These recommendations made by Secureworks incident responders in 2023 reflect the main threats that face Secureworks customers. Key to these recommendations is regular vulnerability scanning to identify and reduce the external attack surface. This is a key component of defending against scan-and-exploit attacks.
Review the Security Bingo Card for tips on how you can prevent or reduce the impact of post-intrusion ransomware attacks, such as implementing IP address allow lists, segmenting networks, improving backup strategies, and removing generic accounts.
Top 20 Cybersecurity Strategies from Incident Response Experts
Read More on Incident Response Trends
Identify gaps in your security strategy.
CAN YOU COVER YOUR CARD?
Improve backup strategies and
procedures
Implement phishing-proof multi-factor authentication (MFA)
Block
inbound RDP from the Internet
Conduct regular
vulnerability scans
Monitor for spoofed domains
Implement IP allow lists
Establish network segmentation
Limit mail forwarding
functionality
Restrict
USB access
Rebuild
hosts from known-clean backups
Remove default/generic accounts
Implement controlled folder access
Audit
internet-facing web systems and content
Implement DKIM & SPF authentication
Implement application allow lists
Implement an extended detection and response (XDR) solution
Update, patch systems & software
Block outbound FTP connections
Document security configuration standards
Apply the principle of least privilege to account access
BINGO CARD
Helps to identify the points of weakness in your system(s), and aid in reducing the attack surface criminals might exploit.
Conduct regular vulnerability scans
Attackers use typosquatting to impersonate victims’ domain names to convince the recipient of a phishing email that the message is legitimate.
Monitor for spoofed domains
These lists, when applied to perimeter network devices, allow access to selected IP addresses while blocking all others.
Implement IP allow lists
This makes it harder for adversaries to move laterally, allowing only legitimate, authenticated access to your critical information.
Establish network segmentation
This helps prevent attackers from doing the same and forwarding email to obtain sensitive data.
Limit mail forwarding functionality
An immutable backup is one that cannot be altered in any way. This is the gold standard for resilience against ransomware.
Improve backup strategies and procedures
This limits the usage of portable devices to decrease the risk of data loss and reduce exposure to network-based attacks.
Restrict USB access
Utilizing technologies and practices for restoring host operating systems from a gold image to ensure that it is current and secure is critical.
Rebuild hosts from known-clean backups
Default/generic account credentials can be used to anonymously access and extract your organization’s most critical data.
Remove default/generic accounts
This adds a secondary means of authentication to traditional usernames and passwords, which can be easily guessed.
Implement multi-factor authentication (MFA)
Controlled folder access is a Windows setting that helps to protect valuable data from malicious apps and threats, such as ransomware.
Implement controlled folder access
Reliable web security audits list all known vulnerabilities and misconfigurations in the IT infrastructure and enable businesses to proactively resolve them.
Audit internet-facing web systems and content
If Remote Desktop Protocol (RDP) present on Internet-facing systems, is also convenient for attackers to compromise those systems.
Block inbound RDP from the internet
These methods help protect against spoofed phishing emails.
Implement DKIM & SPF authentication
These are lists of allowed applications and application components designed to prevent the execution of unauthorized and malicious programs.
Implement application allow lists
This continuously monitors end-user devices to detect malicious activity and initiate response action.
Implement an endpoint detection and response (EDR) solution
FTP is a common means of data exfiltration. By blocking all FTP communications except what is specifically needed for the business, reduces this.
Block outbound FTP connections
Regular patching reduces vulnerabilities in your systems and minimizes your organization’s exposure.
Update, patch systems & software
Documented security measures for building and installing computers and network devices can reduce unnecessary cyber vulnerabilities.
Document security configuration standards
This reduces the risk of attackers gaining access to critical systems or sensitive data by employing minimum user level access or permission needed to perform their job.
Apply the principle of least privilege to account access
Hover over the spaces to get more details.
Learn more about these recommendations
SECURITY
Click the spaces to get more details.
Click the other spaces to get more details.
Free Bingo Space
Click the other spaces to get more details.
Free Bingo Space
Click the other spaces to get more details.
Free Bingo Space
Click the other spaces to get more details.
