- Use Windows Defender Exploit Guard
As of Windows 2010, Microsoft introduced the Windows Defender. MS Defender has
several capabilities that can effectively protect against zero-day attacks:
Reduce Attack Surface and protect against malware.
Use Network protection – Use guardrails against any outbound connection
preventing any form of malware accessing external command and controls over
your network and internet. Use Firewall / Intrusion Prevention System to control
your network traffic from external sources
Use Role Based Access Control – Use Access Control to reduce access to your files
and folders used by your organizations personnel and contractors. You can also you the
principal of used privileged to control access to only user on need-to-know access. This
form of control will also reduce your attack surface for Ransomware - Use Next-Generation Antivirus
Normal Antivirus solutions uses the old technology by using signature files and
may not detect newly created threats such as zero-day attacks or behavioral based
malware. We are not saying that you should not use the current Antivirus
technologies in fact signature-based antivirus should be used to detect any form of
malware that Next Generation Antivirus may not have the ability to detect threats
Your organization should utilize Next Generation Antivirus and traditional antivirus
to close the gaps for all incoming threats. Signature based as well as behavioral
based malware on all your endpoints - Patch Management
Many organizations forgo patch management because they think it is not
necessary. Your organization must implement patch manage process. Patch
management process ensures that your organization will apply all the patches
required per vendor and your product manufacture.
Patch management should become an automated solution to manage your
patches for all devices in your organizations such user workstations, servers,
network devices, custom codes, OEM software and all your endpoints.
Without a proper patch management your organization will always be at risk for
Ransomware and external attacks. Patch management should be part of your day-
to-day security operations and your other security teams.
It is crucial to automate your patch management in order to stay abreast of your
organization shortcomings such legacy devices in your environment. Patch
management is also another way to reduce the attack surface to your organization
infrastructure
- Incident Response Policy
It does not matter whether you have small or large organizations. All organization
must have an incident response plan available incase dealing with an attack on an
organization.
Many states privacies policies require incident response plan in to deal with
specific incidents. Incident response plan ensure that your organizations will have
an advantage when an incident is detected. A proper incident response plan can
deal with any form of attack from internal and external sources.
You can incorporate various stages in your incident response plan such as but not
limited to:
Preparation
Identification
Containment
Eradication
Recovery
Lesson learned