As seen on eSecurity Planet...
At last week's Gartner Security Summit in National Harbor, Maryland, Gartner analyst Neil MacDonald outlined 10 cybersecurity projects that could go a long way toward reducing enterprise security risk.
First, though, MacDonald listed 10 things enterprises should already be doing to "make sure you've got the basics right." Those 10 basics are:
MacDonald said his top security projects for CISOs to consider this year are aimed at high business impact and high risk reduction. They came from recommendations from the security community, and a team whittled down the list to 10. He said he doesn't expect enterprises to do all of them, but they might pick one or two that fit their particular needs.
MacDonald recommended privileged account management for root, administrative and highly empowered accounts and monitoring behaviors for unusual access. At a minimum, he said enterprises should at least have multi-factor authentication. He listed the following vendors as those that might be able to help with privileged account management:
MacDonald recommended that enterprises implement a vulnerability management project based on Gartner's CARTA principles (Continuous Adaptive Risk and Trust Assessment) in order to target the vulnerabilities of highest risk. This should be a top priority, he said. Sample vendors include:
An active anti-phishing project includes three aspects: technical controls, end-user training, and process design. Possible vendors include:
Application control, exploit prevention and memory protection can provide the basis for a strong server security strategy. Possible vendors include:
Visibility and control of traffic flows between workloads can stop attacks from spreading, MacDonald said. Potential vendors include:
Detection and response is a critical technology for enterprises that know a breach is inevitable, and MacDonald offered a few possible projects in this area. Vendors include:
EPP + EDR:
MacDonald said some SIEM vendors offer UEBA technology, potentially saving money and vendor complexity for users.
Deception technology can frustrate attackers and make them easier to detect. Vendors include:
Managed detection and response can be a faster route to advanced threat detection and response. MacDonald recommended asking your MSSP for this service to limit the number of vendors you have to deal with. Vendors include:
The goal of the cloud security posture management project is to identify areas of risk in how your public cloud configuration is set up, particularly with a complicated service like AWS. A CASB vendor should ideally offer these services if a company is already working with one, MacDonald said. Vendors include:
He recommended an automated security scanning project for integrating security controls into DevOps-style workflows, beginning with open source software composition analysis. Vendors include:
MacDonald also listed CASB as a separate project for enterprises looking for a control point for visibility and policy-based management of multiple enterprise cloud-based services. He listed the following CASB vendors:
Lastly, he recommended a software-defined perimeter project to reduce surface area of attack by limiting the exposure of digital systems and information to only named sets of external partners, remote workers and contractors. Vendors include:
MacDonald said five of the projects would reduce the financial impact of successful attacks by 80% by 2020 over 2017 levels:
He told attendees they should immediately require stronger authentication for all IT administrative activities, and multi-factor authentication for cloud users too, and begin a free cloud application discovery and risk assessment project.
In the next few months, enterprises should evaluate and deploy risk-prioritized vulnerability assessment and management and automatically scan applications for known vulnerable OSS components.
In the next year, they should evaluate and deploy a deception platform and link it to their SIEM and security operations center; switch to a default deny, application control (whitelisting) model for servers; and initiate a data center microsegmentation project.