After on-boarding customers, we dig into the specifics of how networks are setup, how laptops are configured, review firewall configurations and scan networks for vulnerabilities.
Often in this stage we begin to encounter holes in the “good” status. Results review issues like features in “higher grade” firewall are not configures, laptops with users having “root” or “admin” access and there was no standard configuration or management for the devices.
These configurations and access levels create significant vulnerabilities. Having the tools in place is not enough, they must be configured to function at the optimum for your environment.
Firewall updates and configurations are critical for the tool to function effectively. We frequently encounter instances that updates are a year overdue and a number of critical updates pending. We will come across instances where laptops are rarely updated. Companies often lack endpoint protection on devices and no monitoring or reporting tools for incident tracking and prevention the loss of data.
Implementation of simple cyber policies for scheduled updates and implementation of monitor endpoint and network services help companies to create a better overall picture of the cyber approach.
Routine scanning of networks can identified a number of vulnerabilities, some as simple as a main office printer at risk due to the devices not updated or configured for security or devices on a network that had default admin credentials. Understanding where the vulnerabilities exist and their remediation helps to create a minimal risk environment.
Being proactive in your apporoach to cyber security provides youeith the piece of mind that your information is secure.
This situation is not unique and is something we see time and time again. We write about this to bring awareness to the very serious issues we find and to high lite the fact that most companies have risk issues like these. The good news is, they are very easy for us to find and help you remediate. So the next time you think you cyber security approach is – Good. Ask your self how you think we might rate it.
1-833-776-DFIR (3347)
James Phillips is one of the founders of MI613 Inc. He brings over 20 years experience involving investigations working with private corporations and government agencies. James dedicates most of his time to conducting network threat evaluations, working on digital forensic projects and cyber breach investigations.