Good event log monitoring is an art. Find someone who can create useful alerts and decisions from all the noise that's filling those logs every minute of every day. These people are worth their weight in gold. Pay them appropriately.
5. Segmentation of weaknesses
Almost every company I audit has tons of insecurable legacy systems that should have been removed from the network a decade ago. That's life. Sometimes operations requires that we support very old things. Successful companies segment their old and insecure systems.
Segmentation can be done in myriad ways, including:
- Separate Active Directory forest
- Make all computers standalone (not networked)
- Firewalls, routers, VLANs
The idea is to prevent easy movement of attackers (and configuration badness) between your weakest and strongest environments. Tell management you'll keep those systems around, but as a trade-off, you must be able to keep them separate from your normal assets. If that becomes too difficult, maybe they will get rid of them or upgrade them, as they should have years ago.
When I share these "secrets," I'm often told that the company will refuse to accept it. All such critics see is inconvenience and limited freedom. I'm here to tell you that the employees of companies who have implemented these common-sense measures are happier than most employees I see in other companies. The restrictions result in less compromise, less downtime, less rebuilding, and less blame.
If your organization is getting tired of being hacked all time, consider the lessons you can learn from companies that have done it right.
Sign up for Computerworld eNewsletters.