{"id":36829,"date":"2022-06-14T16:15:06","date_gmt":"2022-06-14T05:15:06","guid":{"rendered":"https:\/\/www.institutedata.com\/?p=36829"},"modified":"2022-06-14T16:30:03","modified_gmt":"2022-06-14T05:30:03","slug":"10-cyber-security-solutions","status":"publish","type":"post","link":"https:\/\/www.institutedata.com\/us\/blog\/10-cyber-security-solutions\/","title":{"rendered":"10 cyber security solutions organisations should implement"},"content":{"rendered":"<p><strong>By Ez Yiap &#8211; <\/strong><strong>Cyber Security Consultant (GRC) and Assistant Trainer for the Institute of Data&#8217;s Cyber Security Program.<\/strong><\/p>\n<p><strong>An <a href=\"https:\/\/www.institutedata.com\/blog\/from-travel-to-cyber-security-how-ez-re-booted-his-career\/\">IOD alumni<\/a> who pivoted into cyber security, Ez now helps organizations assess and strengthen holistic cyber security. Ez is passionate about contributing and coaching in the cyber security community.<br \/>\n<\/strong><strong><a href=\"http:\/\/www.linkedin.com\/in\/ez-yiap\/\" target=\"_blank\" rel=\"noopener\">Connect with him on LinkedIn<\/a>!<\/strong><\/p>\n<hr \/>\n<p><span style=\"font-weight: 400;\">In 2022, there is certainly no end to the possible cyber security solutions an organization can look at implementing, let alone knowing which are the most important.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There is no right or wrong answer or an all-inclusive and applicable list. Organizations should take a risk-based approach in assessing and treating their cyber risks and look to balance value and functionality with security controls and systems.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This article outlines ten of the top cyber security solutions organizations are implementing to mitigate cyber security threats better.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Awareness Training and Coaching in Cyber Security<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Have you heard of the phrases &#8216;The Human Firewall\u2019 or maybe, \u2018People are the weakest link\u2019? When it comes to security, regardless of the latest and greatest technology, an organization relies on its people for security, privacy and protection as the first line of defense and response.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Organizations should start by developing a security awareness strategy, then a program of security awareness training and or coaching that works to address the day-to-day tasks users and customers face that introduce risks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Security awareness programs may include a range of modes to engage users with different learning styles.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Approaches to staff or even customer engagement include but are not limited to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Face-to-face sessions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Virtual presentations\/webinars<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Interactive modules (computer or online driven)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Video content<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Gamified content<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Simulated phishing engagements<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Poster\/banner\/warning collateral<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Increasingly, organizations are turning to security coaching models over traditional awareness training\/education models.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Coaching is about continual improvement and growing self-awareness.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Coaching requires defining a purpose, gaining buy-in and working with individuals to become a part of something greater as a collective. Where training may deliver quantitative metrics, coaching invites feedback, discussion, contribution and intrinsic motivation to secure day-to-day duties.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Cyber security solutions, policies, processes and procedures<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Every organization needs governance, strategy, accountability, and clear expectations from the boardroom to the basement, even around the topic of cyber security. Formalizing and documenting are often seen as bureaucratic red tape to an organization\u2019s growth.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The result is processes and operations developing without being formalized and documented. Risks arise when staff turnover or organizational direction, requirements and contexts shift, meaning that business gets stalled as people try to recalibrate the what, how, why, and where to-dos and the what-ifs.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Organizations should aim to formalize cyber security solutions by implementing an information security policy suite that supports the organization\u2019s goals and promotes growth, functionality and maturity.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Typically, policies outline the high-level purpose, scope, context, requirements or details. Processes aim to outline what to do and are more operational. They will have step-by-step instructions that can be followed and are intended to make cyber security understandable and accessible to someone in a pick-it-up and go-with-it mode.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Procedures layout the way to go about a task and address finer detail in the \u2018how tos\u2019. Procedures are written for an audience with an expected competency level or expertise in the subject matter at hand.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some examples of policies include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Information Security Policy<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Acceptable Use Policy<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Human Resources Security Policy<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Third-Party Management Policy<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Access Control Policy<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Some examples of processes include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">User Access Control Review Process<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Incident Response Process<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data Breach Notification Process<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Change Approval Process<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Some examples of procedures include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Onboarding\/Offboarding Procedure<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Daily Backup Procedure<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Operating System patching Procedure<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">User\/Caller Identification Procedure<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Identity and Access Management<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Identity and access management (IAM) is the set of controls that determine the entities that can access resources, the extent or type of access to those resources permitted and the verifications that sit alongside it. IAM includes and addresses controls for identification, authentication and authorization.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For enterprise organizations, IAM may have a multi-person team of trained cyber security professionals handling the ongoing tasks that come with a big moving machine that can include specialized software, structured processes and procedures.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Access controls are essential in preventing unauthorized disclosure, alternation and unavailability of resources, data and systems. This places IAM in the top cyber security solutions organizations focus on when architecting their cyber security posture.