In today's rapidly evolving cyber landscape, robust security measures are essential. FalconOps Cybersecurity brings you a comprehensive “quick win” guide outlining free and paid suggestions to bolster your organization's cybersecurity posture.
CISA recently published an extensive guide as a part of their #StopRansomware campaign. This blog seeks to highlight many of the major points that we see in combination with their suggestions. You can find the entire CISA article here.
This security group in Active Directory, introduced in Windows Server 2012 R2, is designed to manage credential exposure and apply automatic, non-configurable protections to member accounts.
Benefits:
More Information: Protected Users Security Group.
Phishing-resistant Multi-Factor Authentication (MFA) employs advanced techniques like biometric authentication and hardware tokens, reducing reliance on human interaction and enhancing security against phishing.
Benefits:
More Information: Phishing-Resistant MFA.
Using separate accounts for administrative tasks and day-to-day work reduces the risk of granting attackers administrative access through phishing or malware.
Benefits:
More Information: Separate User and Admin Accounts.
Windows LAPS is a feature that automatically manages and rotates passwords for local administrator accounts on Azure Active Directory-joined or Windows Server Active Directory-joined devices.
Benefits:
More Information: Windows LAPS Overview.
The ASR rule for Local Security Authority Subsystem Service (LSASS) is designed to prevent credential stealing by locking down LSASS, which authenticates users on a Windows computer.
Benefits:
More Information: ASR Rules Reference.
Credential Guard uses virtualization-based security to protect NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications.
Benefits:
More Information: Credential Guard Overview
External email tagging in Exchange Online marks messages from outside domains, helping users to identify potential phishing or spam emails.
Benefits:
More Information: Exchange Online External Email Tagging.
In Microsoft 365, anti-malware policies can be configured to automatically quarantine messages with attachments known to commonly carry malware.
Benefits:
More Information: Configure Anti-Malware Policies.
DMARC works with SPF and DKIM to authenticate mail senders and improve protection against spoofing and phishing.
Benefits:
More Information: Use DMARC to Validate Email.
Disabling VBA macros in Office files received via email is a security measure to prevent malware and ransomware infections.
Benefits:
More Information: Block Macros from the Internet in Office.
Domain Controllers are prime targets for threat actors, especially ransomware actors. Due to their criticality in administering the network, they should be tightly monitored and secured.
Suggestions:
More Information:
Utilizing strong, unique passwords increases the difficulty of a threat actor being able to successfully guess passwords or crack them if they are able to gather hashes.
Suggestions:
More Information: Use Strong Passwords | CISA
Do not expose highly targeted services, such as remote desktop protocol, FTP, or SMB on the web as these are commonly used by threat actors as initial access vectors. Essentially, if it is not absolutely critical for the service to be externally facing, restrict all access.
Benefits:
To identify and address vulnerabilities quickly, you should be conducting regular vulnerability scans from both an internal and external perspective. If you are a government or public entity, you can utilize the Cyber Hygiene Service from CISA to do this against your external networks FOR FREE.
Benefits:
More Information: https://www.cisa.gov/cyber-hygiene-services
SMB is essential to any internal network, but is also highly abused if not configured properly. Below are a few suggestions that will make it increasingly more difficult for threat actors to utilize.
Suggestions:
EDR is one of the most effective ways to stop and contain threats. We cannot emphasize enough how important it is to implement an EDR solution to ALL endpoints (workstations and servers) in your environment. If you only take one thing from this blog, it should be to do this.
While not free by any means, implementing a quality EDR (CrowdStrike, SentinelOne, Microsoft Defender for Office 365, etc) will give you an immense advantage against threat actors.
We would love to help you do this at a cost-effective price. Contact us to learn more.
Combining these free suggestions will ensure that your environment deters any threat actor, while also making it more difficult for a threat actor to move laterally. While some powerful cybersecurity measures require investment, numerous effective strategies can be implemented at no cost.
FalconOps Cybersecurity is dedicated to guiding you through the complexities of cybersecurity, ensuring your organization's digital safety. For personalized security assessments, consultations, and assistance in implementing these measures, do not hesitate to reach out to us.