Architecture and Configuration
10 Steps to Cyber Security
Architecture and Configuration
Protecting our systems by designing systems architectures with security in mind is becoming increasing necessary. Similarly, ensuring tight configuration control of your systems will ensure that weakness in security are or cannot be introduced is a key component in adopting a secure by design approach.
A secure-by-design approach means not only ensuring that your systems are difficult to breach, but architected such that should a breach occur, it is difficult for an attacker to traverse and navigate your systems.
There are many frameworks available to aid in building secure-by-design architectures – MITRE ATT&CK for example, a framework based upon considering how cyber-attacks are typically performed, and architecting systems to make it as difficult as possible for the cyber-attack techniques to be effectively applied and inhibiting lateral network movement.
Configuration drift is an issue in any IT environment. With configuration drift comes risks, risk that the change will affect something important in an unexpected way, risk that a change will introduce a vulnerability or increase security exposure. For these reasons and many more, it is sensible to adopt a change control process to manage, assess, and co-ordinate changes that need to be made.
Remote working has brought with it the need to ensure that your users’ devices are protected and effectively managed wherever they are, and have confidence that not only is it being applied, but that it is working as intended. Having visibility of your end-user devices and being able to manage them effectively is critical to ensure they are secure, and to verify they are not being exposed to unnecessary risks and exposing your infrastructure by association.
Consider the cost
Unsurprisingly these solutions can increase costs. But consider the cost that a single cyber-attack can easily cost an organisation the inability to conduct and transact normal business for days or weeks, staff costs for disruption and to rectify the incident, loss of reputation with customers, etc, then the price is justified.
Solutions for Architecture and Configuration
Since its large-scale adoption, the standard for anti-malware has been definition-based protection using a ‘naughty’ list of applications and processes that should be blocked, it’s becoming apparent that this approach no longer provides reliable protection against malware today. It is estimated that 600,000 new malware threats emerge each day, 25% of which are completely new and will not be detected via definition-based scanning.
Next-gen solutions such as – Sophos Intercept X or Microsoft Defender for Endpoint – that use AI-based detection and Machine Learning behaviour analysis are now the standard that organisations need to be adopting in terms of anti-malware solutions. This is something that organisations need to be considering as soon as possible.
Access control seems like a fairly obvious inclusion in securing your architecture and it’s something that pretty much everyone is familiar with in some form – usually a username and password, but it can go much farther that that with solutions today, the Sophos suite of hardware appliances for example can automate the access that devices have to network resource based upon the status of their anti-malware – when a threat is detected on an end-point, the hardware appliances can isolate the endpoint from the network to effectively prevent the threat from propagating.
Alternatively, solutions such as Forcepoint can use user behaviour monitoring to detect insider threats or other potential indicators of compromise with regards to file, network or email traffic occurring that is not normally associated with a particular user.
Ensuring adequate control and visibility of your devices in the mobile-cloud era is essential to not only ensure your devices are secure by means of security policy application, but to ensure you are in control of where your organisational data resides by setting restrictions on what can be accessed from where, and what data can be stored locally, for example.
Solutions such as Datto RMM and Microsoft Endpoint Manager can be invaluable in providing the required levels of management, control and visibility.
Good patch management is one of the most important elements to running an IT system today. Software patches are released almost constantly in response to the constant discovery of vulnerabilities and exploits present in the software we use daily.
Device management solutions (or their associated features) will often provide some measure of patching functionality – e.g. Datto RMM or Microsoft EM/Secure Score – and all will provide insight into the versions of software running on your environment. Additionally vulnerability assessments can be used to verify your patch management strategy is being effective, or to highlight the need for patch management in your environment.
Firewalls are another technology that are familiar to most and anyone with an internet connection at home will have a firewall built into their router as a minimum. Next-Gen firewalls offer far greater flexibility and application awareness (they understand which application generated the network traffic) than traditional rule-based ones, with the Sophos XGS line of firewalls proving to be both popular and effective across organisations of all sizes.
Web security is not a new concept. Complexity has increased, as the nature of the cyber threats users face when browsing and accessing web content has changed, vendors such as Sophos, Forcepoint and Microsoft are amongst the leaders in the field of enterprise web security.
Monitoring, Detection & Response
Historically, network monitoring was often so complex that many IT professionals simply disregarded it as unachievable.
There are now multiple solutions available that will assist with analysing network traffic with a view to understanding it where it came from, where it’s going to, and what its purpose is.
By using AI to analyse this information, SIEM/UEBA solutions such as Logpoint are able to pinpoint correlations and differentiate between noise and potential indicators of compromise.
If a full SIEM solution is not justified for your environment, you can augment next-gen AM solutions with their vendor’s detection and response products, such as Sophos XDR and EDR for Microsoft Defender – these solutions offer great oversight but do not provide the breadth of coverage possible with a full SIEM.
Utilising a Zero Trust approach can revolutionise your system and data security. By assuming that no-one and no device should be allowed access until their identity has been established via multiple factors almost guarantees your data is protected from unauthorised access.
There are a number of different approaches to achieve a zero-trust approach – Sophos Zero-Trust approaches it from a network perspective in a similar way to Cisco Meraki by establishing the pedigree of a device prior to allowing it access to resources, Microsoft uses it’s vast eco-system and cloud presence to apply controls to individual files and leverage telemetry from it’s other solutions such as Active Directory and Endpoint Manager to determine whether access should be granted.
Forcepoint CDR takes a different approach again with regards to interpreting zero trust from the perspective of trusting no emails and dynamically rebuilding every single email in realtime with sanitised links and in doing so almost guaranteeing email based threats are disarmed.
Secure Access Service Edge (SASE) is a new approach to networking and security that reinvents these technologies as converged cloud services. It provides uniform connectivity and protection everywhere so that people can work anywhere.
Forcepoint’s SASE goes beyond just securing access to web, cloud, and private applications.
The solution puts the vendors industry-leading data security at the centre of their SASE platform, giving unique control over how data is used even after it is downloaded. We help you make your people more productive and your business safer.
If a full SIEM solution is not justified for your environment then you can augment next-gen AM solutions with their vendors detection and response products, such as Sophos XDR and EDR for Microsoft Defender, these solutions offer great oversight but do not provide the breadth of coverage possible with a full SIEM.
Protect Your Data. Secure Your Organisation.
Secure Architecture and Configuration for Cyber Security
- Understanding what you are building and why
- Making systems that are easy to maintain and update
- Making compromise and disruption difficult
- Reducing the impact of compromise
- Making it easy to detect and investigate compromises
- Safely developing and managing systems
Our Vendor Partners
We work alongside the most reputable vendors in cybersecurity to ensure your people can work safely from anywhere.
Speak With an Expert
Enter your details and one of our specialists will be in touch.
Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.