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">IAM can include solutions such as privileged access management (PAM), single sign-on (SSO), multi-factor authentication (MFA), access controls like role-based access control (RBAC), or even federated authentication using the likes of Google, Facebook or Microsoft to authenticate and allow access.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Email Security<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Multiple security controls apply to email. One of the most used is email filtering, often known as a secure email gateway (SEG). This solution usually offers a string of protections for user inboxes that may include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Spam filtering \u2013 flagging mail as spam and then directing it to a dedicated folder with warnings provided to the user cautioning opening it or its attachments.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Granular filtering \u2013 instead of an out-of-the-box or signature-based filtering, a solution may permit the administrator to provision set conditions or settings that filter emails and quarantine them or block them entirely.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Quarantining \u2013 an email may be quarantined if it meets criteria identifying it as potentially malicious. If the user accepts the risk, a request then needs to be made to release it from quarantine.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Phishing reporting \u2013 the solution may integrate with the organization\u2019s mail solution to permit the user to flag suspicious mail as phishing or report it, allowing the organization to investigate further and develop reporting and analytics on emails<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Attachment scanning \u2013 scanning email attachments for known malicious signatures, parameters or contents may provide extra protection from users engaging with viruses and malware.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">There are many flavors of email security. Some will include security controls for not only inbound messages but also outbound ones. An example of this is the ability to encrypt outgoing emails to protect the contents being sent. <\/span><span style=\"font-weight: 400;\">Organizations usually need to undertake business impact analysis, cost analysis and run proof of concept on email security solutions to ensure they get the needs of the business met.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Endpoint Detection and Response<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Antivirus software has been around since about the late 1980s. It has evolved in such a way that there are few if no solutions that exclusively call themselves antivirus and only provide that offering. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">With the evolution and proliferation of malware, continual cyber threats and an ever-growing application and device sprawl across organizations and in our personal lives, it is no wonder that cyber security solutions have grown to address multi-front risks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Endpoint detection and response (EDR) is a cloud-based solution where an agent resides on the user\u2019s device. The agent works to log and monitor events, looking to uncover indicators of compromise (IOCs), threats on the device, anomalous behavior, viruses and malware and accordingly take action to mitigate anything deemed an incident. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">EDR has the capability to feed a Security Information and Event Management (SIEM) tool that can aggregate, correlate and assist in triaging events and incidents by a security analyst or team of them.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Extended Detection and Response (XDR) is also sometimes known as Cross-Layered Detection and Response. XDR takes the detection and response to the next level by pulling and pooling multiple sources, including endpoints, network devices, cloud solutions, third-party data, threat analytics, and possibly more, depending on the vendor. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Data is usually correlated and normalized to reduce the amount of noise the team receiving the information has to deal with and provides greater context and relevance to assist in security incident management.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Vulnerability Management<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Operating systems, software and firmware are in constant need of updating, not only by developers and vendors for general improvements but also for security. New bugs are discovered all the time, and without an organization applying the latest patches, vulnerabilities may exist that threat actors could exploit in cyber attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Vulnerability management is typically a program of work established to scan external and internal infrastructure and applications to determine any missing patches or vulnerabilities.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">An organization may do this itself with a scanning tool or outsource it to a Managed Security Services Provider (MSSP) to license the tool and provide the resources to scan and report on. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In almost all circumstances, remediations lie with the organization due to interdependencies, testing updates, rollbacks that may be required, and the delicate nature of many environments.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some standards, like the Payment Card Industry Data Security Standard (PCI-DSS), mandate regular vulnerability scanning, adding an element of compliance in addition to good practice security. Many organizations struggle to stay on top of patching vulnerabilities due to the sprawl of technology and applications and the resources required to manage it all regularly.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Usually, an organization will rate vulnerabilities by severity and set out a specific timeframe for the remediation. For example, critical vulnerabilities may be deemed necessary to remediate within three business days, whereas a low vulnerability may be deemed necessary to remediate within two months.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Security Operations Centre<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">A security operations center (SOC) may involve several layers of service offerings. Typically, a SOC is built around a SIEM tool with analysts monitoring for IOCs and abnormal activity in order to respond as quickly as possible.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Many SOCs run on a 24\/7 basis year-round, with security analysts doing shift work. Various models exist of entirely outsourced managed detection and response (MDR) to hybrid models where an organization may have in-house analysts 9 to 5 then outsource the monitoring outside of hours or, in some instances, may put its analysts on call outside of hours.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A SOC may undertake security responsibilities such as:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">SIEM management<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Levels 1 -3 security analyst work<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Network threat analytics<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Security orchestration and remediation (SOAR) oversight, configuration and management<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Threat hunting<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerability management<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Incident response<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Digital forensics<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">SOC solutions often provide organizations with incredible value due to the resource requirement of establishing, maintaining and having a truly effective in-house team to do all the tasks on a 24\/7 basis. MSSPs leverage a wide variety of technology and vendors to suit budgets, scale, client requirements and capabilities as needed.