When we open Pandor's Box and look inside at these horrific possibilities, we all wrap our arms around and hold tight to our bias's. Some might call it wishful thinking. In any case, it's disastrous. Resist the temptation.
In the event of a catastrophic ransomware attack how will you recover workstations? Do you have the capability to manufacture and deploy CD's or DVD's with critical business software applications and links to business critical applications? Where will you get them?
PRO TIP: The big box stores will not function as your supply chain for this.
Do you have a Mimikatz defense plan? An enterprise password manager could be a massive risk mitigation play for Mimikatz defense planning. It's no silver bullet but it's cost effective and provides real risk mitigation value.
Great Mimikatz Info
Do you have a few trusted technical folks, maintaining an offline Domain Controller on a laptop? Synchronizing at random (never any two on the network at one time), storing in a secured location? This will be an absolute lifesaver - and talk about cost effective.
Do you have a plan to migrate from your current SIEM to a SOAR?
PRO TIP: Integrate this into your Network Access Control [802.1x] planning.
Do you have a DNS Firewall capability that is monitoring the trusted interfaces on all points of egress from your Enterprise Network?
No time like the present!
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
Our biggest adversary will, unfortunately be ourselves: our preconceived notions, our sacred cows, human weakness, our misunderstood biases.
Robert Greene, wrote a fascinating book, "The Rules of Human Nature".
If you are a serious Cyber Security Practitioner on the way to the "C Suite" you owe it to yourself to read and heed the advise in this seminal work.
Excellent Executive Summary