www.reliaquest.com
Open in
urlscan Pro
141.193.213.20
Public Scan
Submitted URL: https://email.reliaquest.com/NDM4LUtZSy03ODYAAAGFbYd-L8CPgth07Di4nVPvBdDH9a7-mQ0_3MlMGm0Wceph55llteW-0GdD5T0-4rxSQqfEa1w=
Effective URL: https://www.reliaquest.com/blog/cybersecurity-bad-practices-expanding-on-the-cisa-list/?mkt_tok=NDM4LUtZSy03ODYAAAGFbYd-Lxk...
Submission: On July 05 via api from US — Scanned from DE
Effective URL: https://www.reliaquest.com/blog/cybersecurity-bad-practices-expanding-on-the-cisa-list/?mkt_tok=NDM4LUtZSy03ODYAAAGFbYd-Lxk...
Submission: On July 05 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
GET https://www.reliaquest.com/
<form method="get" id="h_searchform" action="https://www.reliaquest.com/" role="search">
<div class="input-group">
<label for="search" style="display:none;">Search</label>
<input class="field form-control" id="search" name="s" type="text" aria-labelledby="search" placeholder="Type and hit enter ..." autocomplete="off">
<span class="input-group-btn">
<input class="submit btn search_btn" id="searchsubmit" name="submit" type="submit" value="Go">
</span>
</div>
</form><form id="mktoForm_1795" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton {
color: #fff;
border: 1px solid #75ae4c;
padding: 0.4em 1em;
font-size: 1em;
background-color: #99c47c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#99c47c), to(#75ae4c));
background-image: -webkit-linear-gradient(top, #99c47c, #75ae4c);
background-image: -moz-linear-gradient(top, #99c47c, #75ae4c);
background-image: linear-gradient(to bottom, #99c47c, #75ae4c);
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:hover {
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:focus {
outline: none;
border: 1px solid #447f19;
}
.mktoForm .mktoButtonWrap.mktoSimple .mktoButton:active {
background-color: #75ae4c;
background-image: -webkit-gradient(linear, left top, left bottom, from(#75ae4c), to(#99c47c));
background-image: -webkit-linear-gradient(top, #75ae4c, #99c47c);
background-image: -moz-linear-gradient(top, #75ae4c, #99c47c);
background-image: linear-gradient(to bottom, #75ae4c, #99c47c);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;">
<div class="mktoAsterix">*</div>Email
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
aria-required="true" style="width: 150px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="botCheckerHidden" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 10px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoSimple" style="margin-left: 0px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1795"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="438-KYK-786">
</form><form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove"
style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form><form>
<input class="st-default-search-input st-search-set-focus" type="text" value="" placeholder="Search this site" aria-label="Search this site" id="st-overlay-search-input" autocomplete="off" autocorrect="off" autocapitalize="off">
</form>Text Content
SOC Talk: Conversations from the Trenches continues 7/13 with Detection,
Investigation and Response in a Cloud-Based World. Register Today ➞
* Why ReliaQuest?
* Why ReliaQuest We’ve run SOCs. We know the problems. And we’ve got the
solutions.
* Our Approach We solve problems differently to get CISOs the consistent
outcomes they need.
* Customer Stories We are committed to helping our customers strengthen
their security operations.
* Integration Partners Get operational integrations for unified visibility,
detection and response.
* Choose Your Plan ReliaQuest plans created to meet you where you are and
focused on the security outcomes you require.
* Get a Quote Our experts will get in touch with you to review a customized
plan based on your business’s unique challenges, needs, and interests.
* Platform Capabilities
* Reduce Complexity What happens when you get operational integrations
instead of app stores and plug ins? Truly unified visibility.
* Detection, Investigation Response What if you didn’t have to deal with
duplicates and false positives? Find out, with ReliaQuest GreyMatter.
* Force Multiply Security Teams When the mundane and repetitive are managed,
you can focus your team where their expertise matters.
* Continuous Measurement Consistent, business-relevant metrics to drive ROI,
alignment and accelerate your goals.
* GreyMatter Features ReliaQuest GreyMatter is a comprehensive platform
giving you visibility to detect, investigate and respond faster.
* Request a Demo Our security experts will customize a demo based on your
use cases and technologies.
* Solutions
* MDR Security Tailored to Your Needs Don’t limit your security program with
a traditional approach to MDR. Take a strategic approach with ReliaQuest.
* Open XDR EDR, NDR, MDR, XDR, Open XDR…we don’t care what you call it. We
care about making security possible.
* Cloud Security You might have multiple clouds, tools and locations. But
you only need one platform for unified visibility, detection and response.
* Security Automation More of your mind, less of your time. Reduce noise by
89%, speed MTTR and improve analyst quality of life.
* Phishing Automate anti-phishing tasks, freeing up your teams for more
critical tasks.
