5 steps to building a security practice

by |

Security Practice
Security Practice

The majority of my colleagues running a security practice ended up there by accident. Most of them inherited a security role through necessity or promotion and only a few choose a security career. Either way, we are special people that don’t see daylight much. Most IT administrators that are promoted to IT managers, end up responsible for IT security without formal training. This can be a huge learning curve, so hopefully this guide will help.

If you are trying to build a security practice, or you’ve just inherited one, these are the fundamentals core components you need to get right. You need to find a good team and keep them ! Once you have a team then you need to start working on the basics. Find what assets you have and apply the latest security updates.

1) Asset Management

The core of every good security practice is assets management. You need an up-to-date inventory of all your equipment to know what to patch and when. To gain control of all your IT assets you first need to know what you have. Matrix42 Asset Management provides you with a central inventory of all your equipment to easily identify and allocate IT assets. The highlights include:

  • Make better decisions about repairing or replacing equipment.
  • Eliminate risks associated with not managing your IT assets.
  • Manage your laptop and tablet pools and help predict hardware attrition rates.
  • Produce accurate hardware asset reports to help finance accurately calculate tax depreciation.
  • Maintains a list of assets used by your Patch Management System to deploy security updates.

If you have an accurate list of all your equipment then it’s easier to deploy the latest security updates.

2) Patch Management

A key component of patch management is the import and evaluation of information regarding both security issues and patch release. You need to know which security patches and software updates are relevant to your environment. Matrix42 Patch Management provides a mechanism to interrogate your asset management data, so you can target the computers for a software audit and identify computers that need patching.
Once you know which computers require software updates just patch them all. Not so fast. So to effectively manage patches you need a comprehensive solution like Matrix42 Patch Management. It supports :

  1. Patch Groups : This allows you to setup groups that will receive patches at different intervals. Deploying new patches to a subset of computers allows you to test them before deploying to the rest of the organisation. As a result this greatly reduces the impact of bad patches on an organisation and will save hundreds of hours of productivity throughout the year.
  2. Patch Testing : If a patch fails to be deployed to a subset of computers, it will not be automatically deployed to the who organisation, until the issue is resolved.
  3. Patch Scheduling : Several scheduling guidelines and plans should exist in a comprehensive patch management program, so you can apply security patches at different times to standard application updates. Scheduling also allows you to patch critical servers out of normal business hours while ensuring zero user impact.
  4. Audit and Assessment : Regular audit and assessment help gauge the success and extent of patch management efforts. In this phase of the patch management program, you are essentially trying to answer two questions:
  • What systems need to be patched for a given vulnerability or bug?
  • Are the systems that are supposed to be updated actually patched?

3) Unified Endpoint Management

You need to be able to manage all your laptops, tablets and mobile devices from one central location, through a single pane of glass. Matrix42 Unified Endpoint Management is the integration of Client Lifecycle Management (CLM), Mobile Device Management (MDM) and Enterprise Mobility Management (EMM), into one holistic solution. Hybrid devices like the Microsoft Surface Pro are difficult to classify, and therefore challenge the ‘status quo when it comes to deciding whether to manage them with CLM, MDM or EMM. With Matrix42 UEM you can decide how you want devices managed on a user-by-user basis. It is essential to be able to configure local security policies and remotely wipe a stolen devices. In addition to the many security benefits, you can also perform essential CLM tasks like installing new operating systems, installing apps, backup and recovery of user settings, and managing the entire device lifecycle.

4) Identity Management and Access Control

Many security penetration testers will tell you the simplest attack method for moving laterally through a network is compromising a privileged account. The best ways to protect against this are:

  • Remove local admin privileges from standard users
  • Monitor the use of privileged accounts
  • Use an iDaaS and SSO service like MyWorkspace by Matrix42

MyWorkspace instantly removes access from all your SSO applications, when an account is disabled or deleted, drastically reducing the time to remove privileges from each and every service.

5) End Point Protection (anti-virus, anti-malware)

You have mitigated the majority of known vulnerabilities by updating your asset inventory, implementing a patch management plan and applying all the relevant security updates. What about the unknown zero-day vulnerabilities ?
Finally you need to deploy and Antivirus and Anti malware product like Avira Antivirus Pro – Business Edition that offers :

  1. Real-Time Threat Prevention
    Signature-based detection, heuristic analysis and cloud-based scanning
  2. Enhanced Network Drive Protection
    Prevent ransomware and malware from being spread via your internal network or cloud storage solution.
  3. Advanced Web Protection
    Protect against infected websites, phishing scams and drive-by downloads.

” Avira Antivirus Pro – Business Edition is simple yet sophisticated security, ideal for small and medium businesses “

These 5 simple steps are very effective at stopping known and unknown vulnerabilities, while improving productivity for your users. You need to manage these core competencies before you start layering more sophisticated security. We are continually expanding our security portfolio so please let us know your security requirements.

Leave a Reply

Your email address will not be published.