Security News > 2021 > October > Defending Assets You Don’t Know About, Against Cyberattacks
Not to mention, today's corporate perimeter involves the cloud and mobile and remote assets too, and there could be hidden assets you're not aware of.
I don't need to know all your assets or everything about your security strategy.
We try to train ourselves and others to group assets into functional clusters: We look at which ones represent a "Path" for an attacker, and then determine how many policies we have to create around them to ensure we feel good about "Coverage."
How Do I Categorize Assets for Cyber-Defense? One way to slice it is by categorizing assets based on what needs to talk to the internet and what doesn't.
Know What Matters and Forget the Rest You've probably already established DMZs in your network- where you put the assets that need to be internet-accessible and closely monitored.
You can defend an asset, even when you don't know about it, by practicing defense-in-depth - knowing what matters, and implementing many disparate controls with no single point of failure.
News URL
https://threatpost.com/defending-unknown-assets-cyberattacks/175730/