National
Cybersecurity Awareness Month (NCSAM) is observed every October to
raise cybersecurity awareness and provide resources to help individuals
and enterprises be safer and more secure online. This year, ExtraHop is joining
NCSAM organizers and security professionals around the world in offering
tips and strategies for enterprise organizations to improve their
security posture across hybrid and cloud workloads. Below are the
company's top five tips for building smarter enterprise security:
- Prevention is a pipe dream: With
global data breaches on the rise, organizations are increasingly
shifting their strategy from protection and prevention at the perimeter
to detection and response in the east-west traffic corridor. According to Gartner,
60% of enterprise information security budgets will be allocated to
rapid detection and response approaches by 2020 - up from less than 10%
in 2014. While prevention still has value as a first line of defense,
cybersecurity leaders should recenter their operations - people,
process, and technology - on reducing dwell time and mitigating damage.
- Get clarity on cloud security: If you're hosting anything in the cloud, it's critical to understand where your cloud service provider's security responsibility ends and
yours begins. Some of the most common threats to cloud security are
home grown and preventable, including misconfiguration, unauthorized
access, and insecure APIs.
- Trust no one - not even your vendors: Enterprises rely on vendors for everything from infrastructure and applications to security. But do you know how vendors use your data?
Ask questions of your vendors to ensure you understand how your data is
being handled, where it's going, and what level of encryption the
vendor uses.
- Put your defenses to the test: To
improve the security posture of your organization and find potential
gaps in your defenses, run red vs. blue exercises. These keep your
security team sharp and help proactively identify your security
vulnerabilities.
- Assume the threats are already inside: According
to M-Trends 2019, the average dwell time of a threat in a corporate
environment is 78 days. Businesses need to invest in the ability to
actively monitor and analyze traffic inside their networks. This is where threats dwell, and right now it's an open field for attackers.
To learn more about the company's cloud-native network detection and response platform, visit https://www.extrahop.com/solutions/security/ and explore the Reveal(x) interactive online demo: https://www.extrahop.com/demo/