Perimeter defenses of various IT environments continue to be undercut by social engineering, insider threats and other difficult-to-defend attack vectors. Nowadays, greater focus is now being placed on threat detection and response, and work toward the holistic improvement of an incident response strategy.
To that end, here are four best practices that any business can start taking right away:
1. Log Workstation Data
By workstation, we mean any business computer, laptop or endpoint that belongs to the organization and can act as a point of network access. This doesn’t necessarily mean you have to go out and purchase a SIEM. There are intuitive, affordable and easy-to-deploy solutions, that allow IT staff to determine the extent of their workstation data logging, and also the extent of information and events being shared with administrators.
2. Get Real-time, Active Protection
Active protection that continually runs in the background and helps to identify and block cyberthreats in real time is a critical component of threat detection and incident response. This doesn’t occlude the need for a bidirectional firewall, but rather, it assists it by quietly monitoring files that are executed by users. In this way, it helps to identify and block malware that may be accidentally introduced by clicking on a malicious link or running an infected macro.
3. Use Application Control
Speaking of executables, anti-executable software allows you to build a