Cyber & IT Supervisory Forum - November 2023

MOVEit / Progress Software Zero Day Compensating Controls Page 2

•Strategically segment the network to create security zones, which can limit the spread of any breaches and reduce the attack surface. •Adhere to the principle of least privilege across all systems, ensuring users have only the access necessary for their role. •Implement comprehensive monitoring solutions to detect and alert on suspicious activities and anomalous file transfers or downloads. •Deploy advanced threat hunting tools and techniques to identify and investigate deviations from established baselines, such as the creation of unexpected .aspx files. •Have an Incident Response (IR) plan ready to be activated when IoCs are detected, treating each alert as a potential compromise and responding accordingly. •Prioritize and streamline the process for testing and applying security patches to reduce the window of vulnerability. •Continuously monitor darknet sources with a dedicated threat intelligence team to preemptively identify and prepare for emerging threats and potential breach indicators related to the organization.

Network Segmentation

Privilege Restriction

Continuous Monitoring

Anomaly Detection

Incident Readiness

Patch Management

Darknet Threat Intelligence Monitoring

27

Notes

• The Access Control strategy presumes a thorough evaluation has been conducted to ensure that such restrictions do not interfere with the normal operations and access needs of legitimate users. With this proactive stance, the organization can significantly narrow the opportunities for cyber adversaries to exploit vulnerabilities, serving as a formidable barrier against potential attacks. • These measures are temporary safeguards in response to this specific vulnerability. Prioritize the application of the initial patch and subsequent updates.

28