CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
Cybersecurity & Infrastructure Security Agency
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) detailing activity and key findings from a recent CISA red team assessmentâin coordination with the assessed organizationâto provide network defenders recommendations for improving their organization’s cyber posture.
Actions to take today to harden your local environment: Establish a security baseline of normal network activity; tune network and host-based appliances to detect anomalous behavior. Conduct regular assessments to ensure appropriate procedures are created and can be followed by security staff and end users. Enforce phishing-resistant MFA to the greatest extent possible. Additionally, CISA recommends organizations implement the mitigations below to improve their cybersecurity posture:
Provide users with regular training and exercises Enforce phishing-resistant MFA Reduce the risk of credential compromise Upgrade to Windows Server 2019 or greater and Windows 10 or greater As a long-term effort, CISA recommends organizations prioritize implementing a more modern, Zero Trust network architecture that:
Leverages secure cloud services for key enterprise security capabilities (e.g., identity and access management, endpoint detection and response, policy enforcement). Upgrades applications and infrastructure to leverage modern identity management and network access practices. Centralizes and streamlines access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks. Invests in technology and personnel to achieve these goals. In addition to applying mitigations, CISA recommends exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. CISA recommends testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.
Link: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a