The 10 most overlooked security tasks

In interviews with three security experts, Dark Reading developed a list of 10 gotchas that may not lock the organization down for good, but will go a long way to making sure you can sleep at night. They range from being ever more vigilant about phishing emails and DNS calls to taking more care about deleting accounts when an employee leaves. The latter can be a real headache because merely deleting a user from Active Directory doesn’t cut it anymore.

1. Security pros need to convince email/messaging system managers to enable DMARC policies in their corporate email to aid in the fight against phishing attacks. DMARC stands for Domain-based Message Authentication, Reporting & Conformance and is one of the best-known ways to reject spoofed emails. Security pros looking for a more efficient way to manage DMARC now use tools such as Agari or ValiMail. Companies can opt to simply warn users that they have received a spoofed message or choose to block these likely malicious messages.
2. Another way to fight against phishing attacks is to focus more on DNS calls. For example, a user may get an email that they’ve won a prize or are entitled to a free product. Once they click on a link in the email the system makes a DNS call and the vast majority of times the site could be malicious. Security managers are now using tools such as Cisco Umbrella, Infoblox ,or Nominum so if the user gets tricked into opening up the link, the control will stop the DNS call and send the user a message that they have clicked on a malicious site.
3. When human resources advises that an employee is leaving the company, it’s important to go beyond simply deleting the person’s account from Active Directory. Today, users may have Google and Salesforce accounts as well as up to 10 accounts in various cloud services for payroll, timesheet, travel, workflow, and project management functions. Because these accounts are in the cloud, it’s much easier for an employee who left the company to access the account because all they need is web access, they no longer have to go through the corporate VPN to gain access. So be sure to delete all of their accounts.
4. Security pros are so overloaded protecting their own enterprises that they often lose sight of the bigger picture. ISACA and other security groups advise security analysts to take a more holistic view of their risk picture. This includes paying attention to the security of service providers, other third parties and various suppliers. Many companies now run security checks on their suppliers using tools such as BitSight, QuadMetrics and SecurityScorecard.
5. Security experts are always talking about integrating security into the code development process, but when organizations take a step back and look at what this really takes, it’s actually really hard to do. For starters, it takes substantial retraining for developers to learn how to code in this manner. However, realizing that their products must be more secure, some companies have turned to bug bounty companies such as HackerOne and Bugcrowd to run vulnerability tests on what they are developing. It may not be perfect, but at least it gives them insights into what some of the more obvious vulnerabilities are so they remove them before a product goes out the door.
6. It might seem obvious that security pros should focus on firewall configuration management, but keep in mind that firewall polices grow over 10 and 20 years and the real issue for security managers is that they have too many rules. What started as 50 or 100 rules several years ago has grown to in excess of 5,000 or even 10,000 or more, so this task must be automated. Tools such as Algosec, Firemon, Puppet, Tufin, and Titania can help.
7. Security experts harp on patching and this also may appear obvious, but security teams find it really takes a lot of work to get IT operations to patch faster, which is why so many organizations don’t really do it. Security pros need to coordinate better with their quality control and engineering departments about their patching schedules and take advantage of inexpensive IaaS cloud services to rapidly run tests before they run a patch to make sure that a patching session won’t slow down the network or an application.
8. While companies focus much of their security efforts on external threats such as cybercriminals and nation-states, the threat from insiders remains just as great. Forrester Research found that 58% of global enterprise experienced at least one breach in the past 12 months, and of that group, 50% say they suffered at least one internal incident. Data loss prevention software can help with data leaks inside the organization, but it also makes sense to pay attention to employee behavior. Try to keep tabs on which employees are happy and which might be disgruntled and could potentially steal data.
9. Gartner found that through 2017, 38% of IT purchases will be done by line-of-business leaders. This leaves IT and security analysts scratching their heads on how to keep the organization secure. You can’t secure something if you don’t even know it exists. Getting a grip on this takes a tremendous educational effort and people who are good at explaining the technical issues to line-of-business managers.
10. No power in 2018? It’s possible, considering the incident at the Consumer Electronics Show when the power went out in Las Vegas. Having redundant UPSes and a back-up generator should be routine at this point, but with all that’s riding on your network, it makes sense to review your hardware inventory and be sure you have adequate power to run all your servers and devices.

Dark Reading has the full article