.  

Web Gateway 

  1. Block downloads or allow the minimum required list of file types that is required for operating your organization.  

  1. Block browsing categories that are not required for operating your organization. Focus on questionable categories such as “Newly Registered Domains,” “Parked Domains,” and “Uncategorized.”  

  1. Implement browsing isolation to ensure the browsing isn’t performed directly from the user’s workstation.  

Endpoint Security 

  1. Implement Application Control whitelisting, only allowing applications that are necessary for operating your organization.  

  1. Implement the mitigations of the top 10 MITRE ATT&CK techniques that your organization has been found to be susceptible to. 

  1. Maintain an up-to-date IOCs database on your anti-virus. 

Immediate Threats 

  1. Ensure to regularly update all your security tools’ IOCs databases.  

  1. Blacklist newly discovered IOCs. 

  1. Implement the mitigation recommendations for the Email, Web, and Endpoint vectors.  

Web Application Firewall 

  1. Configure filtering rules to block illegal special characters.  

  1. Ensure your WAF is in blocking mode and the predefined signatures are enabled.  

  1. Configure website routes/paths whitelisting to allow only access to allowed pages.  

Data Exfiltration 

  1. Implement both endpoint and network DLP to detect maximum data exfiltration attempts. Some exfiltration techniques can be detected only by one of the DLP system types, but not by the other.  

  1. Configure DLP policy to monitor sensitive information according to the organizational security and data privacy policies.  

  1. Configure IPS rules to detect network exfiltration attempts that DLP solutions are not monitoring.  

Hopper

  1. Implement network segmentation, allowing every machine to communicate only with the least needed resources and subnets on the network. 

  1. Follow the MITRE ATT&CK mitigation recommendations for Kerberoasting, Access Token Manipulation, and LLMNR Poisoning.  

  1. Implement a strong password policy for personal accounts and service accounts.  

  1. Rotate passwords of the default built-in local administrator user.  

  1. Implement credentials tiering model.  

 

 


0 replies

Be the first to reply!

Reply