The other weekend, as I was out grocery shopping, I saw my favorite local Mexican restaurant with their doors propped open as they deep cleaned their restaurant. Its staff was preparing for reopening.
It got me thinking. One of the biggest complaints I have had and heard as a security professional — never having the time to do the needed maintenance to systems. This could be one of the few times (hopefully) in our career that we have time to do a reset.
A big challenge in modern vulnerability management is that there are some assets that we never really get around to maintaining and patching. Wireless networks are ubiquitous. But you can’t patch them if someone is using them, and someone is always using them.
While we prepare for the future and potentially returning to our offices, here is a list of things you and your teams should look at “deep cleaning”.
One of the most important things you can do is to get a good understanding of what is actually live on your network. For your internal network, I suggest looking at Rumble Network Discovery by HD More and for your external network, look at Intrigue from Jonathan Cran.
Infrastructure Patch and Update
Now is probably a good time to take some time and try to get back to the office before everyone else and update those devices that are always in use or hard to patch when people are in the office. An example list looks like:
- Firewall and VPN Hardware
- Wireless Network APs and Controllers
- Printers & Copiers
- ILO and Server Firmware
- Other IoT Devices (Why not patch the coffee machine in the break room?)
After you get everything patched it is a good time to review your centralized logging systems and make sure you are getting all the logs you may need. If you don’t have a centralized logging system I recommend looking at Wazuh which is based on OSSec and uses ELK.
Client Security Tools & Settings
While you are deep cleaning don’t neglect your client systems and take care of them.
- Enable & Update AV
- Audit & Disable Unneeded Local User Accounts
- Remove Unneeded Programs
- Give your Macs and Windows 10 devices a tune-up
It is also a really good time to think about doing some “deep patching” of your endpoint systems. As pointed out in the recent Kenna Security research, most organizations should spend some time concentrating on patching non-OS software that includes Adobe Reader, Flash, and Oracle Java.
If you have completed the above, I suggest that you take the time and look at deploying OSQuery on your network. It is quickly becoming the go-to tool for security professionals in 2020.
It is probably a good time to really understand Zero Trust and I suggest picking up Zero Trust Networks: Building Secure Systems in Untrusted Networks that will give you a deep understanding of what Zero Trust is and isn’t.
Regular system maintenance often seems like a pipe dream for us in the security industry, frequently pushed off as we focus our attention on more pressing matters. Now as systems, applications, and devices potentially go unused, it’s the perfect time to take some time and reset. Who knows when you’ll have the chance next?
To hear more about my thoughts on security and vulnerability management in this “new normal,” watch my discussion with Kenna’s very own Head of Research Jonathan Cran and Kyle Ruddock, Cybersecurity Services Manager at CNO Financial Group.