So, it happened again, another high profile retailer
has been breached and the community is up in arms. The fact of the matter is
that unfortunately no matter what we do, no matter how hard IT teams work,
breaches will continue to happen. As security evolves so do hackers, it’s a vicious
cycle that can never really be won. Given that less than optimistic outlook,
the key to securing your endpoints and servers is to first build strong
defenses against advanced malware, hackers and persistent threats and then to
put in place advanced monitoring and forensics to help organizations identify
and quickly mitigate risks when breaches do occur… because they will.
There is a reason that NFL coaches film and review
every game throughout the season, they want to be able to catch any bad habits
or threats and rectify them immediately; organizations need to do the
same. Visibility is the only way to really stay on top of the security game.
After the first of the high profile retail data
breaches that we’ve seen flooding the news lately, ESG Senior Principal
Analyst, Jon Oltsik, came out with a powerful article containing potential prevention and mitigation
strategies related to detection and prevention.
Jon Oltsik, Senior Principal Analyst for ESG:
The Target Breach…
Target used some type of application controls (from Bit9, Kaspersky, McAfee, Viewfinity, etc.)… it may have had a better
Understanding the tactics outlined in Oltsik’s
article, including advanced detection and prevention techniques, like those
offered by the Viewfinity Application Control solution, may be the key to an
optimized security strategy. Retailers in particular need to understand that
POS machines are no different than any other endpoint, they allow access to
networks and hold sensitive data, and they need to be treated as such.
Also, the SANS Institute recommends a series of Quick Wins
and Top Security Controls
to help organizations gain footing while implementing stronger security
strategies. These tactics are essentially what the SANS Institute regards as
the most easily implementable and important steps that organizations can take
to get the most bang for their IT security buck. Again, included in these
primary security measures are items like application whitelisting, controlling
user privileges, and monitoring of systems to help protect against advanced
malware and targeted attacks.
And oh by the way… in case you still weren’t convinced
yet, employing a next generation application control solution, like that of
Viewfinity, can save companies some money too. With the added layers of
protection you'll be putting in place, you'll have a proven risk management
solution for mitigating security incidents and/or data breaches which should decrease
the premiums that organizations pay for data breach/cyber risk insurance.
Application control, reinforced with least privileges,
and a continuous monitoring and forensics process will help fortify your
more here to find out how your
company can being implementing the next generation of IT security, today.