Ray Pompon, Director of F5 Labs, explains how you can – and should – protect your organization by securing your apps
Here’s how you can and should protect your organisation by securing your apps:
Use Strong Authentication to Limit Unauthorised Access
Strong authentication should be a pillar of security. Ideally, everyone would use multifactor authentication (MFA), especially for any system that connects to high-value services and data stores. When MFA isn’t feasible, strengthen the use of passwords. At the very least, eliminate the usage of previously exposed passwords.
Practice Regular Monitoring and Logging
With a good logging and review regimen, it’s possible to catch breach attempts in progress before real damage can occur. When reviewing logging capabilities, remember the goal is to be able to determine how an attacker got in and what they did.
Knowing what you have, where it is, what it talks to, and how it is configured is the foundation for all risk decisions, both strategic and tactical. There are plenty of automation tools available to help be sure that they give you the complete picture.
Strategize and Practice Incident Response
No affordable defense is going to keep all the attackers out forever. Plan accordingly with a well-tested, detailed incident response plan. Incident response rests on the pillars of inventory and logging, so make sure those are well-honed.
Apply Crucial Patches
It’s unreasonable to assume that your average enterprise is going to patch everything. The highest priority is closing vulnerabilities with published, weaponised exploits, because even unskilled attackers will be pounding on your systems with these point-and-click attacks.
Enforce Strict Authorisation
Authorisation means taking a hard look at the permissions associated with any credential set. Least privilege should be used, so that users can only do exactly what they need to do. A good middle ground is to implement role-based access and broadly lock down authorised actions based on general job duties such as administrator, developer, office staff, and remote user.
Scan for Vulnerabilities
Vulnerability scanning is useful not only for gaining a “hacker’s eye view” of your systems but it is also a great way to double-check your inventory. Continuous vulnerability scans, preferably weekly, are advisable for both internal and external assets.
Detect and Block Malicious Bot Activity
Many bots can be identified by previously observed, unique patterns that have been encoded into signatures. However, newer and more sophisticated bots require complex scrutiny such as looking for irregular behaviour, illogical client configuration, and inhuman timing of actions.
Conduct Security Awareness Training
The F5 Labs 2018 Phishing and Fraud Report showed that training employees to recognise phishing attempts can reduce their click-through rate on malicious emails, links, and attachments from 33% to 13%.
Use Web Application Firewalls and Antivirus Solutions
WAFs offer a level of application-layer visibility and control that can help mitigate a wide range of the web application threats mentioned above, while antivirus is one of oldest security controls and is still a powerful tool for detecting and stopping malware infections.
Use SSL/TLS Inspection
Malware and phishing sites are increasingly being buried within encrypted SSL/TLS sessions, often using legitimate certificates. This traffic needs to be decrypted, inspected, and sanitized.