Got Security Posture?

I talk to hundreds of organization leaders, from all types of industries, every week. They all think that they do a great job at securing their organization. They feel that since they have a fancy web filter and use AD (Active Directory), they are impenetrable. It could never happen to them. Sometimes, when I finish my conversations with them, I just have to laugh after hanging up the phone. How can the industry harden itself if it has so much false information floating around? Sure, I agree that Active Directory and Firewalls are a must have, but one is a user and machine authenticator, and the other is external security. You still have a huge gap in your security posture.

What the IT industry needs is Education. This is what I try to convey to the people I talk to on a daily basis. They need to educate their organization and co-workers on the best practices to keep their organization out of the national media.

Network Security is beyond just a couple pieces of hardware and software. It takes many different approaches and knowledge to have a great security posture. But where do you start?

If we look back at the old approach, it was broken into 3 phases:


This was a great start back then but, as we know now, attackers and technology have come a long way. As attacks become more intricate and thorough, your security posture needs to be updated to counteract that!

What you should be remembering now:

Identification: How do you protect yourself from something you don’t even know is there? You need to know WHO and WHAT is on your network at all times. The more information the better: IE Machine Types, MAC addresses, Operating System information.

Controlling: Once you are able to see what all users are doing on your network, you need to have an avenue to control them. I don’t mean just control what they can access on the internet. You need to control what they can access on the internal network. This is your strongest, and most important defense. Once the threat or malware has moved around your internal network, it is already too late!

Enforcing: Great! Now you are able to Identify and Control users and traffic on your network. Most may think they are set and unbreachable. No, you need to continuously grow and evolve your policies and structure that you have set in motion.

As you can see, the key to success is knowledge. Without it, you are vulnerable. 2015 has begun, and it is time to take the blinders off and realize that security needs to be a #1 priority.

Milton Security is committed to the education of security, and has been putting on an incredible “Internal Threat Webinar” to educate people about what to be on the lookout for in 2015. Every week we have a full house of people who are taking the first step to combat the future.

If you have any interest in checking it out, sign up here:

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *