COVID-19 AND CYBERSECURITY 8: ALL QUIET ON THE WESTERN FRONT? MAKING THE BEST USE OF SPARE TIME
As days have turned into weeks and months IT teams have also moved from the rush to scale up remote working services through to supporting their users in adopting services like Teams and Zoom. With many now over their own ‘peak’ in activity the question is very much – what’s next?
In a previous article we’ve already explored the change freeze that many organisations have already put in place – equally so we’ve seen this freeze being applied to budgets as well in many cases putting future developments and improvements on hold. So, what’s an administrator to do?
Go beyond hardware and software in your Inventory
I’ve spoken at length in articles published here and elsewhere about the importance of having an inventory of your hardware and software – with it being next to near impossible to secure systems that you don’t know you own. It’s time to take this to the next level and take stock of your public IP space. The recently published 2020 Data Breach Investigations Report from Verizon (https://enterprise.verizon.com/resources/reports/dbir) identifies how a great many organisations are indeed patching internet facing systems – but that the systems which are unpatched have often been in that state for many years perhaps indicating that they have become ‘forgotten’. It’s also worth reviewing the intermediary systems like Load Balancers, Web Application Firewalls and Reverse Proxies which might be serving these public facing services.
Tools like Shodan (https://www.shodan.io) can be used to quickly scan public IP address spaces and identify open ports/services and in addition we’re always happy to help our customers out with a vulnerability scan against their public infrastructure – just get in touch with your account manager to arrange it.
Make the best use of the tools you have
All too often we’ll visit new customers who have had systems – most notably firewalls and other security services in place for many years that are still running the same configuration as when they were first deployed. Quite often these systems are running a recent firmware version but as they are still sitting on configuration from many years ago they aren’t taking advantage of any of the new features.
Sometimes it’s a simple case of best practices changing over time – here vendors like Palo Alto Networks provide a free ‘Best Practice Assessment’ tool which makes it really easy to identify areas for improvement perhaps by applying an additional element of the threat prevention services to traffic or by enabling a feature introduced in a recent major firmware upgrade.
It’s also worth exploring using tools like these on an ongoing basis – get those BPAs run every time you make a major configuration change or do a firmware upgrade to deliver continued improvement.
The key take-away here is if you’ve bought 100% of an appliance and that appliances CPU is sitting down at 5-10% of its maximum rated capacity it’s time to think about getting a greater return on your initial investment and get that usage bumped up.
Learn scripting and automation
The CLI is back! With Microsoft making PowerShell (https://github.com/PowerShell/PowerShell) first cross platform back in 2018, and with it now truly a viable tool for managing and automating in 2020 there’s never been a better time to learn. The benefits are real – by scripting/automating away even simple tasks you’ll know that they can be performed with a greater deal of consistency and at the same time give you the extra time you need to look to develop other skills or perhaps work towards professional certifications.
Regardless if you work in systems or networks Ansible from Red Hat (https://www.ansible.com) combined with varying amount of Python should be your second stop, by building out ‘playbooks’ complex tasks across a myriad of systems can be within the reach of just a few short commands into a command line. There’s a whole slew of other services out there offering a range of support options with tools like Cortex XSOAR from Palo Alto Networks (https://www.paloaltonetworks.com/cortex/xsoar) or Node-RED (https://nodered.org) originally from IBM.
As a business we are committed to providing help, guidance and support to our customers, particularly those on the front line and in critical industries. We want to do our part to help, so if you have questions, want to chat some things through, you know where we are.
Image by usertrmk on Freepik