Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:30 AM
Lee Waskevich
Lee Waskevich
Connect Directly
E-Mail vvv

'Back to Basics' Might Be Your Best Security Weapon

A company's ability to successfully reduce risk starts with building a solid security foundation.

Despite an influx of best-in-breed security technologies, organizations around the world are seeing a continued rise in cyber attacks. There are big implications. Financial consequences include immediate costs of investigating the breach and extend longer-term to include lawsuits and regulatory fines. Loss of customer trust can translate into declines in business. Perhaps most damaging is the impact of shutting down entire systems, which can grind operations to a halt. This is especially dangerous when the target is a critical healthcare, government, or utility provider.

From the high-profile Equifax breach to payment compromises at hotel chains and retailers, security teams are increasingly under pressure to not only determine why this is happening but what can be done to fix or prevent these problems. For many companies, getting "back to basics" could be one of the most effective weapons in the war on cyberattacks.

It's About the Fundamentals
Spending more time on maturing and measuring fundamental security controls might have helped prevent many of the breaches we've seen recently. For instance, Equifax was compromised by a Web application vulnerability that had an available patch, which the company failed to employ. Too often companies underestimate basic security measures, instead prioritizing time and budget on the latest and greatest technology solutions.

Here are ways to stick to the basics of managing cyber-risk to better protect your company.

Achieve Visibility
This is one of the most challenging aspects of security, especially with dispersed assets. You can achieve greater visibility by leveraging these functionalities:

  • Passive technologies that either live at the gateway or process log data are very effective at detecting when new devices come online and then triggering an active scan in order to provide more user information and context.
  • Active scanning technologies that constantly poll your network will discover when new devices come online and report these assets back to a system of record where more information can be obtained from the user directories. An informed decision can then be made about whether or not the devices need to be passed along to the vulnerability management team.

Prioritize Vulnerability Management
Continuous assessments around known inventory can help lower the risk of exploitation. Many of the recent breaches resulting from the leaked Shadow Brokers' tool sets could have been avoided, but too many organizations have weak vulnerability management platforms that leave critical systems exposed. The crippling of the UK's National Health Service by the WannaCry ransomware attack, which targeted basic security weaknesses, was particularly egregious because of the direct impact on patient care.

A robust vulnerability management program can identify these issues so they can be patched, preventing them from being exploited. Some best practices include:

  • Before even attempting a program, understand who is responsible for the functional areas of IT so the proper groups can be alerted when a vulnerability is identified.
  • Obtain the correct buy-in from system owners that are going to be affected, which typically include those managing endpoints, servers and non-user devices such as printers and video cameras.
  • Have clearly defined next steps once vulnerability is identified. Too often, companies recognize their vulnerabilities but have no action plan to move forward with patching, virtual patching, or another means of control.
  • Patching servers and applications can inadvertently have a negative impact on business-critical applications resulting in system downtime. Yet, comprehensive patch management can be time-consuming. Putting a strong development team in place can accelerate the patch process. Alternatively, virtual patching can identify an active exploit and stop it at another layer, whether in the OS itself or at a network function or gateway.

Layer on Next-Gen Technology
With these baseline controls in place, next-generation threat prevention solutions such as anti-malware software, firewalls, and Web/email protections can be more successfully integrated into a company's architecture and associated operational structure.

This is also critical as security solutions become even more sophisticated, sometimes combining different technologies into one more powerful platform. For instance, next-gen endpoints are more advanced than traditional endpoints, with machine learning, artificial intelligence, integration, and open APIs. But leveraging these features into an orchestrated operational model can add a certain level of complexity for analysts and operators, and care should be taken to ensure manual concepts and abilities are understood before employing these enhanced features.

Master Manual Processes Before You Automate
Automating certain security controls can be extremely beneficial, helping analysts more efficiently investigate and triage events by allowing multiple sources of records to be examined and providing context to determine the traffic, user, intellectual property on the device, and what it was doing before and after the event. But automation can also greatly increase risk if done too quickly. While it provides the heavy lifting, it will not make you an instant expert. You still need brains and smarts to accompany orchestration and automation. This means it's much more effective and reliable to first create well-defined and tested manual processes before writing the appropriate automation scripts and playbooks.

While there's no guaranteed security solution, a company's ability to successfully reduce risk starts with building a solid security foundation. These baseline concepts are essential, and understanding the capabilities of technologies currently in place will help make operations more secure in the long term.

Related Content:


Lee Waskevich, Vice President, Security Solutions at ePlus Technology, is responsible for overall strategy for the ePlus Security practice. Lee and his team design and deliver tailored cybersecurity programs aimed at mitigating business risk, fortifying digital ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
1/18/2018 | 10:09:40 AM
Re: Basics do not sound really sexy, do they?
Agreed - "Security is about processes and humans first. Technology is only assisting your teams and help streamline your processes. "

Technology is knowledge - the knowhow to produce some product, or accomplish some task - not the product, task, materials or the tools used. That goes double for IT: Information Technology
Dimitri Chichlo
Dimitri Chichlo,
User Rank: Apprentice
1/15/2018 | 3:35:06 AM
Basics do not sound really sexy, do they?
Security is about processes and humans first. Technology is only assisting your teams and help streamline your processes. 

I was recently discussing this with a Director from a large, international consultancy, and the guy asked: "From your point of view, what are the trends in information security?". My answer was: "The basics. Companies are so far behind industry standards that almost any of the projects re. basics can be sold, like framework, policies and reporting, identify the assets you are protecting, user access and privileged identity management, vulnerability and configuration management, user education, encryption, endpoint security."

I know he did not like it. Basics are probably not as sexy to sell to a Board as a pen test, a SOC with AI or IoT threat. And make you look old fashioned. And oblige your IT teams working differently. 
User Rank: Apprentice
1/12/2018 | 3:02:18 PM
Re: Basics indeed
CIS CSC20 in priority order. The top 5 solve the highest risk threats.  Gaps in fundamentals are what have tripped up most organizations who have had major breaches in the last 5 years.
User Rank: Ninja
1/11/2018 | 9:45:35 AM
Re: Basics indeed
Thanks - and this is nothing NEW.  In 2000 I remember an actuary at Aon receiving the Anna Kournikovia virus - the famous tennis star picture.  I visited his office and he started to MOVE THE MOUSE to the picture!!!  Why?  He was CURIOUS to see what IT DID!!!  (Killed the cat too).  i told him YOU OPEN THAT UP AND I AM TERMINATING IT SUPPORT FOR YOU FOREVER.  
User Rank: Apprentice
1/11/2018 | 9:23:00 AM
Re: Basics indeed
Couldnt agree more. Culture and user awareness are paramount to complimenting solid technology. Technology can be configured but users can only be advised and educated. All users consumer, commercial, or other have a responsibility to help safeguard their digital lives. 
User Rank: Ninja
1/11/2018 | 9:00:24 AM
Basics indeed
Nothing exotic sometimes - one (1) user opening an infected PDF attachment brought the State of North Carolina down through ransomware.  Just one user.    USER EDUCATION is a good place to start too., 
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.