While it may be inevitable for an organisation to control each and every aspect of the IT systems, a regular backup of all the important files would serve the purpose of not losing valuable data when mishaps happen. To note, Darkside encrypts or deletes backed-up data as well, so companies might also need to consider improving on security posture for the backup systems involved.
Email etiquette and essential security training to employees can help contain security incidents. Additionally, email screening can help identify threats before it reaches employees.
Running EDR and deploying ZTNA on all endpoints and configuring ZTNA policy to enforce EDR is running with latest updates, to allow network access.
Security-Hardening for Domain Controller
· Create Replicas of Domain Controller, allow users to access Replicas only
· Enforce Firewall policies for Domain Controller
· Deploy EDR on Domain Controller
· Enforce Lateral Movement Detection for traffic in/out of Domain Controller
Protection against Command and Control
· Block access to Anonymizers, TOR Proxies
· Enable IPS to detect/block other types of C&C
· Security-Hardening of File Shares
· Enforce Firewall policies for File Shares
· Deploy EDR on File Shares
· Enforce Lateral Movement Detection for traffic in/out of File Shares
· Protect access from File Shares to Backup Servers
Using multilayer Protection – While it may be a good idea to engage best-in-class product to ensure system security, it makes sense to employ right products at every layer to detect threats in case any of the products misses detection. A recent survey concluded that using multiple products facilitates organisation security better compared to relying on a single breed of product. Classifying network in layers can help organise security response as appropriate and reduce the attack surface.
Implement Password policy and internal zoning of files to prevent person access of the undesired files and folders. Employ lateral movement detection for east-west traffic.
Apply security patches – Applications can introduce security loopholes and can be a problem for organisations. It would be a great idea to patch applications when security updates are made available.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.