Apply defense-in-depth principles
- By using multiple layers of security to ensure comprehensive analysis and detection of possible intrusions.
Establish baselines of network traffic, application execution, and account authentication.
- Use these baselines to enforce an “allowlist” philosophy rather than denying known-bad IOCs. Ensure monitoring and detection tools and procedures are primarily behavior-based, rather than IOC-centric.
Eliminate Default Passwords
- And the use of the same password for each account created manually and/or via scripts.
Resources
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a?mc_cid=78cd2ac95a&mc_eid=UNIQID