Vigilance 101: The Sysadmin’s Threat Detection Checklist

Vigilance 101: The Sysadmin's Threat Detection Checklist

Photo by Alexas_Fotos on Pixabay

I’d like to kick off this piece with a simple question. Are a locked door and a closed window enough to deter a thief? You already know the answer to that one, I’ll wager – the criminal will just wait until no one’s around and break the window or kick down the door.

Why, then, are there so many of us who persist in thinking that hardened software and data are enough to deter cybercriminals?

Mind you, I’m not trying to downplay the importance of proper security. Quite the contrary, really – you need stuff like mobile device management, file encryption, firewalls, and access controls. But you also need to do more than that, too.

You need to take an active role in protecting your organization from the people who’d target it – an active role in monitoring for, detecting, and mitigating threats. That’s what we’re here to talk about today. I’m going to provide you with a handy little checklist that covers pretty much everything you’ll need to consider from a threat detection standpoint.

The rest is up to you:

  • Endpoint Integrity. Thanks to mobility and the Internet of Things, the attack surface for your business is now larger than ever. You need to make use of on-device agents to keep an eye on the various endpoints in your business, monitoring them for any unusual state, configuration, or behavioral changes that may indicate they are compromised. More importantly, you need a system that allows you to immediately cut off an endpoint that is compromised.
  • Network Monitoring. Network-based attacks such as DDoS, data modification, and IP Address Spoofing are always going to be an issue, no matter the size of your organization. An automated traffic monitoring solution will help you catch many of these attacks before they compromise your data. A DDOS mitigation appliance is also a must.
  • Application Scanning. Many consumer SaaS applications are highly insecure, and could either leak critical data or outright compromise the employees who are using them. When selecting a mobile device management platform, choose one with mobile application management and app containerization features. The benefits of this are twofold – you’ll be able to identify and detect malicious applications, and wall off sensitive apps from anything that might compromise them. You also need malware detection tools capable of scanning all your systems.
  • Penetration Testing. No matter how good your security team is, you’ll always benefit from bringing in a third party. There are a number of professional cybersecurity consulting firms and penetration testers on the market who will simulate attacks against your network and notify you of any vulnerabilities they detect. Better they find those weaknesses than someone with a mind to exploit them.
  • Employee Activities. How educated are your employees? How satisfied are they with their work? While it’s probably not a great idea to watch their every move like a hawk, you should be able to monitor access records and behavior on company devices – this will help you determine when someone may have accidentally caused a breach, and also track down potential malicious insiders.
  • Email Antispam. Email remains one of the most significant malware delivery mechanisms on the web. Antispam tools are a must – there’s little else to be said here.
  • Web Filtering. You can’t always trust people to practice safe browsing, especially when all it takes is a single click for a system to become compromised. Web filtering software should be a must on every company device, including ad blockers and script blockers.

Securing your systems is really just the first step in protecting your business from digital attack. If you’re not consistently monitoring your networks, endpoints, and employees, you’re at risk. After all, you wouldn’t trust a locked door to prevent a physical attacker from breaking in – you’d install a security system with cameras and alarms, as well.

Matthew Davis is a technical writer and Linux geek for Future Hosting.

Dedicated Server Special

Take advantage of our Double RAM offer on the E3-1230v2 4 x 3.30GHz+HT server! Only $134.95 per month. Managed and Unmanaged options available at checkout.