Category Archives: enterprise security

How important is it to understand enterprise security management?

Estimated reading time: 3 minutes

Businesses increasingly face a wide array of ever-changing cyber risks as they adapt to the technologies and trends of today’s work environment. The world is in the throes of a digital revolution which has constituted a wide array of changes that enterprises must manage, from the Internet of Things to mobility management and many more. To ensure that enterprise security does not get breached, the importance of Enterprise Security Management (ESM) cannot be understated.

Defining Enterprise Security Management

Enterprise Security Management refers to entire set of end-to-end processes through which an enterprise creates a security management framework for their organization. A comprehensive ESM process will include a wide range of security protocols that an enterprise is following including endpoint security, network security management, Intrusion Prevention & Detection Systems, Encryption, Backup, Patch Management, Mobile Device Management (MDM), Incident Response Plans and so on.

As mentioned earlier, Enterprise Security Management is the key function that ties the entire organization with cyber security. It is in many ways, the one inter-related process which connects the enterprise’ cyber security outlook and shapes its attitude and outlook towards threat prevention. A perfectly designed Enterprise Security Management process will ensure that all the different parts of the process work well in sync with each other, doing the job of protecting the enterprise from cyber threats outside. However, a disconnected process will result in one hand not knowing what the other is doing, causing confusion and incoherence in the entire enterprise. The consequences of this can be severe – cyber criminals are always on the lookout for such enterprises and a cyber attack could lead to both financial and reputational damage.

To go about creating a strong ESM process, it is important to first do a proper assessment of the following factors:

  • Critical Data – All data is not the same and this is common for all enterprises. There will be data that is absolutely critical to the company and cannot be breached, there will be data that is confidential and there will be data which is none of the above two. An assessment needs to be made about this categorization of data, as that will help in creating different layers of data security.
  • Policies in place – Are the policies in place helping drive employees and the company’s outlook towards cyber security? Information security and cyber security are linked and it is a good idea to do a thorough review of the Information Security Policy of a company before finalizing on an enterprise security management approach.
  • Likely threats – A threat assessment report is very important for an enterprise to identify the types of the threats that they are most vulnerable against. This will help in creating strategies and contingency plans to deal with such threats. Threats can also be classified into categories as 1. Extreme Vulnerability, 2. Medium Vulnerability, 3. Low Vulnerability.
  • Patch management – What is the current state of infrastructure, especially patch management? Is the enterprise using outdated software and hardware, poorly patched and hence making itself vulnerable to cyber attacks?
  • MDM readiness – With business shifting to mobile devices and the lines between the personal and the professional blurring, enterprises must evaluate their readiness when it comes to Mobile Device Management (MDM) and come to an agreement about the kind of security controls they would like to impose.

The above points make it quite evident about the importance of Enterprise Security Management (ESM). For support in this regard, organizations can consider Seqrite, a leader in cyber security, for the provision of a secure platform for businesses to keep their data safe online. A multi-layered solution offers a range of powerful tools to allow enterprises to block malware, vulnerabilities and unauthorized alien access, leading to an unrisk enterprise.

The post How important is it to understand enterprise security management? appeared first on Seqrite Blog.

Enterprises can begin securing their endpoints by following these five simple steps.

Estimated reading time: 3 minutes

Sustainable enterprise security is both a great practice and a core business process. Enterprises are increasingly becoming aware of the diverse & intense nature of threats that exist in cybersphere and the damage it can cause – that’s where strong enterprise security solutions come in.

This is step one – enterprise security consists of ever-evolving complex layers that are never in stasis. Hence, after every cycle, security mechanisms only tend to get stronger. However, cyberattackers are getting extremely savvy and sophisticated in their malware onslaught, ensuring that attacks are timed to penetrate endpoints during cybersecurity transitional phases.

Hence, here are some easy-to-prevent flaws that can creep in when enterprises try to secure their endpoints.

  1. Lack of proper enterprise security policies

Enterprise security policies cannot be ad-hoc – this process needs to be implemented right from the beginning, and that is where strong enterprise security takes root. The best strategies can be ineffective if they are not backed up with strong security policies.

