Article written by cybersecurity knowledgeable Yuriy Tsibere.
Gone are the times when cybersecurity meant stopping annoying viruses just like the Love Bug. As we speak, it’s about battling a large, financially motivated cybercrime trade. Assaults are smarter, sooner, and extra damaging—and that adjustments every thing for product groups.
For product managers (PMs), this implies understanding that attackers are always exploiting the identical weak spots: stolen admin credentials, lacking multi-factor authentication (MFA) on VPNs, distant encryption, and intelligent “dwelling off the land” (LOTL) methods like utilizing Workplace to launch PowerShell.
Even one thing so simple as an unpatched firewall or a rogue USB drive can open the door to a breach.
New vulnerabilities and zero-days are popping up on a regular basis, and product groups have to remain on their toes. A number of examples:
- WannaCry (2017): Used the EternalBlue flaw in SMBv1 to unfold ransomware quick. It compelled corporations to disable SMBv1 altogether.
- Some Trade Server bugs: Let attackers run malicious scripts, typically resulting in ransomware.
- Log4j vulnerability: A vulnerability in a well-liked Java logging framework that permits arbitrary code execution. Nonetheless displaying up in outdated firewalls and VPNs.
- Follina (MSDT): Let Workplace apps launch PowerShell with none consumer interplay.
Well timed patching helps, nevertheless it’s not sufficient. There’s at all times a niche between discovering a flaw and fixing it. That’s why groups want layered defenses and a mindset that’s prepared to answer incidents as they occur.
How breach reviews drive real-time product shifts
The 100 days to safe your atmosphere webinar sequence from ThreatLocker is a good instance of incident-driven improvement. It helps safety leaders deal with what issues most of their first few months.
Actual-world breaches usually straight result in new product options or coverage adjustments. Right here’s how:
- Unlocked machines: a risk actor as soon as accessed a hospital laptop that was left open and ran PowerShell. Now, password-protected display screen savers are a should.
- USB knowledge theft: USB drives are nonetheless a go-to for stealing knowledge. Merchandise now provide fine-grained USB controls—blocking unencrypted drives, limiting file varieties, or capping what number of information will be copied.
- Lateral motion: Ransomware usually spreads utilizing previous admin accounts. Instruments now detect and take away these after evaluate.
- LOTL assaults: Follina confirmed how legit instruments will be misused. Ringfencing™ helps cease apps from launching issues they shouldn’t.
- Outbound site visitors abuse: Assaults like SolarWinds used outbound connections. Now, default-deny insurance policies for server site visitors have gotten customary.
- Stolen credentials: MFA is non-negotiable for cloud accounts, distant entry, and area controllers.
- Susceptible VPNs: Unpatched VPNs are a giant danger. Options now embrace IP-based entry controls and even disabling unused VPNs.
The PM’s response: From advisory to actionable characteristic
For cybersecurity PMs, reacting to threats means extra than simply writing advisories. It’s about constructing smarter, safer merchandise. Right here’s how:
- Get full visibility
Begin by understanding what’s working in your atmosphere. Use monitoring brokers to trace file exercise, privilege adjustments, app launches, and community site visitors. - Prioritize dangers
With a whole image, PMs can deal with high-risk instruments and behaviors:- Distant entry instruments like TeamViewer or AnyDesk
- Software program with too many permissions (e.g., 7-Zip, Nmap)
- Dangerous browser extensions
- Software program from high-risk areas
- Drive adaptive coverage creation
Safety insurance policies ought to evolve with the risk panorama:- Take a look at first: Use monitor-only mode and take a look at teams earlier than imposing new guidelines.
- Be exact: Transcend on/off switches—use dynamic ACLs, Ringfencing, and app-specific admin rights.
- Encourage adoption by minimizing disruption
- Provide a retailer of pre-approved apps
- Make it simple to request new software program
- Clarify why restrictions exist—it builds belief
- Steady enchancment and monitoring:
- Use well being reviews to identify misconfigurations
- Block USB file copies if thresholds are exceeded
- Clear up previous insurance policies and unused apps usually
- Embrace patch administration
Be sure that every thing—from working methods to transportable functions like PuTTY—is updated. Use instruments to seek out lacking patches and take a look at them with pilot customers earlier than rolling out. - Shield backups
Backups have to be shielded from compromise. This consists of limiting which apps can entry them and requiring MFA for backup providers. PMs also needs to take a look at the backups usually to validate restoration readiness.
Cybersecurity PMs are on the entrance strains of utilizing real-world protections towards real-world threats.
By staying knowledgeable, gathering the proper knowledge, and constructing with customers in thoughts, you may cut back danger with out making life more durable on your staff.
Sponsored and written by ThreatLocker.
