This advisory details steps organizations can take to defend against attacks originating from large, dynamic networks of compromised devices, based on guidance from the National Cyber Security Centre. The recommendations are tailored based on organizational size and risk level.
All Organizations:
The NCSC recommends mapping and understanding your network edge devices to gain a clear understanding of organizational assets and expected connections. General good cyber security practices should also be followed.
Larger or More At-Risk Organizations:
For organizations facing higher risk, consider these more comprehensive measures, either in-house or through a security provider:
- Apply IP address allow lists instead of deny lists for connections to corporate VPNs for remote workers.
- Use geographic allow lists or profile incoming connections based on operating system, time zones, and/or organization-specific system configuration settings.
- Implement zero trust policies for connections.
- Enforce machine certificates for Secure Sockets Layer (SSL) connections.
- Reduce the internet-facing presence of your IT estate.
- Investigate machine learning techniques to profile normal network edge activity to detect and block anomalies.
Resources:
For further guidance, refer to the NCSC website and Cyber Essentials.
This advisory is specifically based on the recommendations within the provided NCSC document. It focuses on the key actions outlined in the source material.