When it comes to enterprise security, organizations must be proactive in drafting policies. The crux of these security policies should consist of employee dos and don’ts, workforce collaboration that supports cybersecurity, human resource initiatives on malware literacy, among many others and should be complied to and regularly updated so that business security is never at risk.

  1. Inability to prioritize security integration of mobiles into enterprise networks

Mobile phones as work devices are seeing increasing adoption in the enterprise. Employees, that leverage this facility need to bind their devices with enterprise security ports so that business-critical data is not compromised. Due to rising attacks on mobile devices, Enterprise Mobility Management (EMM) has become a must for businesses of all sizes that allow this facility. Solutions like Seqrite mSuite are excellent solutions through which employees can safely access productivity apps on BYOD (Bring Your Own Device) or CYOD (Choose Your Own Device) platforms while maintaining strong security.

  1. Compliance with regulations

Most companies nowadays operate under some sort of regulatory control of their data, for example, HIPAA for private health information or the FERPA for student records. Often this information is stored in the cloud with the intention of keeping this ultra-sensitive data hidden from cybercriminals. As such, leaking of this information can have serious consequences – hence enterprises should be vigilant about being compliant about the nature of data and it’s storage.

  1. Faulty access permission

Enterprises can build the strongest firewalls at par with military standards, but the framework will collapse if appropriate access control mechanisms are not put in place.  Essentially, system administrators need to grant precise access to business users based on their role in the organization. This ensures that insider breaches do not happen and sensitive information remains confidential. Also, if hackers gain direct access to employee systems, they can break-in creating a demolition kind of scenario for any business.

  1. Not taking employees into confidence

Employees are the backbone for maintaining cybersecurity decorum. Hence, enterprises should consider taking employees into consideration and be confident about them as they look to implement cybersecurity solutions. They must be made aware of the dangers of weak enterprise security, the steps they can take and the warning signs they should look for. Since cyberthreats are highly dynamic and dangerous, if organizations don’t train employees properly, they are highly prone to be internal agents and channels of a guaranteed cyberattack.

After covering these flaws internally, enterprises should choose to invest in proven cybersecurity solutions such as Seqrite Endpoint Security (EPS) which offers a simple and comprehensive platform integrating several advanced technologies in one place for protection against advanced cyber threats.

EPS also comes packed with other vital features such as –

  • Web Filtering
  • Application Control
  • Vulnerability Scan
  • Patch Management
  • File Activity Monitor
  • IDS/IPS Protection

The post Enterprises can begin securing their endpoints by following these five simple steps. appeared first on Seqrite Blog.

Introducing the security configuration framework: A prioritized guide to hardening Windows 10

In the past, we left defining the security configuration for Windows 10 as a task for every customer to sort out. As a result, we saw as many different configurations as we saw customers. Standardization has many advantages, so we developed a security configuration framework to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience. We are defining discrete prescriptive Windows 10 security configurations (levels 5 through 1) to meet many of the common device scenarios we see today in the enterprise.

While building out this framework, we thought: what are key considerations for a security professional in today’s world?

Priority

What do I do next?

This is the question security professionals must constantly ask themselves. Nearly every security architect I’ve met with has a pile of security assessments on their desk (and a list of vendors eager to give them more); their challenge is never identifying something that they can do, but identifying which is the next most important thing to do from the massive list they have already identified!

I also get questions from customers who are just now planning their Windows 10 deployment and are hoping to configure as many security features as possible – but since they haven’t deployed yet, they don’t have guidance from the Microsoft Defender ATP Secure Score yet (we’ll discuss that in a minute) – how can they prioritize the features to initially enable? Achieving early wins is a key aspect to driving business value from the investment in this deployment.

Clearly, a key aspect for a security configuration framework is to help drive a smart set of priorities.

Comparison

Understanding where you lie in a continuum of security is also valuable. You see, there is no perfect score in security; everyone could always get better. What we really need to drive is a cycle of continuous improvement. But without an absolute target to pursue, how do you get a sense of how good is good enough? Looking at the posture of others is helpful. Being the best in security is of course aspirational, but being the worst is something you must avoid! There are other unintended consequences of being the “best” to be mindful of as well. Security configuration may be at odds with productivity or user experience; imagine if you worked for a software company and couldn’t test your own code because it wasn’t on your organizational safe programs list yet?

