ManageEngine's framework to strengthen cloud security posture and prevent breaches

Chapter 1: Introduction

"Dear customer,

We regret to inform you that we detected unauthorized action on our user database by a third party. We believe your data may have been compromised..."

An email like this would be an unpleasant surprise to both the customer and the company. To put it into perspective, there were 114 data breach incidents and over 800 million records breached in October 2023 alone. The primary responsibility of a software enterprise is undoubtedly to ensure that none of its users receive such an email.

ManageEngine initiated preparations for such scenarios two decades ago when we were a bootstrapped company. Security was paramount in our offerings even with a small team of software engineers and minimal IT infrastructure. Securing our IT environment was comparatively less intricate back then. Regardless, we consistently adhered to a strict framework-based approach to IT security. As our IT infrastructure grew to match business requirements, we fortified our framework to secure our customer's data and IT environment against the ever-evolving threat landscape.

Over the years, we've taken these significant strides towards becoming a more secure company:

  • Strengthened our core security principles and implemented stringent security standards.
  • Established a dedicated security team to oversee the security processes throughout the company.
  • Advanced our measures with a software development lifecycle (SDLC) that embeds security into our offerings.
  • Introduced a bug bounty program for our users and employees to report security vulnerabilities.

However, we soon realized that security must begin long before our development process, so we took these efforts to strengthen our IT environment holistically:

  • We implemented the principles of security by design and default.
  • We focused on building a security-conscious culture where every employee is aware of the role of security in their jobs and the ramifications if security is compromised.
  • We established a dedicated IT security command center that oversees the health of our IT environment and alerts us on possible vulnerabilities even before they become a security event.

How did we achieve this security posture that provides confidence to millions of users worldwide? How do we arm ourselves against growing threats and attacks?

This e-book provides the answers. We dive deep into each aspect of our IT environment and how we secure it.

Who is this e-book for?

This e-book is for IT leaders, managers, CXOs, and members of the cybersecurity community. We’ll walk you through the nuances of our IT environment and how we secure it. We'll also provide illustrated process flows, technology, and best practices that worked for us. This handbook comprises methods that worked for us over two decades and valuable lessons we learned through trial and error.

Before we dive in, let's get the basics out of the way.

The basics of IT security

IT security defined

IT security refers to the practice of protecting computer systems, networks, and data from unauthorized access and potential threats. It ensures confidentiality, integrity, and availability of information, commonly known as the CIA triad.

Common types of security attacks

Type of attack Description Example
Malware

Malware is a program designed to harm a computer, network, or server. It's the go-to weapon in cyberattacks. It covers a range of different attacks including ransomware, Trojans, spyware, viruses, worms, bots, crypto-jacking, and more. Any software misused to cause trouble in the digital world is malware.

CovidLock ransomware in 2020 injected malicious files into users' systems claiming to offer information about the disease.

Emotet is a Trojan which came to surface in 2018. It’s used for stealing financial information such as bank logins and cryptocurrencies via malicious emails.

Denial-of-Service (DoS) attacks

DoS attacks are designed to overflow a network with false or duplicate requests in order to negatively impact business operations.

In June 2023, Microsoft weathered a DoS attack which affected its Azure, Outlook, and OneDrive web portals.

Phishing

Phishing is the use of email, SMS, phone, social media, and social engineering techniques to entice victims to reveal sensitive information. This includes passwords, account numbers, and OTPs that helps the attacker enter your systems.

C-level executives and employees face whaling attacks that try to steal money or information, or gain access to the executive's computer in order to execute further cyberattacks on their company.

Spoofing

The attacker disguises themselves as a known or trusted source to engage with the target and access their systems to steal information, extort money, or install malware on their device.

In domain spoofing, the attacker impersonates a known entity—a business, a person with a fake website, or an email domain—to fool victims into trusting them.

Identity-based attacks

The attacker steals a valid user’s credentials and masquerades as that user. This could provide the attacker further pathways into secure systems.

A common type of identity-based attacks is a man-in-the-middle attack, where the attacker eavesdrops on a conversation between two people. This could give the attacker valuable info like personal data, passwords, bank account details, or OTPs. They might also use that information to convince the victim to take an action such as changing login credentials, completing a transaction, or initiating a transfer of funds.

Another common example is a brute force attack, where the attacker uses a trial-and-error approach to guess login info systematically, like credentials and encryption keys. The attacker submits combinations of usernames and passwords until they finally guess correctly.

Code injection attacks

The attacker injects malicious code into a computer or a network to modify its course of action to their advantage.

SQL injection attacks are the most common type of code injection attacks, where the attacker uses vulnerabilities in the system to inject malicious SQL codes into an application. This allows the attacker to extract sensitive information from that database, like personal data, usernames, and bank info.

