Cyber Insiders-v8-web - Flipbook - Page 20
How to protect against IAB attacks
Exposed assets are a m ajorrisk to a com pany’s
security and should be configured appropriately.
Ensuring only the essentialassets are exposed and all
security precautions are follow ed is key to m inim ising
the attack surface available to actors.H aving a
properpatch procedure foryourassets w illm ean
yourdevices are keptup to date w hen a vendor
pushes urgentsecurity fixes fortheirproducts.
Since som e vulnerabilities are published as zerodays (unknow n to everyone butthe developerof
the vulnerability),vendors do nothave the luxury of
releasing patches alongside the release ofthe zeroday.Itm ay take the vendordays orw eeks to develop
a fix and this period is w hen threatactors w illbe
m ostactive.
The bestw ay to counterthis is ensuring you have
up to date detections running around the clock,
thatw ay yoursecurity team w illbe alerted to
any anom alous activity.Keeping accurate and
appropriate logging w illalso help yoursecurity team
huntand investigate any suspicious activity.
20
|
Page
Ensure thatyourauthentication policy is currentand
effective i.e.allpassw ords should have a m inim um
length and com plexity,lim itthe num berofpassw ord
attem pts and enable tw o-factorauthentication.
Although this w illnothaltbrute force attacks
com pletely,com bining this w ith appropriate logging
and login detection rules w illhelp yoursecurity team
to stay alert.
C onfigure protective m easures on yourEndpoint
D etection and Response (EDR)orendpointsecurity
application to block unw anted and unknow n files
from running.M icrosoftD efenderforEndpointand
AppLockerboth allow yourIT departm entto control
w hich apps and files can execute.
A w ellconfigured endpointprotection platform or
EDR w illalso help detect,block and quarantine
m alicious files thatare dow nloaded onto the system .
Itis good practice to log telem etry from these tools to
use as a data source forhunting.H aving an up-todate threatintelligence feed can provide up-to-them inute detection of“know n bad” files.
C YBER IN SID ERS M AG AZIN E - Vol.2
