In 2015, some very high-profile hacks, combined with the ever-increasing need to do more with less, have helped to shape federal IT security.
These high-profile attacks (think OPM) revealed that as people found themselves needing to do more with less, the need for security didn’t go away or even dissipate; it has actually increased.
In response to these trends both this year and over the past few years, technology has improved significantly. Security tools have gotten better. They have become more advanced, more sophisticated, and now, they make it easier for security engineers to do their job. Today, the security tools available to us give a better overall view of our IT environment than ever before. We are experiencing a new security paradigm compared to just five to seven years ago.
As a result of the need to do more with less and the need for increased security, we now have better technology. Now, people just need to start using it.
To start, there are a few best practices to building a system that enables you to act on any security threats you discover. This series of articles will present and discuss those best practices for using your network, data center, and unified communications systems to secure your overall IT environment.
Step 1: Look at What You’ve Got
You need to know what’s on your network before you take steps to secure it. Take inventory of how many servers you have, what applications are running and what devices are connected to your network.
Consider using a vulnerability management system, with an endpoint management system to perform this audit. Both provide valuable information at the hardware and application level.
Analyze network traffic with a network access control program. This recognizes what devices are trying to communicate across your network and if they are known or unknown. If a particular device is known, the program will not allow it to talk to anything on the network and shut down the corresponding network port.
Step 2: Update and Maintain
Updating and maintaining application and network patches is absolutely critical for a secure IT environment. Unfortunately, it’s also one of the most overlooked pieces of the IT security puzzle.
When you don’t install an update or patch, you are putting the entire network at risk. Centralized control of updates and maintenance is the best way to ensure they are applied in a timely manner and keep exploitable holes from being created in your network.
A vulnerability management system can also help in this eternal endeavor. It identifies problems as they occur and lets you know how many machines are affected. This allows you to apply patches simultaneously, minimize vulnerabilities and keep out new and emerging threats as they develop.
Step 3: Block Everything Else
The final point between your network and the outside world is your firewall. A few years ago, the firewall only worked with your direction as to what traffic you did or didn’t want in your network.
The explosion of cloud and applications has changed this. With everything sent over web traffic, firewalls from just three or four years ago are basically worthless. A next-generation firewall that reads traffic as if is it were an end computer is now needed to ensure network security.
Mastering the Fundamentals
These best practices for network security don’t fixate on forensics and penetration testing, decoding malware or analyzing the origins of a hack. They focus on fundamentals that are too often overlooked.
You can have the most elaborate car alarm, but if you leave the door unlocked and the keys in the ignition, it doesn’t do you any good. Mastering security is about keeping small issues from turning into big ones.