If you strip away the normal marketing noise from the networks giant there are some useful takeaways. Three key ones that struck me:
Not as sexy as AI or Security Automation, but probably a whole lot more effective. The usual mantra of patch patch patch, only with a slight twist. With attackers now more than proficient in reverse engineering vendor released fixes, we all need to patch a whole lot quicker. 30 days is no longer an acceptable window. Try 7. In addition, those low risk patches you’ve been saving for a rainy day – they’re currently being used to survey networks prior to attack, so add them to the list too.
Attackers are winning the battle guys, and we are playing catch-up. To have a chance of getting the upper edge, in the malware space at least, its definitely time to invest in threat intelligence. A case in point, malware nasties like ransomware and spyware phone home as part of their attack routine. If you can block these connections in real time, based on your intelligence feed telling you what to look for, you stand a chance of stopping them in their tracks. It goes without saying that your intelligence feed needs to be integrated with your current security technologies in order to be effective, so shop around for what works for you
Again, old and boring, but nonetheless true. Security is not just a technology problem so don’t just try to fix it with technology solutions. Train your users, put robust processes in place and enhance this with technology controls. Incident Response illustrates this perfectly – you need a well-practised process and well trained staff to respond effectively. If you haven’t done so already, put an IR plan in place now!