Building malware defenses: Control email, web browsers, and ports
Another staple in a series examining the Center for Internet Security’s best practices.
Our last article looked at applying Critical Security Controls 4, 5, and 6 to your organization, covering vulnerability assessment, administrative privileges, and audit logs. Now it’s time to move on to CSCs 7, 8, and 9.
Email programs and web browsers are still the most common points of entry for attackers, too many companies have woefully inadequate malware defenses, and a failure to control ports and limit services is like leaving a window open for cybercriminals.
Critical Control 7: Email and Web Browser Protections
Human behavior is still the path of least resistance for cybercriminals, and they often employ social engineering techniques to gain access to systems. Despite the rising profile of phishing, 23% of recipients open phishing messages and 11% click on attachments, according to Verizon’s 2015 Data Breach Investigations Report (DBIR).
Dodgy attachments, spoof websites, and vulnerable plug-ins can all be used by attackers to gain a foothold.
It’s vital to ensure that web browsers and email programs are kept fully up to date. Don’t allow employees to use unsupported browsers or email programs, and prevent them from installing unnecessary plug-ins or add-ons. All URL requests should be logged, and you should have a filter in place that blocks access to unauthorized websites. All email attachments should be scanned and blocked if they are unnecessary for business.
Keeping tight control over web browsers and email like this doesn’t just reduce the risk of phishing, it also reduces spam and helps prevent wasted time.
Critical Control 8: Malware Defenses
There are five malware events every second, according to Verizon’s 2015 DBIR report, and malware can come into your system from all sorts of sources, including email, cloud services, web pages, smartphones, or even USB thumb drives.
It may not always be possible to detect it at the point of entry, but you can ensure that it’s detected and stopped before it can do too much damage by putting the right defenses in place.
Employing automated tools for real-time monitoring and threat assessment should be mandatory. You need malware defenses deployed throughout your system. Sadly, aPonemon Institute report found that only 41% of respondents had automated tools to capture intelligence and evaluate the true threat of malware, even though organizations with automated tools reported that they can handle 60% of malware containment without human intervention, saving a huge amount of time and resources.
It makes sense to limit the use of external devices, use network-based anti-malware tools that can pick malicious content out of the traffic flow, and ensure that updates for your defenses are automated.
Bear in mind that the expense of investigating malware incidents is high and inaccurate intelligence is common. Spend money on improving your intelligence and automated containment, and you won’t have to spend as much on security staff investigations.
Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services
Configuration errors, remote access, and default services in newly installed software can leave a window open for would-be attackers. All of the ports, protocols, and services on all of your networked devices need to be properly managed. That means tracking them, controlling, and correcting them where necessary.
Your IT staff needs to have a clear picture of what is and isn’t needed. A clear configuration plan at the outset can save a lot of time spent fixing problems further down the line.
Scan ports, review services, and shut down anything that isn’t necessary for business operations. Make sure that you verify servers and put firewalls in place to validate traffic. These are simple vulnerabilities for attackers to exploit, but they’re also easy loopholes to close, so close them!
Don’t delay
Educate your employees on these issues and put the right systems in place to ensure they aren’t a weak spot for your organization. Remember to measure the effectiveness of your automated systems, and make sure you learn from mistakes and failures.
The most effective defense against phishing, malware, and vulnerability exploitations is a multi-pronged strategy that includes security expertise, educated staff, automated real-time systems, and clear, concise policies that are validated.
This article was recently published in Network World.
Image courtesy of The Alhambra, Granada, Spain Credit: Victor Cruz.