Aqueduct Technologies, Inc., New England’s leading IT solutions provider — As a result of international tensions that have arisen surrounding the Russia/Ukraine conflict, the Cybersecurity, and Infrastructure Security Agency (CISA) released the “Shields Up Advisory“, recommending that organizations be on heightened alert.
What exactly does this mean? What actions should we take? Getting started down a path toward applying this information to your environment can feel overwhelming. Not to worry – we can call upon one of our favorite industry terms: Actionable Intelligence.
We need to take the general advice being given and expand on it, so we can do something with it. The best place to begin when interpreting the advisory and your overall security posture is to start with the basics and build a plan.
Below is high-level guidance and resources on critical areas to consider:
1. Incident Response Handling
Develop an Incident Response Plan. Both NIST and SANS have standardized frameworks, summarized below:
- Preparation
- Identification (Detection & Analysis)
- Containment
- Eradication
- Recovery
- Lessons Learned
Having an action plan will reduce your need to pivot during times of crisis, ensure your strategy is aligned to the highest cybersecurity standards, and significantly improve the availability and integrity of your data and services.
Incident response handling is time-consuming, requiring detailed operational analysis, full-time staff, and ongoing adjustments. Leveraging a Managed Detection and Response solution may be considered to reduce operational overhead and accelerate response times.
2. Authentication & Identity Management
- Leverage MFA across the board
- Audit AD accounts and MFA policies
- Audit cloud service provider Identity and Access Management (IAM) ruleset
- Implement network segmentation and containment controls with Cisco ISE
3. Network & Infrastructure Security Controls
- Audit firewall ruleset
- Align firewall ruleset with Next-Generation Firewall (NGFW) architecture
- Align VPN topologies to modern cryptographic standards
- Audit cloud workflows
- Leverage SIEM and NetFlow logging and traffic monitoring
- Block browser-based encrypted DNS services
- Leverage SaaS tenant controls
- Maintain up-to-date software versions across the organization
- Conduct regular penetration testing
- Conduct regular DR testing
- Conduct regular backups and ensure tiered 3-2-1 backup hierarchy
4. Endpoint Protection & Content Filtering
- Audit Antivirus/Antimalware solution
- Block traffic to/from high-threat geographies
- Block proxy and anonymizer services
- Leverage URL and content filtering
- Leverage endpoint disk encryption
- Leverage email encryption and security
- Perform routine end-user educational training
