A recent report on Target indicates it's execution of basic security practices that matters more than security platforms.
More often than not, I see amazing cyber security platforms that have been neutered by poor or nonexistent implementations of properly executed cyber security best practices.
Security platforms cannot defend properly when not configured or deployed properly.
Here are six things that were outlined as contributors to the Target beach:
1) Failure to segment networks
This is simple and surprising to keep seeing over and over again. Use segmentation to separate devices with different security requirements. Next generation firewalls are fast, have lots of ports and switches can do VLANs. Technically this isn't a hurdle, the only excuse is poor execution and oversight.
2) Poor password policy enforcement
Default passwords and passwords stored on disks. Again a relatively easy fix with AD and other solutions we sell along with scanning services.
3) Weak passwords
The reality is that security consultants were able to crack 86 percent of Target's passwords that allowed access to internal networks. Verizon consultants were also able to crack 34% of domain admin account passwords.
Fortunately similar/same solutions to the previous item.
4) Lax patch management
Patch management may be the bane of administrators everywhere. However, there are solutions to help prioritize patching, do scanless vulnerability scans and validate patch levels. We offer several solutions to make this task easier, more timely and focused to where it matters most.
5) Outdated and vulnerable services
Some overlap in solutions with the previous item.
6) Insufficient authentication requirements
Essentially privilege escalation and inadequate authentication. Similar solutions to previous items.
So bottom line:
- Add compartmentalization with segmentation
- Get authentication and credentials under control
- Use better solutions to prioritize and mitigate patch management