{"id":48989,"date":"2022-10-20T18:17:08","date_gmt":"2022-10-20T18:17:08","guid":{"rendered":"https:\/\/www.darkreading.com\/microsoft\/4-ways-to-achieve-comprehensive-security"},"modified":"2022-10-20T18:17:08","modified_gmt":"2022-10-20T18:17:08","slug":"4-ways-to-achieve-comprehensive-security","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/4-ways-to-achieve-comprehensive-security\/","title":{"rendered":"4 Ways To Achieve Comprehensive Security"},"content":{"rendered":"
<\/div>\n

Cyberattacks in 2021 continued to steadily increase in volume and sophistication. Ransomware continued its ruthless path across industries, often putting lives at risk. Ransomware attacks also became increasingly simple to carry out with toolkits, as in the case of the Colonial Pipeline attack<\/a> that disrupted businesses and daily life for many. Indeed, the FBI\u2019s Internet Crime Complaint Center reported 2,084 ransomware complaints<\/a> from January to July 31, 2021, a 62% year-over-year increase. <\/p>\n

With most organizations shifting to a hybrid work<\/a> environment as a result of the pandemic, the attack surface has dramatically expanded beyond corporate boundaries, leaving organizations even more exposed to cyber threats. CISOs and other cybersecurity leaders are facing the dual challenges of enabling digital transformation while adapting to a rapidly expanding threat landscape. This continues to reinforce the need for a comprehensive security approach that aligns to business priorities. <\/p>\n

What happens when security leaders have a comprehensive security approach based on zero-trust principles? They can be fearless, armed with the ability to secure everything without any limits. Let\u2019s take a look at four ways that we have seen organizations manage a comprehensive security approach.<\/p>\n

Commit to a Zero-Trust Strategy<\/h2>\n

Today\u2019s organizations need a security model that adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they\u2019re located. That is exactly what you get when implementing a zero-trust approach<\/a> based on the three guiding principles of verify explicitly, use least-privilege access, and assume a breach. Instead of believing everything behind the corporate firewall is safe, the zero-trust model assumes a breach and verifies each request as though it originated from an uncontrolled network. <\/p>\n

Microsoft’s zero-trust approach is designed to reduce risk at every opportunity across the digital estate, which includes identities, endpoints, applications, network, infrastructure, and data. This means that every transaction must be validated and proved trustworthy before the transaction can occur. This approach is consistent with industry standards like the Open Group\u2019s recently released Zero Trust Commandments<\/a> and the NIST\u2019s Zero-Trust Architecture<\/a>. <\/p>\n

Zero trust takes a fresh look across all of your security disciplines<\/a>, including access control, asset protection, security governance, security operations, and innovation security (e.g., DevSecOps). Architecturally, this brings in automated enforcement of security policy, correlation of signals across systems, and extensive security automation and orchestration to reduce manual labor and toil. <\/p>\n

Manage Compliance, Risk, and Privacy<\/h2>\n

Organizations constantly access, process, and store a tremendous amount of data \u2014 which is only increasing with business innovation. Additionally, organizations now face an ever-growing landscape of data regulations, creating complexity and compliance risk. Organizations should look for tools<\/a> that translate complicated regulations and standards into simple language, map controls, and recommend improvement actions in the form of step-by-step guidance.<\/p>\n

Additionally, many organizations still use manual processes to discover how much personal data they have stored; thus, they lack actionable insights to help mitigate security and privacy risks. With a privacy management tool<\/a>, organizations can identify critical privacy risks, automate privacy operations, and empower employees to be smart when they are handling sensitive data.<\/p>\n

Use a Combination of XDR + SIEM Tools<\/h2>\n

SecOps sifts through ever-growing mountains of data to detect and hunt for today\u2019s attacks. <\/p>\n

We have found that SecOps teams work best at this with a combination of deep analytics, broad visibility, and orchestration and automation:<\/p>\n