Security Dealer & Integrator

AUG 2018

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/1014473

Contents of this Issue

Navigation

Page 22 of 73

August 2018 www.SecurityInfoWatch.com / Security Dealer & Integrator 23 the most common bad actors, oen leading to the eventual installation of a Windows executable file. Targeted: The Healthcare Market At this year's Cyber:Secured Forum in Denver, I had the pleasure of meeting Randall Frietzsche, CISO of Denver Health. I asked him about ransom- ware, given that his industry is a proven prime target, with life-or-death consequences. "Unfortunately, the normal state in our industry does not reflect an all-in- clusive approach to this problem," he admitted. "At Denver Health, we have a very comprehensive and layered approach to the ransomware risk, cou- pled with an active employee educa- tion program and back-up strategy." Frietzsche agreed that past ran- somware attacks prove that certain procedures should be a given, includ- ing continuous patch management, enforced use of strong passwords, multi-factor authentication, and dis- abling unused ports and services. Further, "Defense in Depth" should address the following exposures along the data path: • Perimeter: Scan inbound emails for threats using URL checks, experi- ential content data, and spam profiles. • On the network: Use behav- ioral analytics to identify anomalous or unusual behaviors, analyze for malformed IP packets, and look for incomplete handshakes. • End-points: Consider disabling user ability to be a local administra- tor, as this capability enables a hacker to gain local control and escalate their way into the broader network. Also, use outbound URL filtering to terminate connections to known bad sites. • End-users: Train, test and then train some more. Finally, prepare for the event by having an active backup and recov- ery strategy in place. is can range ComNet is Your Solution for Fiber Optic, Copper and Wireless Transmission The transmission products you choose today will affect how well your network performs tomorrow. ComNet offers the most comprehensive line of products designed to solve every transmission challenge. Your Transmission Challenge has always been Getting Your Audio, Video, Data and Ethernet Signals from Here to There. The Shortest Distance Between Two Points View the Full Product Line at comnet.net and Identify the Fiber Optic, Copper or Wireless Connectivity Solution for your Application Contact the ComNet Design Center Now for Free Design Assistance. Call 1-888-678-9427 or 1-203-796-5300 or email designcenter@comnet.net Visit www.comnet.net Email info@comnet.net Phone 1-203-796-5300 Toll Free 1-888-678-9427 Visit us at ASIS 2018 | Las Vegas, NV | Booth 2859 | 25-27 September Request information: www.SecurityInfoWatch.com/10215705 file changes, which may indicate the occurrence of mass encryption. ■ » Ray Coulombe is Founder and Managing Director of SecuritySpecifiers and the CONSULT Technical Security Symposium. Email him at ray@SecuritySpecifiers. com, contact him through LinkedIn at www.linkedin.com/in/raycoulombe or follow him on Twitter: @RayCoulombe. from off-site tape backups to continu- ous online synchronized backups with anomaly detection that can monitor file change activity. In this regard, I also spoke with Disaster Recovery as a Service (DRaaS) provider Infrascale at the Cyber:Secured Forum and learned that its tool monitors activity for large-scale

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Dealer & Integrator - AUG 2018