gattin' lols

Ok, this is my last time bringing up thoughts that were originally placed into my head last month. Although, BSides-ATL is right around the corner, so I expect a good couple months worth of material from that event.*

I don’t feel too bad about this post being so late as it’s one of infosec’s oldest, well-known and most disagreed on topics “Given limited resources and a network to protect, where do you focus your efforts?” For an efficiency dork like me this translates to “What can I implement that has the most impact for the least amount of resource utilization?” Without further ado, here are my answers in order of most-effect/least resource heavy.

Patching

This is at the top of my list because, hey, it’s a service provided by vendors (read: FREE.99) and it mitigates most vulnerabilities running in the wild. Even in industries where applying patches is impossible due to sensitive systems, this at least forces you to inventory your most vulnerable systems are allowing you to take further steps (placing devices on a DMZ, monitoring them more closely, etc.) to prevent/detect malicious activity. I’ve heard it said that a patch focused security program forces you to rely too heavily on your vendors, but in a resource restricted environment, I don’t find this to be a deal breaker. Zero day attacks are still extremely rare in the real world (not to mention, basically indefensible anyway), so making sure your network is protected against the common Blaster Worm through aggressive patching nets you a pretty great bang for your buck.

User Education

Another area I believe you can make a large impact with minimal resources is user education. Aggressive patching can help secure you from the most common threats and combining that with smart and savvy users (read: one’s who don’t just click crap because an email told them too) just ices the cake. As you can see, most of my resource deprived program is based on Benny’s old adage about an ounce of prevention. Don’t just fight for the user Tron. Enlist the user and empower them to fight along side you. 

PEOPLE, stupid

Last, but never least, and certainly your number one priority when you can afford it is surrounding yourself with the right people. Good people are priceless, but they definitely will cost you and rightfully so. However, all this talk about SIEM being dead and log management being the suxX0rs, all I have to say is put a badass analyst in front of the console and the value added will be obvious. 

END

Except to say come to BSides.

*At a rate of one post per bi-monthly.