In Part 1 of this series I gave a brief overview of the assumed breach model of security. In Part 2, I dove into some details about major components to implementing the assumed breach model. In Part 3, I am going to provide some concise, real world steps to moving toward this mindset within an organization. I’ll use the same three categories from Part 2. This will be something that… Read More »The Assumed Breach Model – A Practical Approach Part 3
Seems like now about every 6 months or so every asks this same question about some new vulnerability. The answer should be the same, do the same thing you should have been doing before this vulnerability came out. In an Assumed Breach model of security, these vulnerability would have already existed, and your other network controls, in most cases, would have rendered them no worse than a phishing email (which… Read More »#Spectre and #Meltdown – What do we do?
In Part 1, I gave a brief overview of the Assumed Breach model. In this part, I will begin to dive a little deeper into some of the areas where the assumed breach model can focus. I am going to cover three areas: Network Segmentation Tiered Accounts and Access Control Log Management and Threat Hunting The idea is not to simply prevent attacks (though this is still an integral part… Read More »The Assumed Breach Model – A Practical Approach Part 2
A few years back Microsoft released a set of 10 Immutable Laws of Security. These are tried and true and should be a foundation of security posture. I have been developing some information around the Assumed Breach model of security. You can read about it in a series of blog posts I am going to be publishing after the holidays on that very topic. In this series, I am going… Read More »10 Immutable Laws of an Assumed Breach
This is something I have been socializing for a while now, but I thought it was time to start putting some of thoughts down in writing. So what is the assumed breach model of security? To put it simply, it is a security strategy that assumes any given endpoint is breached and controls risk as such. That is an oversimplification, of course, as taking that approach would be an enormous… Read More »The Assumed Breach Model – A Practical Approach Part 1
A note to vendors: Infrastructure as a Service (IaaS) != secure/compliant applications, it can, but doesn’t by default. Why are people putting their servers and applications in IaaS providers like AWS and Azure? They can get a cheap, fast and secured data center to host their servers/applications. But that doesn’t mean they get the same thing they would in a locally managed data center within their company. Amazon lists… Read More »IaaS and the Shared Responsibility Model
NIST, National Institute for Standards and Technology, just released a new guide for incident response and recovery for a cyber security incident. What is a Cyber Security Incident? According to NIST Special Publication 800-61, Computer Security and Incident Handling Guide, an event is any observable occurrence in a system or network. Events include a user connecting to a file share, a server receiving a request for a web page, a… Read More »NIST Guide for Cybersecurity Incident Recovery
In the first post I covered best practices for securing service accounts. In this post, I am going to discuss some key elements in securing privileged access. Keep in mind, Microsoft has published a comprehensive guide to securing an Active Directory. Keep in mind that many of these things will require additional work on the front end, but that is usually due to poor existing practices. Once processes are in place,… Read More »Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2