X-Industry

If you ever have the good fortune to be leaving your office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you are away?  Equally important is do you have the right action plan in place for a happy vacation?  As its name indicates, security validation is a process or a technology that validates assumptions made about the actual security posture of a given environment, structure, or infrastructure.[1]

In the digital world, there are many defensive cybersecurity tools, each providing specific services aimed at protecting the virtual infrastructure from attacks by malware or any kind of infection from viruses.  The combined actions of these defensive tools and the environment’s architecture security controls provide the infrastructure with overall security, also known as security posture.

To draw a parallel with what happens in the physical world, it is like securing your house against potential intruders or against viruses hitching a ride on otherwise welcome visitors.  Whether you are leaving or returning to your office, our Security Validation Checklist can help make sure your security posture is in good shape.

1. Check the logs and security events of your key critical systems. Stay up-to-date on recent activities.  Check for changes, attempted changes and any potential indicators of compromise.  Planning to be gone for longer than a week?  Designate a team member to perform a weekly review in your absence, reducing the chances of a critical event going undetected.
2. Check for any new security vulnerabilities that were identified on your vacation. Use your preferred scanning tool or check one of the regularly updated databases, such as CVE Details.
3. Investigate failures of critical components and the reasons behind them. If remediation is needed, create an action plan to address the immediate issues and prevent repeated failures in the future.
4. Review whether there were any key changes to your products and their corresponding security controls. While now is not the time to implement major changes to your EDR, SIEM system, or other corresponding solutions, do make sure you are aware of any updates that were made in your absence.  Once you are back and able to monitor the impact on your overall security posture, you can make larger-scale changes to your controls.
5. Check with HR for any relevant changes. Did any new employees join the company and need/request access to specific systems?  Did any employees leave and need their credentials revoked?  Were there any other incidents or red flags that would require your attention?
6. Note any new business orientations. Did the organization introduce any new services or products that expanded the potential attack surface?  For instance, did a new website or mobile app go live, or was a new version of a software product rolled out?  Make sure your team is up to speed on the latest changes.
7. Check your password policies. Password policies should not be dependent on your vacation status, but as you work through this security checklist, take the opportunity to make sure policies are appropriately protecting the organization.  Consider reviewing length, complexity, and special character requirements, as well as expiration and re-use policies.
8. Review firewall configurations. With many security experts recommending a review of firewall configurations every three to six months, now is an opportune time for an audit.  Review network traffic filtering rules, configuration parameters, and authorized administrators among other configurations to make sure you're using the appropriate configurations.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization, and this analyst does not necessarily agree with the above analysis.  But we all see things different.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

• Reporting: https://www. redskyalliance. org/
• Website: https://www. wapacklabs. com/
• LinkedIn: https://www. linkedin. com/company/64265941 

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989   

[1] https://thehackernews.com/2022/08/a-cisos-ultimate-security-validation.html