Damon Becknel from Microsoft shares practical cybersecurity strategies, emphasizing essential defenses, identity management, modern protocols, and collaboration for stronger organizational security.

Cybersecurity Strategies to Prioritize Now

By Damon Becknel, Vice President and Deputy CISO for Regulated Industries at Microsoft

This article outlines four cybersecurity priorities for every organization:

1. Prioritize Essential Cyber Hygiene Basics

Asset Inventory: Maintain a detailed inventory of all hardware, software, and cloud resources to ensure comprehensive security coverage.
Network Segmentation: Use segmentation to limit exposure and enforce proper traffic patterns, leveraging jump boxes for sensitive access.
Block Malicious Traffic: Restrict access to your systems by filtering out known attacker IPs (such as Tor nodes and suspicious country blocks).
Logging and Monitoring: Implement robust, year-long logging and monitoring, making data machine-readable for effective incident response.
VPN Usage: Enforce VPN access to keep users on trusted segments and simplify security patching (learn more about Microsoft Entra ID authentication for VPN).
Identity Hardening: Segregate administrative and day-to-day accounts, enforce multifactor authentication—prefer phishing-resistant options like YubiKeys or Passkeys (Microsoft guidance).
Patch Management: Timely patching for all assets using inventory-driven processes.
Endpoint Security: Deploy endpoint detection and response solutions (EDR), encryption, host-based firewalls, and inventory tooling (see Microsoft Defender and Intune).
Web and Email Gateways: Use proxies and gateways to analyze and filter malicious traffic—enforce web proxy use and email security solutions.
Data Loss Prevention: Automate policy-based actions to protect and block sensitive data (DLP guidance).

2. Prioritize Modern Security Standards, Products, and Protocols

Authentication: Move to phishing-resistant multifactor authentication; eliminate passwords using passkey solutions (what is passkey).
DNS Security: Implement DNS security measures, filter/block threats, and monitor for malicious activity.
SMTP Security: Close open relays, secure configurations, use encrypted connections, and enable DMARC (DMARC setup).
Exchange Web Services Modernization: Identify and migrate from EWS to Graph APIs (migration mapping); check dependencies (app identification guidance).
BGP Practices: Update operational protocols to reduce hijack and denial-of-service risks.

3. Prioritize Fingerprinting to Identify Bad Actors

Beyond IP Blocking: Use unique device/browser/user identifiers for traffic analysis—track legitimate and malicious activity more reliably (integrate fingerprint solutions like Azure Front Door and Purview).
Behavior Analytics: Identify anomalies through device/user usage patterns; consider ISP, connection types, and access behaviors for incident adjudication.
Layered Detection: Deploy multiple fingerprinting solutions for comprehensive detection (NIST guidance).

4. Prioritize Collaboration and Learning

Threat Intelligence Sharing: Collaborate with other organizations, share incidents and best practices, join industry alliances (GASA, FSISAC, ARC, HISAC, TISAC, see GASA partnership).
Continuous Learning: Stay informed via Microsoft’s Security blog, CISO Digest, and various security-focused forums.

Final Thoughts: Building a solid security foundation combines technical best practices and organizational transparency. Establishing cyber hygiene, modernizing security standards, deploying advanced detection/fingerprinting, and fostering collaboration equips teams to block common attacks and manage future threats.

For more OCISO insights, visit the Deputy CISO blog series.

This post appeared first on “Microsoft News”. Read the entire article here