In IT security, there are certain controls that one has to implement to maintain a certain security level, react to the incident, and have the ability to recover from it. We recognize preventive security controls as well as detective, corrective, and compensatory controls.
Usually, it is both very effective and relatively inexpensive to invest in preventive controls. With other controls, the price rises, and the effectivity is lower, as the incident has already occurred and the damage is done. Therefore, it pays off to spend some time fine-tuning preventive security controls.
What are Some of Preventive Security Controls?
Their main objective this type of controls is to prevent the fullfillment of intruder’s goals and reduce the impact if a successful intrusion happens.
Preventive controls include security awareness training and exercises because a human being is always the weakest point. Apart from awareness and training, preventive controls include mostly technical measures. Namely, these are:
One of the most basic measures is firewall protection that controls and filters the incoming and outcoming communication for the company.
Another measure is endpoint protection with antivirus software and also IPS (Intrusion Prevention System). A great way to achieve endpoint protection is to harden the company’s computers.
We produced a handy Windows 10 Hardening Guide with impacts of each policy to security and usability, along with a MITRE ATT&CK technique mitigated by that policy.
Email filtering and monitoring are also essential as they can stop phishing from being delivered. When the user doesn’t receive a phishing email, then he can not leak credentials or download and run a malicious attachment.
Enabling multi-factor authentication is always beneficial because it slows down or completely stops the attacker even if he gains access to users‘ passwords.
Another important measure is to regularly update software and patch vulnerabilities that attackers can misuse for exploitation.
All of the aforementioned controls can help automatically detect malicious activity and prevent it from happening or hinder the intruder from successfully taking over the network. It is always more suitable to be prepared for an attacker by deploying these techniques than having to recover from an incident.