Free Bingo Space
Click the other spaces to get more details.
Free Bingo Space
Click the spaces on the Bingo card to mark them.
Click the spaces to get more details.
Click "MARK THIS SPACE" to claim the selected space.
HOW TO COVER YOUR CARD
These recommendations made by Secureworks incident responders in 2021 reflect the main threats that face Secureworks customers. Key to these recommendations is regular vulnerability scanning to identify and reduce the external attack surface is a key component of defending against scan-and-exploit attacks.
Review the Bingo Card for tips on how you can prevent or reduce the impact of post-intrusion ransomware attacks, such as implementing IP address allow lists, segmenting networks, improving backup strategies, and removing generic accounts.
Top 20 Cybersecurity Strategies from Incidence Response Experts
try taegis XDR
DID YOU BINGO or are there gaps in your strategy?
Improve backup strategies and
procedures
Implement multi-factor authentication (MFA)
Block
inbound RDP from the Internet
Conduct regular
vulnerability scans
Monitor for spoofed domains
Implement IP allow lists
Establish network segmentation
Limit mail forwarding
functionality
Restrict
USB access
Rebuild
hosts from known-clean backups
Remove default/generic accounts
Implement controlled folder access
Audit
internet-facing web systems and content
Implement DKIM & SPF authentication
Implement application allow lists
Implement an endpoint detection and response (EDR) solution
Update, patch systems & software
Block outbound FTP connections
Document security configuration standards
Apply the principle of least privilege to account access
BINGO CARD
Helps to identify the points of weakness in your system(s), and aid in reducing the attack surface criminals might exploit.
Conduct regular vulnerability scans
Attackers use typosquatting to impersonate victims’ domain names to convince the recipient of a phishing email that the message is legitimate.
Monitor for spoofed domains
These lists, when applied to perimeter network devices, allow access to selected IP addresses while blocking all others.
Implement IP allow lists
This makes it harder for adversaries to move laterally, allowing only legitimate, authenticated access to your critical information.
Establish network segmentation
This helps prevent attackers from doing the same and forwarding email to obtain sensitive data.
Limit mail forwarding functionality
An immutable backup is one that cannot be altered in any way. This is the gold standard for resilience against ransomware.
Improve backup strategies and procedures
This limits the usage of portable devices to decrease the risk of data loss and reduce exposure to network-based attacks.
Restrict USB access
Utilizing technologies and practices for restoring host operating systems from a gold image to ensure that it is current and secure is critical.
Rebuild hosts from known-clean backups
Default/generic account credentials can be used to anonymously access and extract your organization’s most critical data.
Remove default/generic accounts
This adds a secondary means of authentication to traditional usernames and passwords, which can be easily guessed.
Implement multi-factor authentication (MFA)
Controlled folder access is a Windows setting that helps to protect valuable data from malicious apps and threats, such as ransomware.
Implement controlled folder access
Reliable web security audits list all known vulnerabilities and misconfigurations in the IT infrastructure and enable businesses to proactively resolve them.
Audit internet-facing web systems and content
If Remote Desktop Protocol (RDP) present on Internet-facing systems, is also convenient for attackers to compromise those systems.
Block inbound RDP from the internet
These methods help protect against spoofed phishing emails.
Implement DKIM & SPF authentication
These are lists of allowed applications and application components designed to prevent the execution of unauthorized and malicious programs.
Implement application allow lists
This continuously monitors end-user devices to detect malicious activity and initiate response action.
Implement an endpoint detection and response (EDR) solution
FTP is a common means of data exfiltration. By blocking all FTP communications except what is specifically needed for the business, reduces this.
Block outbound FTP connections
Regular patching reduces vulnerabilities in your systems and minimizes your organization’s exposure.
Update, patch systems & software
Documented security measures for building and installing computers and network devices can reduce unnecessary cyber vulnerabilities.
Document security configuration standards
This reduces the risk of attackers gaining access to critical systems or sensitive data by employing minimum user level access or permission needed to perform their job.
Apply the principle of least privilege to account access
Hover over the recommendations to get more details.
Learn more about these recommendations