Supply chain attacks

The attacker compromises the IT environment of a trusted third-party vendor who offers services or software vital to the supply chain of the main software. This could give the attacker enough access to compromise the main software.

Many software rely on third-party entities such as APIs or open source code for its functioning. The attacker gains access to these entities to disrupt the functioning of the main software.

Insider threats

Internal attackers, such as current or former disgruntled employees, can act against the interests of the company willingly or negligently.

Attackers leverage the emotions of disgruntled employees who have direct access to the secure network of a company. These employees may also have access to sensitive data, intellectual property (IP), and they might possess knowledge of business processes, company policies, or other information. This helps the attacker carry out other types of attacks on the company.

Multi-factor authentication (MFA)

MFA adds extra layers of security by requiring users to enter more information besides their passwords. Enabling MFA enhances the security of accounts. During a security breach, passwords could be compromised and used by attackers to access your accounts. Using MFA ensures companies do not solely depend on passwords. With MFA, they use features like fingerprints and OTPs to provide an additional layer of security.

Common methods of MFA include three factors:

  • Knowledge factors, or something the user knows, such as passwords and personal identification numbers.
  • Possession factors, or something the user has, such as smart cards or mobile apps.
  • Inherent factors, or something the user is, such as fingerprints or facial recognition.

This combination fortifies authentication and significantly reduces the risk of unauthorized access. By requiring multiple forms of proof, MFA adds an extra level of defense against cyber threats and safeguards sensitive information in various IT environments. As the threat landscape evolves with technology, the adaptability of MFA ensures a robust defense mechanism against increasingly sophisticated cyber threats and unauthorized access attempts.

Importance of software updates

Software updates often include security patches that fix vulnerabilities in the system. At ManageEngine, we regularly update our software, including operating systems and applications, using a central solution to manage such activities. This practice helps in protecting our assets against known security threats.

Software updates act as digital guardians, essential for fortifying our IT environment against cyber threats. Our IT environment hosts a large amount of sensitive information, almost like a fortress, and these updates reinforce our defenses. They patch vulnerabilities, acting as a crucial line of defense against cyberattacks that aim to exploit any existing weaknesses. Neglecting updates is like leaving the gates open for potential intruders. For instance, major cyberattacks like WannaCry targeted systems lacking essential updates.

We insist that our users accept updates regularly to ensure their digital stronghold stays resilient and equipped with the latest security measures. We emphasize embracing software updates because they're not just enhancements, they’re our shield against cyber threats.

The role of an employee in IT security

The systems with the most robust security measures could still crumble if the people managing them aren’t security-conscious. Many cyberattacks wouldn't have occurred if the concerned employees were slightly more security-conscious. For example, a 2016 phishing attack led to the breach of a US presidential candidate's campaign-related emails. The attack targeted campaign officials through seemingly innocent emails, tricking them into revealing sensitive information. Had the staff been more security-conscious and spotted the signs of phishing, they might have avoided clicking on malicious links or providing login credentials.

At ManageEngine, we insist that our employees constantly improve their security consciousness. We conduct extensive training and awareness sessions to educate them about the importance and context of security in their job roles. We train them to follow security-conscious practices, such as recognizing phishing attempts, using strong passwords, and securely handling sensitive data, which helps prevent security breaches and minimize risks.

Responding to a security breach

Swift and decisive action is crucial for mitigating the potential damage of a security breach. First, we insist our employees immediately report the incident to our designated incident management (IM) team. Our IM team quickly assesses the incident and involves our dedicated IT security team. Time is of the essence, and quick reporting can facilitate a faster response to contain the breach. Simultaneously, our security team advises the steps to be taken by the employee to minimize further damage.

For instance, the security team might instruct the employees to disconnect from the network and, if applicable, isolate an affected device to prevent the potential spread of the breach. Preserving any evidence related to the incident, such as screenshots or unusual files, can aid in the subsequent investigation, and our security team ensures to collect them from the concerned employees.

Our employees refrain from attempting to fix the issue independently because well-intentioned actions could inadvertently worsen the situation. Our employees are aware that they must follow our established policies, protocols, and procedures for reporting security incidents. The employee promptly updates passwords and enables more stringent security measures like biometric activation on relevant accounts if the breach involves their compromised credentials.

By taking these immediate and coordinated steps, our employees play a pivotal role in minimizing the impact of a security breach and contributing to the overall cybersecurity resilience of the organization.

Putting together your sales enablement starter kit

Introduce your inbox to a whole new perspective

By clicking 'keep me in the loop', you agree to processing of personal data according to the Privacy Policy.