Manage Continuous Threats
The evolution of security threats and changes requires comprehensive operational capabilities and ongoing adjustments. Proactively manage this risk.
Establish Operational Capabilities
To monitor alerts, investigate incidents, initiate remediation actions, and integrate lessons learned.
Build External Context
Of threats using available resources such as threat intelligence feeds, Information Sharing and Analysis Centers (ISACs), and other means.
Validate Your Security Posture
By authorized red team and/or penetration testing activity.
Manage Continuous Innovation
The rate of capability releases and updates from cloud services requires proactive management of potential security impacts.
Contain Risk By Assuming Breach
When planning security controls and security response processes, assume an attacker has compromised other internal resources such as user accounts, workstations, and applications. Assume an attacker will use these resources as an attack platform.
Least Privilege Admin Model
Apply least-privilege approaches to your administrative model, including:
- Limit the number of administrators or members of privileged groups.
- Delegate fewer privileges to accounts.
- Provide privileges on demand.
- Have existing administrators perform tasks instead of adding additional administrators.
- Provide processes for emergency access and rare use scenarios.
Harden Security Dependencies
Security dependencies include anything that has administrative control of an asset. Ensure that you harden all dependencies at or above the security level of the assets they control.Security dependencies for cloud services commonly include identity systems, on-premises management tools, administrative groups and accounts, and workstations where these accounts logon.
Use Strong Authentication
Use credentials secured by hardware or Multi-Factor Authentication (MFA) for all identities with administrative privileges.
Use Dedicated Admin Accounts And Workstations
Separate high-impact assets from highly prevalent Internet browsing and email risks:
- Use dedicated accounts for privileged administrative roles for cloud services and on-premises dependencies.
- Use dedicated, hardened workstations for administration of high-business impact IT assets.
- Do not use high privilege accounts on devices where email and web browsing take place.
Enforce Stringent Security Standards
Administrators control significant numbers of organizational assets. Rigorously measure and enforce stringent security standards on administrative accounts and systems. This includes cloud services and on-premises dependencies such as Active Directory, identity systems, management tools, security tools, administrative workstations, and associated operating systems.
Monitor Admin Accounts
Closely monitor the use and activities of administrative accounts. Configure alerts for activities that are high impact as well as for unusual or rare activities.
Educate And Empower Admins
Educate administrative personnel on likely threats and their critical role in protecting their credentials and key business data. Administrators are the gatekeepers of access to many of your critical assets. Empowering them with this knowledge will enable them to be better stewards of your assets and security posture.