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Penetration Testing<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In addition to organizations developing and implementing cyber security solutions with security and privacy in mind, they also need to provide assurance of security to stakeholders, suppliers, customers, clients, regulators, government, partners etc.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">One such means of assurance is penetration testing. Sometimes known as ethical hacking, this is where a network, system, application, hardware or even a physical environment will be scoped for a simulated attack to determine what vulnerabilities and security holes exist in order for the organization to remediate them (hopefully) before a threat actor can.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Penetration testing scope is always agreed upon between the client and the service provider (penetration tester), whether in-house or external. In most circumstances, penetration testing teams are either fully independent or segregated from other parts of the business like software development to ensure no one is marking their own homework, so to speak.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Penetration testing commonly occurs on web applications either during development or before launch, as threat actors commonly target these to access sensitive information and environments. Additionally, penetration testing can be undertaken on external, internal and wireless networks.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Hardware and Internet of Things (IoT) devices are increasingly subject to penetration testing requirements. A physical penetration test usually involves testing physical security controls an organization has, such as security cameras, social engineering vulnerabilities, secure area access, lock picking, access control vulnerabilities, etc.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Data Loss Prevention<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Data loss prevention (DLP) solutions come in many flavors, with varying inclusions, details and implementations. Typically, DLP addresses two scenarios. The first is the risk of an inside threat actor. They may be intentional or unintentional in their actions but are exfiltrating (leaking) data outside of where they should and exposing risks to confidentiality by doing so.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This may result in compliance, regulation, and legal issues in some instances. The second is the risk of an external threat actor that has gained access to the internal environment and is seeking to exfiltrate data for malicious purposes \u2013 selling it on the dark web, espionage, or holding it for ransom.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DLP usually requires some security prerequisites in order to be effective. This includes such policy and practices as data classification and labeling for sensitivity in order to have the DLP solution determine what can and can\u2019t occur with set file types. DLP will rely on integration with other cyber security solutions and may need to access cloud environments to monitor traffic between end-users and cloud data storage locations within web applications or cloud storage services.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DLP is often implemented in later-stage cyber security solutions due to the maturity of an organization, as it can be high in cost, resources, complexity, and dependency on other established security controls.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Secure Code Development<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Secure code development, sometimes known as DevSecOps, is all about ensuring that secure coding practices are embedded within the development of code for applications. Application development is not usually driven by a high priority to be built securely.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Rather the focus is on time to market, user experience, functionality, reliability etc. Security tends to be an afterthought in development, and increasingly businesses are looking to shift security into the agile development process to minimize risks and reduce time mitigating and treating vulnerabilities discovered closer to release or once an application has gone live into production.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Secure code development requires an organization to develop software aligned to an industry-recognised standard such as the Open Web Application Security Project (OWASP), or the Center for Internet Security (CIS) controls for application software security or NIST\u2019s Secure Software Development Framework.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Secure code development also incorporates practices such as secure code development training for coders that may not have learned security practices during their education. This may also be complemented by training from penetration testers who review and test applications.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Secure code review is another control that can, in some instances, be automated with technology to search for security vulnerabilities within the code or can be a manual process of going through code looking for vulnerabilities or some combination.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">What&#8217;s next for cyber security solutions?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Security requirements and systems will continue to evolve and shift.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As a cyber security specialist, each of the outlined cyber security solutions has its own domain and specialty that you can do a deep dive into. Important to keep in mind is that security requires a holistic, defense in depth layered approach.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To find out more about each of these cyber security solutions, their applicability to organizations and help discover an area of special interest to you, <a href=\"http:\/\/www.institutedata.com\/us\/consultation\">speak to the Institute of Data<\/a> and get inspired.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Ez Yiap &#8211; Cyber Security Consultant (GRC) and Assistant Trainer for the Institute of Data&#8217;s Cyber Security Program. An IOD alumni who pivoted into cyber security, Ez now helps organizations assess and strengthen holistic cyber security. Ez is passionate about contributing and coaching in the cyber security community. Connect with him on LinkedIn! In&hellip;<\/p>\n","protected":false},"author":1,"featured_media":36834,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[527,542],"tags":[],"class_list":["post-36829","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-careerchange","category-softwareengineering"],"_links":{"self":[{"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/posts\/36829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/comments?post=36829"}],"version-history":[{"count":0,"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/posts\/36829\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/media\/36834"}],"wp:attachment":[{"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/media?parent=36829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/categories?post=36829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.institutedata.com\/us\/wp-json\/wp\/v2\/tags?post=36829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}