Security professionals accustomed to convoluted cyber threat bulletins from the federal government may have noticed something refreshingly peculiar in recent months: government guidance that’s clear, detailed, and useful.
Such guidance has been more frequent since the launch of the Cybersecurity & Infrastructure Security Agency (CISA). The agency has been increasingly successful at bringing in cybersecurity talent and communicating threats with clarity and detail.
An example of this is the launch of CISA’s Shields Up campaign, complete with a page full of actionable information, from the latest news updates to recommendations for corporate leaders and CEOs and ransomware response tips.
Shields Up has been particularly helpful amid the Russian invasion of Ukraine, providing clear guidance to help organizations prepare for potential cyberattacks tied to the conflict on the ground.
Josh Snow, principal sales engineer at ExtraHop, recently joined Enterprise Security Weekly host Adrian Sanabria to discuss what Shields Up is about and how organizations can make the best use of it. Specifically, Snow and Sanabria discussed specific practices and protocols that defenders should shore up, as well as behavioral indicators that signal active exploitation attempts.
Of Shields Up, Snow said the guidance “is common-sense hygiene for ports and protocols. It’s about looking at your ports and doing what you can to mitigate risks across the network. It’s about having a baseline of your infrastructure and knowing what you have – the basics.”
That includes making sure devices are properly configured for Microsoft’s Remote Desktop Protocol (RDP) and turning it off when necessary, and disabling the outdated SMB 1 protocol, which has become a notoriously easy ransomware attack vector.