* Security Operations We help you operationalize security. Any tech stack.
Any size team.
* Threat and Risk Management Stay on top of threats and manage risk with
groundbreaking capabilities in GreyMatter.
* Threat Hunting IOCs got you down? Track them down with threat hunting made
easy in GreyMatter
* Ransomware Ransomware detection is critical to stopping its spread within
an environment.
* Microsoft 365 E5 ReliaQuest GreyMatter provides you with a unified view of
Microsoft 365 E5 and non-Microsoft security tools.
* Company
* About Us We bring our best attitude, energy and effort to everything we
do, every day.
* Careers Security is a team sport. Join our world-class team.
* Avoid and Report Scams
* Events Join us virtual or in-person for engaging conversations from our
industry experts
* In the News Press releases and trending articles to stay in the know.
* Media Coverage
* Press Releases
* Contact Us How can we help you?
* Insights
* Blog From the trendy to the fun to tactical how-tos. Our blog is sure to
have something for you.
* Resources Learn more about security operations best practices, recent
threat research or emerging trends like Open XDR.
* Case Studies
* Data Sheets
* Ebooks
* Guides
* Infographics
* Podcasts
* Research Reports
* Solution Briefs
* Threat Advisories
* Webinars
* White Papers
* Videos
* LATEST BLOG POST
* Security OperationsJuly 1, 2022
MAXIMIZE YOUR SECURITY STACK WITH OPEN XDR
* SOC Talk: Conversations from the Trenches In each of these interactive
discussions, you’ll hear cybersecurity experts and members of
the ReliaQuest Security Operations team discuss challenges, trending
security topics and share solutions for achieving best in class security
operations.
* FEATURED RESOURCES
* Case Studies
Boston Celtics Case Study
* White Papers
The CISO’s Guide to Security Metrics That Matter
* Webinars
SOC Talk: Conversations from the Trenches
*
* Request Demo
Search
--------------------------------------------------------------------------------
SHARE ARTICLE
--------------------------------------------------------------------------------
SIGN UP FOR OUR MONTHLY NEWSLETTER
*
Email
Submit
You are signed up.
Thank you for your submission.
BLOG
CYBERSECURITY BAD PRACTICES: EXPANDING ON THE CISA LIST
In cybersecurity, we all tend to focus on those covetable “best practices.” But
what’s on the other side? The U.S. Cybersecurity and Infrastructure Security
Agency (CISA) got the ball rolling by publishing some cybersecurity “bad
practices,” especially those that relate to protecting critical infrastructure
or national critical functions. Provided below are the three practices listed by
CISA as of October 5, 2021, plus our take.
* Use of unsupported (also known as “end-of-life”) software: The risk inherent
in this practice is that unsupported software no longer receives updates, at
least not on a regular basis. Without a consistent update mechanism, users
will have no means of patching a growing list of software vulnerabilities
uncovered by researchers or exploited by attackers. They’ll therefore be in a
position where they’re exposed to multiple known attack vectors that might
not ever receive a fix.
* Use of known or default passwords and credentials: Most devices ship out with
default passwords, but users don’t always change those credentials once
they’ve deployed them on their networks. That’s an issue, as many devices’
default passwords are published online either in publicly available
documentation or on dark web marketplaces. Attackers can use those resources
to compromise a device for the purpose of stealing a user’s data, gaining
access to the user’s network, or performing other malicious activity.
* Use of single-factor authentication: Data breaches of users’ account
credentials are a common occurrence these days. Such events make plenty of
credentials available to attackers, empowering them to launch credential
stuffing attack campaigns. In the absence of an additional factor of
authentication, those malicious actors can successfully authenticate
themselves on one or more of a victim’s accounts and abuse that access to
conduct identity theft or credit card fraud.
CISA stated that it will continue to add entries into its catalog of bad
practices over time.
Looking to a best-in-class SOC? Check out our ebook >
EXPANDING ON CISA’S CYBERSECURITY BAD PRACTICES LIST
Despite CISA’s assurance, we still thought the list looked a little short as it
currently stands. So, we caught up with Joe Partlow, CTO of ReliaQuest, to get
his take on what we see among our customer base and in the industry as “worst
practices.” We also asked him about the impact those “worst practices” can have
on organizations who follow them as well as how organizations can optimize their
security operations so that they can avoid them.
Our conversation with Joe is replicated below.
Joe Partlow, ReliaQuest CTO
WHAT IS OUR TAKE ON THE CISA LIST?
Unfortunately, most of the time, these critical infrastructure organizations are
at the mercy of their vendors to support newer security controls like
multifactor authentication. The lack of budget, maintenance windows, or other
resources to upgrade these legacy systems is a factor in using old
software/hardware or rotating passwords.
WHY DO YOU THINK CISA FOCUSED IN ON THESE BAD PRACTICES IN PARTICULAR?
