Ten Cybersecurity Essentials You Need to Invest in Before Machine Learning

198

By Steve Dickson

IT security vendors often promote cutting-edge technologies that claim to solve most of your cybersecurity issues. It is easy to get sucked in by buzzwords like UEBA (user and entity behavior analytics), AI (artificial intelligence) and machine learning, but blind faith in vendors’ magic bullets takes you nowhere.

Suppose you had a bare minimum of security controls and decided to invest in a machine learning solution to move you to the highest level of security, as promised by marketers. You will need months or years to teach it to distinguish malicious behavior from normal — and it still won’t be able to address all your security gaps. Doesn’t sound like an efficient or cost-effective security project, right?

IT security is about going from the simple to the complex, so it is wise to begin with fundamental controls and processes rather than tools, no matter how futuristic they are. Here are top ten essentials I recommend investing in before solutions based on AI and machine learning:

#1. Implement firewalls

A properly configured firewall is a cornerstone of security, enabling users to access all the resources they need while keeping external attackers and malicious programs from getting into your network. In addition, firewalls ensure that sensitive resources do not have internet access unless necessary, so they cannot be attacked from the outside.

#2. Maintain secure configurations on devices and software

If you rely on the default settings, be ready to be breached, since they are known to attackers and can easily be compromised. Other specific controls include disabling guest accounts, removing unnecessary administrative accounts and implementing strong password policies. Consider multi-factor authentication (MFA) for your most powerful devices and user accounts.

#3. Control who has access to what

Enforce a least-privilege model by ensuring that users have only the privileges they need to perform their jobs. Moreover, ensure that administrative accounts are used only for performing administrative tasks; admins should use their standard business accounts to perform general work and browse the web.

#4. Protect against viruses and malware

Basic techniques such as whitelisting (creating a list of trusted applications) and sandboxing (isolating applications from critical systems and programs) will prevent users from installing and running applications that might contain malware. To be notified when suspicious files are downloaded or processes are launched on your computers and block them from being downloaded or run, also deploy antivirus and antimalware software.

#5. Keep software and devices up to date

Attackers exploit known vulnerabilities rapidly, as in the case of the Equifax cybersecurity breach in 2017 that compromised the data of 145 million people, so it is essential to stay on top of patching. Be sure to verify the source and integrity of every update and test it in a non-production environment before deployment.

#6. Implement internal network segmentation

You cannot be certain that an attacker or malware won’t get through your perimeter. But you can make it more difficult for an attacker to move throughout the network or for a malicious insider to access all your assets by separating groups of systems and applications from each other.

#7. Back up systems regularly

Like unicorns, 100% security is a fairy tale. Breaches do happen, and data gets tampered with, stolen, encrypted and erased. Data loss is one of the most severe roadblocks for running the business after a breach. To mitigate the damage, you should regularly back up your data. The golden rule is 3-2-1, which means saving at least three copies of the data: two that are local but on different mediums and one that is offsite. Plus, you should regularly test your backups to validate that data can be recovered.

#8. Know your data like the back of your hand

You cannot protect what you do not know about, so it is wise to discover and classify the sensitive data in your organization on a regular basis so you can focus your security efforts on protecting your most valuable assets. Ongoing discovery will help you detect sensitive data that surfaces outside of secure locations and potentially harmful files, such as executables and scripts, that appear on your shares. You should also audit the activity happening around your sensitive data.

#9. Conduct regular risk analysis

Regularly analyzing your IT risks can help you make other layers of your security more scalable and effective. However, the 2018 Netwrix IT Risks Report found that only 33% of organizations re-evaluate their IT risks at least once a year, which leaves the rest vulnerable to ever-growing threats. Organizations recklessly neglect this process because they think it is very complex, but you can start with a basic risk assessment that involves identifying threat/vulnerability pairs and determining the level of the risk they pose.

#10. Monitor the IT environment and user activity

To be able to detect anomalous behaviors before they result in a security breach, you must know what is going on across your IT infrastructure. Divide the project of enhancing visibility into your environment into three stages:

  • Monitor the activity of the most critical accounts (e.g., administrators and C-level business users).
  • Create alerts for critical events and regularly audit changes and access attempts.
  • When your processes are mature enough, think about more complex technologies, such as machine learning or UEBA. They will help you spot deviations from normal activity and suspicious changes. You will detect and respond to security issues faster, thus reducing the risks of operational disruption and data compromise.

This list of security basics is not exhaustive and can be expanded. My key point is that there is no single technology or product that will solve all of your cybersecurity challenges, no matter how high-tech it is. The best way to improve your security posture is to start with proven basic techniques and then move toward more complex solutions gradually.

About the author

Steve Dickson is CEO at Netwrix, an expert in security auditing, user behavior analysis and risk mitigation.