Security News > 2022 > January > 2022 promises to be a challenging year for cybersecurity professionals

EO 14028 instructs agencies to adopt a zero-trust model including comprehensive identity management, continuous authorization, least privilege, separation of duties, network segmentation, and privilege access management controls.

Let's be specific: if agencies have an effective unified endpoint management solution, including mobile device management, that provides asset discovery and inventory management, and it already feeds an IT service management platform and configuration management database, then a large part of what EDR provides is already in place and working.

In this case, perhaps what an agency is lacking is risk-based vulnerability management, effective patch management, and instrumentation to detect anomalous behavior and feed the information into an automation engine that also gets feeds from intrusion detection and monitoring systems, as well as the automation engine to interpret the results and provide alerts to the business owner, the application owner, the security operations center and the network operations center.

The applications that are cloud-hosted must be included in the zero-trust framework including being protected by strong, conditional access controls, effective vulnerability management and automated patch management processes.

I am optimistic that we can make great strides towards improving cybersecurity in 2022, if we are smart and pragmatic about prioritization, risk management, and leveraging automation to help us work smarter not harder.

Then integrating the asset inventory with risk-based and vulnerability management, automated patch management, change management, and service management provides a pragmatic and prioritized cybersecurity strategy.

News URL

https://www.helpnetsecurity.com/2022/01/12/improve-cybersecurity-2022/