The adage “Everything old is new again,” rings true in the cybersecurity industry as much as anywhere else. Some of the best practices from old-school network security still apply to modern virtual server or containerized environments.
Even though hackers are becoming increasingly sophisticated with their attacks, applying some of these oldies but goodies to your arsenal could help reduce the risk of a security incident or breach.
Here are a few security best practices that stand the test of time.
1. From Server Monitoring to Cloud Infrastructure Monitoring
Container technology is essentially a modern version of multiprocessor Unix operating systems from decades ago, running processes in isolation from the rest of the operating environment. While a network security professional in the 80s or 90s spent a lot of time monitoring bare metal servers, today, they’re monitoring hosted, cloud infrastructure.
Many of the same principles still apply, but to a different level of the technology stack. For example, if a server was once quiet and then started doing huge file transfers, that action would be flagged as a suspicious behavior.
Today, behavioral analytics are much more sophisticated, helping organizations gain visibility against much more complex, evolving infrastructure. Host-based detection and container-level monitoring is now necessary to make sure that suspicious activity is identified and quickly remediated across the cloud infrastructure environment.
There are several, key differences between on-prem and virtual server monitoring, including monitoring the infrastructure control plane, but the need to keep a watchful eye remains.
2. Least Privilege is (Still) Best
The principle of least privilege is nothing new. In fact, it was introduced in a 1975 paper from the University of Virginia Department of Computer Science. The paper states:
“Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error. It also reduces the number of potential interactions among privileged programs to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur.”
Today, role-based access control (RBAC) can help assign privilege based on the role of the user in a system. A good, automated RBAC practice can handle the complexities that arise due to mutually exclusive roles or role hierarchies. What’s more, rotating or temporary credentials can provide a more secure alternative to permanent privileged access.
3. Patching and Vulnerability Management
It’s a tale as old as computer security time: A new vulnerability arises, and a vendor issues a patch to repair it. Microsoft’s now-infamous “Patch Tuesday” was created to provide some regularity to the issuance of patches.
Today, the sheer scale of patching needs creates a lot of anxiety on teams. It’s an easy task to put off, but one that’s consistently exploited, as evidenced by the massive Equifax breach.
According to the 2017 Verizon Data Breach Investigations Report, companies aren’t patching with nearly enough regularity, giving attackers plenty of time to exploit vulnerabilities that are months (or even years) old. To catch vulnerabilities before cybercriminals do, your organization’s approach to patching should be automated, standardized, and resilient enough to withstand automatic software updates.
Assess Your Maturity
Getting a handle on modern infrastructure security isn’t easy, but applying some of these time-tested tips can help keep your organization safe. If you’re looking to evaluate how your team is doing with cloud infrastructure security best practices at present, complete our Cloud SecOps Maturity Assessment, and get some specific recommendations for improving automation and security at scale.