Unit42 Cybersecurity Checklist 57 Tips
Unit42 Cybersecurity Checklist 57 Tips
57 Tips to
Proactively Prepare
Securing Your Organization Is a Journey,
Not a Destination
• Limit the use of privileged accounts to when there is a valid business need,
or a user requires a p
rivileged account to complete their job task, and do not
reuse local administrator account passwords.
• Run periodic scans that include configuration checks and perform regular
system audits to detect misconfigurations.
• Implement and utilize mobile device management applications that have the
capability to locate and/or remotely wipe devices.
• Establish a DLP program responsible for classifying and tagging data and
providing alerts when sensitive or other company-identified relevant
information is leaving the organization.
• Leverage EDR or XDR solutions, and ensure your security operations team
understands how to utilize this technology to maintain full visibility across
the network.
• Have an incident response and remediation plan. Incidents may occur despite
best efforts, so have a tested, comprehensive plan to ensure fast action should an
incident occur. If you have cyber insurance (recommended), be sure to integrate
the policy’s key processes and contacts into the plan.
Additional Tips
• Maintain a log retention repository and regularly review all logs and login
attempts for unusual behavioral patterns. Ensure that logs are stored for the
appropriate amount of time to fulfill any legal or regulatory obligations. Unit
42 consultants recommend a year or more, and if that is not possible, a bare
minimum of 90 days.
• Conduct regular security awareness training for all users, including contractors,
on a yearly basis. Consider utilizing a trusted training platform that allows you to
incorporate custom goals and objectives into the training curriculum.
• Avoid utilizing a flat network. Segregate networks and Active Directories, segment
sensitive data, and leverage secure virtual local area networks (VLANs).
Make it easy for users to report suspected phishing emails; ensure reports
are promptly reviewed and actions are taken on such messages.
Visually alert users concerning attachments from external senders. This may
help identify spoofed domains that appear similar to the company’s domain.
Track leading performance indicators for your phishing tests so you can
adjust phishing content and difficulty based on the needs of the organization.
Encourage users to store sensitive information via a file share with role-
based access controls rather than in email.
Once patches are deployed, monitor them for stability. This may also
include monitoring your network for stability.
Ensure users with cloud control access are fully trained in each cloud environment.
Evaluate your options for managed security services if you don’t have the
in-house expertise or if your cloud estate is particularly complex and in a
continual state of change.
Control access to the cloud environment. Access to cloud controls such as CSP
consoles, APIs, and CLIs in the cloud should be restricted to only those who
need it. Such RBAC is essential to minimizing the risks of configuration and
other security errors.
Implement allow listing where possible to further limit access to known and
trusted endpoints.
Regularly audit your cloud data to know what sensitive data you have and
where it’s located.
Encrypt sensitive data (at a minimum), segment it, provide access using RBAC,
and rotate keys regularly. Evaluate whether maintaining keys with the cloud
provider or within your organization is the best option for you, but ensure you
have a key security policy that limits key access and e
xposure to risk.
The Cortex portfolio offers an end-to-end security solution that helps you
improve detection and operational efficiencies across your security operations.
These technologies power our Palo Alto N etworks SOC and thousands of
SecOps worldwide.
Cortex XDR helps keep your organization safe from attack by delivering leading
endpoint protection and enterprise-wide threat detection and response across
network, cloud, endpoint, and virtually any data source. Patented behavioral
and machine learning-based analytics pinpoint evasive threats and provide the
intelligence you need to respond before a breach can occur. Don’t wait to connect
the dots after an attack happens; shut it down before a breach happens.
Cortex XSOAR provides a single platform for your SOC to manage incidents and
automate workflows for maximum operational efficiency. Any of the p rocesses
listed in the checklist that are manual and repetitive can be a candidate for
automation. And with over 900+ prebuilt automation packs for key processes
such as user access control, phishing response, vulnerability management, cloud
security, etc., XSOAR can serve as your virtual partner in the SOC to speed up
incident response and ease daily analyst workloads.
Cortex Xpanse knows your cloud is always changing and exposing security
gaps. All it takes is one gap for an attacker to compromise your network. Xpanse
constantly monitors your attack surface to give you an up-to-date inventory of
your internet-facing cloud assets and misconfigurations. Discover shadow IT
before an attacker does.
With end-to-end native integration and interoperability, SOC teams can close the
loop on threats with continual synergies across the Cortex ecosystem. All three
products work in concert to monitor the threat landscape and provide the most
robust detection, response, and investigation capabilities:
• Cortex XDR and Xpanse provide ultimate visibility and detections across the
internet attack surface, endpoints, cloud, and network, including remote workers.
• Cortex XDR can leverage XSOAR to automate malware investigation and response.
• Cortex XSOAR ingests alerts and threat intel from all Palo Alto Networks
products and hundreds of other security tools to facilitate incident
investigation and drive automated incident response.
With a Unit 42 Retainer, our experts become an extension of your team on speed
dial, helping you r espond faster so you can minimize the impact of an attack and
get back to business sooner.
For more information on how the Cortex suite of products can deliver best-
in-class threat d
etection, prevention, attack surface management, and
security automation capabilities, download our whitepapers:
Check out the Unit 42 2022 Incident Response report for a more in-depth look
at today’s cyberthreat landscape, as well as favorite tactics that threat actors
like to use.
3000 Tannery Way © 2022 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
https://www.paloaltonetworks.com/company/trademarks.html. All other
Main: +1.408.753.4000 marks mentioned herein may be trademarks of their respective companies.
Sales: +1.866.320.4788 unit42_cybersecurity-checklist-57-tips_112222
Support: +1.866.898.9087
www.paloaltonetworks.com