CybersecurityMicrosoft

How to Protect Your System Against Internal and External Threats

By September 6, 2017 No Comments

“This [course] is going to harden our system, because one of the big problems that we run into, is any time that we’re looking at threats, we forget the number one threat to our company, which is internal employees.”

With the average cost of a data breach in 2016 was $3.62 million according to an IBM study, cybersecurity should be front-and-center for IT professionals of any size company. And few things are as frustrating as realizing your biggest, most unpredictable security threat is on your payroll. Insider threats are insidious and notoriously difficult to monitor, track, and target. Internal employees and contractors are involved in close to 60% of system attacks, whether they mean to or not, according to an IBM study.

Data threats are coming more from the guy in the cubicle next to you than a hooded figure with a matrix background. Despite all the data that predicts the high likelihood of a cybersecurity threat from within, only 21% of IT managers rank this as a top concern. Data loss was one of the top three even considering that insider jobs are the #1 reason for data loss. As your company continues to grow, so does the risk of a cybersecurity disaster at the hands off a disgruntled, vengeful, or clueless employee.

To arm you against this, we’ve developed and launched a new course to address this giant, vindictive elephant in the room. Doug Bassett’s newest vBlog outlines how to harden your system against both external and internal threats:

 

Don’t let internal or external threats compromise your system, especially without a plan of attack! Prepare your team to monitor for threats, set up notification systems, and a develop a contingency plan. You don’t have to do this alone, join this upcoming class and follow Doug’s instructions. See you in class!

The Complete Guide of Reasons Why Your Users Will SCREW UP Your Network Security

Transcript from the video:

Hello everyone! Doug Bassett, senior technical instructor here at StormWind Studios, and we’re under attack! Not just StormWind, but pretty much everybody in the world. If you go up to map.norsecorp.com, we have a realtime attack graphic, that shows the attacks that are going on right this very second. If you go over here, you’ll notice the attack origins. Right now, the US is real popular for sending out these attacks. China is number two. Then for some reason, The Netherlands is number three.

Let’s look at the attack targets. Right now, the primary target is the US, but also UAE, Spain, Singapore are getting attacked. Now these are external attacks. In most cases, we have pretty much hardened ourselves against these external attacks, or at least we hope we have. But I am very happy to announce a brand new course by StormWind Studios named Securing Windows Server 2016, which maps to Microsoft Exam 70-744.

This is going to harden your systems. One of the big problems that [IT professionals] run into anytime that [they’re] looking at threats, [they] forget the number one threat to [their] company. Internal employees. It could be that we have internal employees that are maybe a little disgruntled. Or maybe, they’re just tourists wandering around. Or they delete stuff that they shouldn’t delete, because we haven’t assigned them the appropriate permission. Or we have administrative accounts that have been compromised. Maybe we used an easy-to-guess password, or we used the same password and username on several different websites. Or maybe we got shoulder surfed, or something like that.

So in this particular course, we’re going to be doing lots of cool things. We’re going to be starting off, by looking at what an attack is like, and we can detect these attacks. We’re going to be using system’s internals tools. We’ll also talk about “assumed breach”.

This is the new philosophy behind hardening our systems. We are assuming that our network infrastructure is penetrated. We are assuming, that our servers are penetrated. We are assuming that our administrative level accounts are penetrated. The consoles that we use to try and do our administrative tasks, they have been compromised.

This course is hardening all the stuff, assuming that we’ve already been breached. That way if:

  • somebody comes in and has compromised credentials,
  • somebody comes in and has the ability to run certain PowerShell commands,
  • somebody comes in and can exfiltrate information,

we can secure our systems, to minimize the damage, and know what’s happening. So we’re gonna be starting off looking at what an attack looks like and assuming breach. We’ll talk about server hardening solutions. We’ll get into securing our Hyper-V, and our Infrastructure Virtualization Environment. We’ll look at our Network Infrastructure.

We’ll talk about privileged identities. [Privileged identities involve having] have our administrators, and the groups that they belong to, in a completely separate forest. Then they’ll manage and do attacks within the production forest. That way, local administrators are not going to be able to go in and do any type of attacks on privileged accounts. We’re going to be using things like “just-in-time administration”, and “just-enough administration.” [Administrators will] only access that production environment for a very short period of time. [They will] have definitely defined resources and actions that they can take, as part of their administrative duties.

We’re also going to be talking about “Threat Detection Solutions” that work automatically. [These solutions] will go in and memorize how your system operates. Then, if all-of-a-sudden a user account starts doing stuff that’s not normal, it’s going to notify us about it.

Then we’re going to go into “workload-specific security.” We’ll go in and examine things like, [needing] to lock down an administrative console. [We’ll] have an administrative console and a user console, and [we’ll] have to know the relationship between them.

So it is a very, very exciting time to announce this particular class, because this is something that we really need to be on top of! So very, very important. I hope to see you really soon in our 70-744 class. It is a great class. Lots, and lots of demos. Lots of good resources for you, and  I hope to see you in that class real soon!

Want to attend this course?