I want to be careful not to overemphasize the competitive aspect here. You don’t want to go deliberately misleading your peers in the industry – in fact, one thing I’m deeply passionate about is improving cooperation among the people on the side of good. Why is this so important? Because bad people have, through innovations of commerce on the dark web, devised a system of cooperation that is shockingly effective. In an environment of inherent distrust (think about it – literally everyone involved is, by definition, untrustworthy), they work together. We’re at a significant disadvantage if we don’t learn to cooperate at least as well!

Secure score in Microsoft Defender ATP

In Microsoft Defender ATP, the secure score is the path to achieving this. Through the top recommendations, we suggest a prioritized list for securing your devices, with a relative ranking of the overall impact to your security posture. We are also exploring ways to provide useful comparisons using this framework.

Secure score in Microsoft Defender ATP

Secure score represents our best recommendations for securing your endpoint devices (among other things). It’s context-aware, driven by your existing configuration and the threats impacting your environment.

But…

One of the questions we’ve been asking is – what should you do if you have not yet purchased or deployed Microsoft Defender ATP in order to compute your secure score? What if you haven’t even deployed Windows 10? What if you don’t know exactly how to configure a given set of features? We thought we should supplement secure score to help people in all these scenarios with the security configuration framework.

The security configuration framework

The security configuration framework is designed to assist with exactly this scenario. We sat down and asked ourselves this question: if we didn’t know anything at all about your environment, what security policies and security controls would we suggest you implement first? We worked with a select group of pilot customers, experts from Microsoft’s engineering team, and the Microsoft sales field to develop this guidance.

Rather than making an itemized list, we grouped recommendations into coherent and discrete groups, which makes it easier for you to see where you stand in terms of your defensive posture. In this initial draft, we have defined 5 discrete levels of security configuration. Mimicking the DEFCON levels used to determine alert state by the United States Armed Forces, lower numbers indicate a higher degree of security hardening:

Security configuration framework levels 5 through 1

  1. Enterprise security – We recommend this configuration as the minimum-security configuration for an enterprise device. Recommendations for this security configuration level are generally straightforward and are designed to be deployable within 30 days.
  2. Enterprise high security – We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls may have an impact to app compatibility, and therefore will often go through an audit-configure-enforce workflow. Recommendations for this level are generally accessible to most organizations and are designed to be deployable within 90 days.
  3. Enterprise VIP security – We recommend this configuration for devices run by an organization with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk (for example, one organization identified users who handle data whose theft would directly and seriously impact their stock price). An organization likely to be targeted by well-funded and sophisticated adversaries should aspire to this configuration. Recommendations for this security configuration level can be complex (for example, removing local admin rights for some organizations can be a long project in and of itself) and can often go beyond 90 days.
  4. DevOps workstation – We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and credential theft attacks that attempt to gain access to servers and systems containing high-value data or where critical business functions could be disrupted. We are still developing this guidance, and will make another announcement as soon as it is ready.
  5. Administrator workstation – Administrators (particularly of identity or security systems) face the highest risk, through data theft, data alteration, or service disruption. We are still developing this guidance, and will make another announcement as soon as it is ready.

How do you choose the configuration that’s best for your organization? If you’re an organization that’s already looking to Windows security baselines to provide advanced levels of security (now also available in preview for Intune), then level 3 incorporates these baselines as the foundation. If you’re earlier in your journey, then you should find level 5 a great starting point and can then balance the enhanced security of higher levels against your application readiness and risk tolerance.

We are releasing this draft version to gather additional feedback from organizations looking to organize their device security hardening program. You can find the draft security configuration framework documentation and provide us feedback at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.

We are eager to gather feedback on how we could make this guidance more useful, and if there are security controls and configurations you feel may be misplaced (or missing)!

 

The post Introducing the security configuration framework: A prioritized guide to hardening Windows 10 appeared first on Microsoft Security.