NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Security Emergency Preparedness: Preparing for the Next Attack

July 5, 2017

  • Blog
  • Archive

Security Emergency Preparedness

These days, information security operations can feel like a constant series of scrambles. One week, it’s a huge dump of credentials. The next, it’s an outbreak of targeted ransomware exploiting a common Windows service. Many organizations are feeling the pressure, and don’t have enough staff and time to catch their breath from one major issue to the next. Are we being targeted? Are we already compromised? How susceptible are we to major malware outbreaks or exploit kits or criminal groups or… well, any of it?

The landscape of security is changing rapidly (every day there is a new exploit, sensitive data exposure, or story of horrifying things on the Internet), and many security teams are struggling to better understand their security exposure. While it’s true that we will all deal with a variety of “panic” scenarios at some point, most organizations can improve responsiveness by leveraging some foundational vulnerability tools and best practices. Whether this means scanning for missing patches or vulnerabilities, looking for possible avenues of credential misuse, or anything in between, vulnerability management can help us shore up our defenses, and find areas of exposure in our environments, hopefully before they’re compromised.

First, start with the most basic premise – inventory management. System and software inventory absolutely has to be the #1 priority, since you simply can't protect what you don’t know you have. Scanning tools can help with this, as can identity and access tools that inventory accounts in the environment. What do you have, what is running and installed, and who is using the assets and applications? Answering these questions will give you a good head start on protection.

The second critical area of focus should be on known vulnerabilities in the environment. In the recent WannaCry ransomware outbreak, Microsoft Windows systems were susceptible to a known bug that was released into the wild illicitly… roughly TWO MONTHS after it had been patched by Microsoft, who dubbed the flaw “critical” and urged all affected organizations to update their systems immediately. What happened? In 2017, we really can’t afford to casually wait two months or more to patch known critical vulnerabilities in major operating systems. Vulnerability scanning tools can help us enormously by pointing out the flaws and which systems are susceptible to them. Security and operations teams should then prioritize remediation of the issues reported, something we’ve known for years. We’re talking about the basic blocking and tackling, folks. Scan, patch, and check again. Do it once more. Maybe another time.

Today, we are seeing an unprecedented rise in the use of administrative credentials during attacks and data breach scenarios, as well. Tracking down admin privileges and services and applications where admin credentials are needed (or not) is another area that needs our attention, and fast. Start by focusing on local admin credentials in operating systems, and then start looking for core applications that require some admin interaction, and focus on locking down these accounts (or removing them if they’re not needed). Better yet, invest in a centralized set of tools that can help mitigate admin access and provide audit details to boot.

This is just the start – we’ve obviously got a lot of work to do, and no one is saying it’s easy. However, let’s not deny that these are all things we should have been focusing on all along, and it’s time to build a better information security preparedness program through proactive monitoring and inventory.

Photograph of Dave Shackleford

Dave Shackleford, Cybersecurity Expert and Founder of Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.