- Get complete visibility of your assets, applications, network and their interaction with users. Threat identification, enforcement of controls and data flow restrictions are must do’s.
- Focus on attack behaviors at multiple stages and create enough opportunities’ to identify attack during all 4 stages: delivery– installation–exploitation–command & control
- Enable prevention techniques for translating intelligence into protections via enterprise security policies. Information like payloads, command & control server locations etc must be identified and enforced.
- Analyze global threats, compile data into intelligence, generate new signatures and deliver the protection rules via Automation.
- Once attacked (and which can easily happen, in spite of best controls in place), accurate and quick mitigation is the key. Preventing outbound communication with attackers for data exfiltration will fail the attack to greater extent.
- All implemented security technologies and process(s) aligned to secure data and environment must be stitched together to share threat intelligence. Correlate all information/logs to get best possible scenario on the attack.
By:- Sapan Talwar