Shields Up: Bolstering Your Security Posture Following Ukraine Invasion

As we all watch the Ukraine invasion unfold on both physical and cyber warfare levels, we want to provide guidance to ensure all of our customers and partners remain as safe and secure as possible at all times. 

We also want to underscore the importance of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Shields Up initiative and guidelines and highlight the top five critical actions — aligned to these guidelines — that we recommend all organizations do immediately.

1. Implement MFA on all user accounts. It is absolutely critical that all user accounts in your organization have multifactor authentication (MFA). Every single employee, workforce and administrator account should absolutely have MFA in place at this time. This especially includes every remote user access account in your organization. Don’t think just because you mostly have MFA you are safe — you need to have strong MFA on every single user account. 
2. Check your device trust standards. Go back and assess your device posture. Have you documented your own trusted device standard yet? Do you trust every single entity within your environment? Are devices configured in a manner that you are comfortable with allowing them on your network? Devices that fail to comply with your standard should absolutely not be allowed on your network or have access to corporate data. Know what that standard is from top to bottom. 
3. Take advantage of free CISA services. Sign up for CISA’s Cyber Hygiene Vulnerability Scanning. They can scan your network perimeter and tell you exactly what potential attackers can see. They will let you know if they see any vulnerabilities you may have missed. Consider them a second pair of extremely strong eyes. You can register for this service by emailing [email protected]. More free CISA tools and services are available here. 
4. Create a Crisis Management Team (CMT) now. It’s critical that you have a group of leaders in your company assigned to a crisis management team (CMT) across functions. Ensure leader representation from E-staff, Product, Engineering, Security, Research, Customer Success, Legal, Finance, Comms, etc., so that all leaders can discuss their knowledge and critical updates. This allows for greater efficiency towards threat mitigation and company unity. It should go without saying that you want to be well organized and ready should attackers — whether nation-states like Russia or China — or rogue actors, decide to attack your organization or any organization with whom you are connected. No organization is immune. 
5. Validate your security Incident Response (IR) plan. In light of geopolitical tensions and the CISA alerts and guidelines shared over the last many months, Exabeam has already been revalidating our IR plan and is continuing to do so alongside our CMT. It is critical that all leaders at your organizations are aligned in your IR plans and methodology. 

At Exabeam, we are also using our own Fusion SIEM and Fusion XDR products to ensure we can immediately catch any anomalous activities in our environment on a 24/7 basis. We know exactly the normal behavior of every single user and entity on our network, as well as their risk scores. We are immediately alerted to anything that is out of the ordinary, abnormal, and possibly adversarial, so that we can rapidly investigate and respond swiftly if needed. 

For customers using our Fusion SIEM and Fusion XDR products, please see the latest brief from Exabeam Research regarding the recently reported destructive malware that has been identified impacting computer systems in Ukraine, Latvia, and Lithuania. To date, this malware has targeted financial institutions and government contractors in these countries. In the brief, we offer additional steps for creating watchlists and more easily adding rule tags to threat hunter searches. 

We will continue to monitor the situation and keep our customers and partners informed on what we know and how we can help. 

If you have any questions, please open a support ticket or reach out to your Customer Success Manager.