This list of bad practices encapsulates some of the most common ones we see in
environments such as these due to the above reasons. They are also some of the
most effective controls against malware or ransomware spreading in an
environment.
WHAT WOULD WE ADD?
Some of the other effective controls I would add are advanced endpoint
detection, ensuring offline backups are kept up to date, and effective
monitoring and alerting of potentially malicious events or misconfigurations.
All these controls also have challenges getting implemented in critical
infrastructure environments, however.
WHAT KINDS OF BAD PRACTICES DO WE SEE IN OUR CUSTOMER BASE (OR THE INDUSTRY)
HERE AT RELIAQUEST?
Most of the bad practices we see are related to over-privileged users or
accounts as well as incomplete monitoring or alerting on events. Poor patching,
asset control, vulnerability management, or backup strategies are also a common
contributor.
WHAT KINDS OF RISKS ARE ASSOCIATED WITH THESE BAD PRACTICES?
All these bad practices could lead to increased downtime, loss of sensitive data
or intellectual property, or in the case of critical infrastructure loss of
life-saving support services and utilities.
WHAT’S BEHIND THESE BAD PRACTICES? WHY ARE THEY THE PROBLEM THAT THEY ARE?
Most of the reasons for these bad practices are a lack of budget or available
time to upgrade the systems or make them redundant. There’s also the reality
that some vendors are not always supporting the necessary modern security
controls in their devices or applications (mostly due to cost and/or
recertification time).
WHAT SECURITY CONTROLS CAN ORGANIZATIONS USE TO ADDRESS THOSE BAD PRACTICES?
Best practice items that can help reduce risks such as ransomware spread
include:
* * Enabling advanced logging for all systems (including cloud assets)
* Creating a watchlist for high-value accounts and hosts
* Removing administrative access for accounts that don’t need it
* Enabling MFA and strong passwords on all accounts
* Enabling and testing offsite backups
* Verifying with legal & leadership necessary cyber insurance policy coverage
* Implementing effective network segmentation
* Installing advanced endpoint protection on all hosts
WHAT CHALLENGES MIGHT THEY FACE ALONG THE WAY?
Budget to add redundant systems or pay for necessary upgrades is one of the most
common reasons along with the inability to take systems down for the necessary
maintenance to be performed. Also, executive buy-in is important to prioritize
implementing secure devices and applications throughout the organization
HOW DOES RELIAQUEST GREYMATTER HELP COMPANIES OVERCOME THOSE CHALLENGES AND
IMPLEMENT THOSE CONTROLS?
GreyMatter helps overcome these challenges by providing a holistic platform to
not only provide incident response and detection for any potential incidents but
also to proactively threat hunt and automate any remediation actions.
Learn more about how GreyMatter can help you avoid cybersecurity’s worst
practices ➞
--------------------------------------------------------------------------------
BY ABBY THURMAN
Abby brings 5 years’ experience in the tech and SaaS industry to her role as
content marketing strategist for ReliaQuest. Based in Salt Lake City, she
graduated with a degree in English from the University of Utah, and when she’s
not working, she’s usually reading, cooking, or hanging out with her husband and
pets.
RELATED ARTICLES
HOW TO ACHIEVE BEST-IN-CLASS SECURITY OPERATIONS
by Ashok Sankar Read More
OVERCOMING FIVE KEY CHALLENGES IN THE WAY OF EFFECTIVE SECURITY OPERATIONS
by Ashok Sankar Read More
THE CIS CONTROLS – AN OVERVIEW OF WHAT THEY ARE AND WHAT’S NEW IN VERSION 8
by Ken Westin Read More
© 2022 ReliaQuest, LLC All Rights Reserved
GET IN TOUCH
* Share on LinkedIn
* Follow us on Twitter
* Follow us on Facebook
* Follow us on Youtube
info@reliaquest.com
(800) 925-2159
777 South Harbour Island Blvd,
Suite 500
Tampa, FL 33602
* Why ReliaQuest?
* Open XDR
* Our Approach
* Why ReliaQuest
* Customer Stories
* Integration Partners
* Choose Your Plan
* Get a Quote
* Platform Capabilities
* Reduce Complexity
* Detection Investigation Response
* Force Multiply Security Teams
* Continuous Measurement
* MDR Security Tailored to Your Needs
* Features
* Request Demo
* Company
* About Us
* Careers
* Events
* Contact Us
* Media Coverage
* Press Releases
* Privacy Policy
* Insights
* Blog
* Resources
* Webinars
* Case Studies
A video is being shown
Close modal window
This site uses cookies to provide you with a more responsive and personalized
service. By using this site, you agree to the storing of cookies on your device
to enhance your site navigation, analyze site usage and enhance our marketing
efforts. For more info, please see our cookie policy located in our privacy
policy.OkPrivacy policy
Close
suggested results
Search this site