4 detective controls to strengthen cyber resilience

Michael J. Del Giudice
2/11/2022
4 detective controls to strengthen cyber resilience

Detective controls are essential for a solid security posture.

Since March 2020, traditional work settings have been uprooted. Public sector agencies and other organizations have had to shift their efforts to support their people and technology in remote work environments. This shift has also prompted IT leaders to take another look at their cybersecurity plans.

Supporting a remote workforce means IT teams have to manage different risks, including insecure home Wi-Fi networks, unencrypted file sharing, and weak passwords – and it might seem like they’re working twice as hard to protect their networks.

No two cybersecurity programs look exactly the same, but one thing’s for sure: Detective controls are a key component in building cyber resilience.

Detective controls help increase visibility of malicious activity and potential breaches into IT infrastructure, alerting the correct team members so that they can quickly respond in the event of an attack. Such controls also help improve the quality of response that follows a security event.

Stay on top of public sector and cybersecurity and other insights by subscribing to Cybersecurity Watch.

Here are four detective controls that organizations can implement in 90 days:

1. Identify and respond to critical cybersecurity threats with managed detection and response (MDR)

Setting up and training entire security teams as threat hunters can be quite the undertaking for organizations that already lack resources. This challenge rings especially true for public sector agencies.

The good news is that MDR can be outsourced to entities that can bring necessary resources and additional expertise to the table. Successful MDR programs combine technology with a human approach.

It’s important to start with monitoring all logs and actions performed in a network and then correlating them. Using the correlated data, IT teams can detect abnormalities.

Once a potential security event is identified, security specialists can investigate and determine the extent of the threat. MDR solutions help alert IT teams in a timely manner so they can decrease their response time and thus help prevent organizations from experiencing catastrophic consequences.

2. Protect end users with endpoint detection and response (EDR)

Endpoint management is imperative to the security of any organization, as it provides a single management interface for mobile and desktop devices. Having a centralized source of truth becomes especially important as remote work becomes more prevalent. Unstable home networks, personal devices, and increased use of online tools can increase the likelihood of cybersecurity attacks.

More robust than antivirus protection, EDR solutions continually monitor user devices and report any activity that raises concern. They can also proactively stop the execution of anomalous activities.

EDR solutions significantly reduce the likelihood that a security breach or debilitating ransomware attack will proliferate across the network. These solutions can help minimize security risks of mobile devices by maintaining confidentiality, integrity, and availability of data.

3. Detect risks proactively with strong vulnerability management

Vulnerability management involves detecting threats early on to identify where gaps in patching and controls exist. Failing to effectively mitigate vulnerabilities can leave networks exposed to attackers.

Organizations should frequently scan their environments for vulnerabilities and make necessary adjustments to protect against potential attacks. Performing assessments on a quarterly and then monthly basis is a good place to start.

The goal is not perfection but developing an awareness of where risks exist and then managing those risks to minimize the likelihood of a security event. While even the most robust cybersecurity program can’t prevent every potential attack, organizations can take steps to proactively identify and mitigate risks and threats.

4. Use third-party resources

Detecting and responding to security threats can be overwhelming for organizations to handle on their own, particularly when available cybersecurity talent is in short supply. Third parties can offer a wealth of knowledge and the critical resources organizations might lack for specific cybersecurity needs. Third parties can also help augment personnel when needed to respond to potential security events.

Outsourcing specific cybersecurity programs can help effectively manage critical cybersecurity risks and free up resources to focus on other important initiatives. Outsourcing can also potentially save costs by providing proven, resilient solutions that can yield value in a short period of time.

Detective controls are there if preventive measures fail

Cybersecurity attacks are incredibly difficult to prevent, so preparing your organization to better detect and respond to them should be a top priority. Strong detective controls can help contain and respond to threats quickly and effectively.

By implementing MDR and EDR, strengthening vulnerability management, and taking advantage of third-party resources, you might be surprised how much more secure your organization could be in 90 days.

Get cybersecurity and other insights delivered directly to your inbox.

If you have questions about improving cyber resilience, we can help.

Reach out to an experienced Crowe consultant today to start discussing your cybersecurity program.
Michael Del Guidice
Michael J. Del Giudice
Principal, Consulting