After analyzing recommended controls from many highly regarded best practices lists (Council on CyberSecurity Top 20, ASD Top 35, etc.), our experts mapped out the top 7 controls that organizations should focus on first. In this week’s webcast, Jane Man, Product Marketing Manager at Rapid7, and Roy Hodgman, Senior Security Engineer at Rapid7, gave us the low down on what the top 7 security controls are and why, as well as tips on how to successfully implement them. It’s important to make sure you’ve nailed down the highlighted controls from this webcast, "Get it Under Control: Top 7 Security Controls to Focus On," in order to build a strong foundation for your security programs and infrastructures. Read on to learn the top takeaways from this webinar:
- Deploy, Test, Monitor – Whether you're just starting to develop a security program, or your infrastructure is already mature, the top controls should be deployed, tested, and monitored to make sure you're getting the basics right. It's critical to nail down the basics, because as evidenced by the many high profile breaches this past year, the weaknesses that get exploited are consistently surprisingly simple. Failure to execute seemingly elemental controls (like giving secure credentials to 3rd party vendors, patching windows operating systems and application vulnerabilities, and proper network segmentation) was the downfall for many large organizations. Fixing these weaknesses isn't the end all be all, but having them in place makes it harder for attackers, which gives security professionals a much greater chance of catching a breach before damage is done.
- Let automation be your salvation! – Deploying, testing, and monitoring controls is far from a check-the-box-once-and-done task. Security professionals should never shy away from implementing automation wherever possible. When processes are automated you're more likely to keep up with your job and catch gaps as soon as possible. The longer a gap is out there, the greater the likelihood of an attacker finding your weakness and exploiting it. Leverage automation so that time you have previously used on manual tasks is freed up for other important projects and to ensure security is as strong as possible.
- Continuous Management – To make sure you have a strong defense against threats, you cannot let your controls degrade. It's crucial to continuously test controls to make sure they are up to date and still effective. Organizations are constantly facing change - adding people, assets, segments, and more - so it's key to maintain your controls so that they adapt along with your changing network presence.
These top takeaways only scratch the surface of the excellent tips from this webinar. To learn more about what the Top 7 Security Controls are and how to implement them, view the on-demand webinar today and/or check out the Top 7 Security Controls companion quick guide.