Oct 09, 2013

Three Security Controls You Should Be Using

In today's Whiteboard Wednesday, Jane Man, Product Marketing Manager for ControlsInsight, discusses three important security controls that you should be paying attention to.

Implementing and/or hardening your security controls can have a significant effect on your security programs. Jane discusses the three controls that you should be focusing on that can drive your organization's security to the next level.

Read Video Transcript

Hi. Welcome to today's Whiteboard Wednesday. My name is Jane Man and I'm a product marketing manager here at Rapid7. Today I'm going to talk about three security controls that you may not be using. The first one is the enhanced mitigation experience tool kit. It's quite a mouthful. You can call it EMET for short. It's a tool developed by Microsoft to help security professionals enable built-in security controls to add on to Windows. It's free, but is not very widely known. The crux of that is it really allows you to prevent malicious coding execution. That is not only for existing exploit out there in the wild, it can also help you prevent future zero-day exploits. It is such an important control that is highly recommended by industry experts, like the Sands Top 20 Critical Security Controls, Australian, The Estate Top 35 Mitigation Strategies, but nearly 50% of organizations we have surveyed, in a recent study that we did with over 600 organizations, do not know about these controls or don't know if they have these controls enabled on all their machines. Such an easy and free thing to do, and we highly recommend that you deploy this particular control broadly.

The second control I am going to talk to you about is ensuring that admin passwords are unique. Why this is so important is because there has been something called network propagation, and that is when somebody gets hold of a single set of credentials and uses these credentials to move from machine to machine across your network. They can do this by either cracking the password, and there are tools out there on the web that help them to do that, or by using a technique called "pass the head". When they do this, what they're basically looking for is going from machine to machine looking for sensitive information or machines that have access to databases that may hold sensitive information. If you are assuring all your admin passwords, your local administrative passwords on your machines, are unique and not shared, that really limits the impact of any compromise. This is recommended as a top five strategy for mitigating cyber intrusions, but it is not an easy one to implement, which is probably why a lot of organizations don't have it implemented in an automated way. What we've done without any products controls in sight, is we have enabled security professionals to compare hashers across their machines of their local administrative passwords and identify which machines are being affected. If you can identify which machines are affected by this, then we recommend that you disable the local admin account immediately.

The third control that we are going to talk about is hardening your web browser. Why this is is so important is because [we drive by] tech, and are becoming a... growing in prominence, especially since end points are like the new perimeter because users can directly access internet through them. The most fundamental to ensure is that your browser is fully hardened is checking that your latest patches have been applied. Then also include patches for your plug-ins, like Java and Flash, which are great targets of attackers because they are such widely used plug-ins. Making sure that fully patched means that there is less chance of a user going to a malicious website, and the user either downloading something or installing something through the browser without them even knowing it. The second thing you can do is using your URL reputation scanning. A lot of well-known browsers out there, like Microsoft Internet Explorer or Go Crime have this kind of feature built-in, so you can just enable it across all your browsers. If they don't, you can download some third-party extensions out there that do the same job. What this does is it filters out known malicious IP addresses, so there is a lot less chance that your user is going to visit these dangerous sites.

These three controls are what I am going to talk to you about today. All three controls are covered by our Rapid Seven controls and site products. If you want to know more, just visit our website or drop us a line. All three controls, enhance mitigation experience tool kits, ensuring admin passwords are unique, and making sure your browsers are hardened by patching them and enabling your filtering are very important to ensuring security across your network.

Thanks for watching.

ControlsInsight Download

Measure, Analyze, and Improve Your Security Controls with ControlsInsight

Free Trial