A Crash Course in IT Security Controls and Threat Mitigation
Any organization bracing itself for the next big cyberattack understands the importance of evaluating its internal processes. Identifying the devices in the environment through proper device discovery, in particular, is an important first step, but what comes next in the quest to mitigate threats?
Let’s dissect the importance of a threat mitigation plan for enterprises and how to properly execute it.
5 areas to include in a threat mitigation plan
Due to the number of device types and length of time associated with an initiative of this caliber, it’s likely to turn into an enterprise project with an official project plan and assigned project manager. Items to include in this plan should identify managed and unmanaged wireless devices:
- Patch management plan of action and timelines
- Security controls
- Network admission control and device profiling (Cisco Identity Services Engine (ISE))
- Mobile Device Management (MDM — AirWatch)
- Wireless Intrusion Prevention Systems (i.e., Cisco wIPS)
- VPN clients (i.e. Cisco AnyConnect)
- Maintaining metrics on devices remediated versus those remaining
- Training for users to protect themselves at home, on the road and when using their mobile devices
- System refreshes
- For network and endpoint devices that are near or at end of life
- Systems should be replaced with new systems, which will receive software updates
Managing mobile users
While many organizations have control over the devices within the enterprise, most are unable to manage the wireless devices mobile users may access while working remotely or traveling. This is where Virtual Private Networks (VPNs) are important to provide secure transportion of data in the event a location where a user is working has not been updated.
Educating users is a critical part of a threat mitigation plan. Enterprises should help users understand the threats and possible repercussions they face. For example, an employee who uses his or her Android smartphone for both work and personal use could be susceptible to eavesdropping when accessing the Wi-Fi network at a local coffee shop. This can happen if the coffee shop patches its wireless router that provides access to the internet but the Android isn’t yet patched by the carrier.
Google is planning a patch release for Nov. 6, 2017. For its manufactured devices, such as Pixel, patches will be available immediately.
For other vendors and models, such as Samsung’s Galaxy phones, the vendor will need to integrate the patch into its version of Android and then push the update out directly or make it available for carriers (i.e., Verizon, AT&T and Sprint) to integrate into their updates before finally making it out to consumers. This could take months before some end users’ mobile devices receive a patch.
Your enterprise must be well aware of these timelines, and if you can execute on the above five steps to threat mitigation, a safer network is on the horizon.
Choosing the right security partner
The best security program isn’t one-size-fits-all. You need a partner who is knowledgeable in a wide range of security topics and can keep your devices and data protected.
Insight offers vendor-agnostic security workshops that will evaluate your end-to-end processes and provide detailed snapshots of your overall system health. This will help you understand the strengths and weaknesses of your environment and offer guidance to help you optimize processes without vendor lock-in.