Why Cybersecurity Teams Need Out-of-Band Communications
Don't Connect the Dots
Does your SOC team rely on the same file sharing & collaboration tools as the rest of the company? What happens when your IR playbooks are "gobbled up" in a #ransomware attack? How do you coordinate a breach response if you can’t trust your communications with other cyber first responders?
Microsoft Teams, OneDrive, Slack, Box, and other centralized collaboration tools are great for a lot of reasons… but quick gut check - does it make sense that the primary targets of any cyber attack are the tools cyber defenders rely on to coordinate a response?
Yeah, our thoughts exactly.
Centralized Systems in the Crosshairs
It seems that every day we’ve got a new cyber attack targeting Microsoft 365 services. As more and more organizations consolidate their file-sharing, communications, and access management services, the bigger a target this centralized infrastructure becomes. While most cybersecurity teams would love to prevent breaches, the inevitability is we are more likely to have to detect and respond than anything else. But… how do you respond if you can’t trust the tools you rely on to coordinate a response, both with internal teams and external incident response (IR) partners?
Segmented, Out-of-Band Collaboration is Now a Requirement
All cybersecurity teams should at the very least have a pre-configured failover digital communications and file-sharing platform ready in case of emergency - but even better would be to segment their communications and data management systems from the beginning.
Many cyber responders already use (or at least are familiar with) private messaging apps like Signal and WhatsApp to communicate. However, these systems fail to meet compliance requirements, fall short on encryption key management (and therefore security), lack a comprehensive system for data management and file-sharing, and critically have no “gate” to usage (as in there is no admin / user management capability).
So it’s settled, all cyber first responders, SOC teams, IR personnel, and information security team members need a segmented, out of band communications & collaboration system. But, what are the key capabilities this platform should bring to their organization?
5 Key Components for a Secure Out-of-Band Collaboration Platform
1. Stand alone user provisioning, access control & authentication
- When we say out of band, we mean it truly cannot rely on access to any centralized systems for user authentication, access controls, or encryption key storage / management.
2. Integrated compliance and e-discovery capabilties
- Breach situations are highly sensitive and oftentimes the most scrutinized moments in a company's lifespan. Ensuring your cyber responders communications and file-sharing meets both internal and external compliance requirements is a must. Don’t sacrifice compliance for security - there are ways to accomplish both.
3. E2E encryption and decentralized key management
- Traditional messaging platforms rely on standard internet in-transit encryption standards like SSL and TLS, which are not sufficient for our use case. True E2E encryption is a must, but so is an abstracted encryption key storage system. Organization’s must not sacrifice one centralized point of failure for another.
4. Multi-device support with authorization controls
- There are many scenarios when a corporate issued laptop is no longer trusted. The out of band collaboration platform needs to support multiple desktop and mobile OS environments. Additionally, controls need to be available to admins to authorize devices (either ad-hoc or programmatically), so as to maintain a well governed system.
5. Ad-Hoc users provisioning
- Working in today’s integrated business environment, we often have suppliers, partners, and contractors that need to engage with us on a regular basis. Ensuring your out of band communications system can accommodate these users as well as applying RBAC to govern the data they have access to is critical to both everyday operations and disaster recovery / crisis response.
Where Should I Start?
HighSide is the leading segmented / out-of-band collaboration platform deployed by cybersecurity teams around the world. Delivering an E2E encrypted communications and file-sharing platform, HighSide One protects your sensitive data, ensures the integrity of your communications, and meets even the strictest industry compliance standards.
HighSide delivers an end-to-end encrypted collaboration platform that gives SOC teams the ability to segment InfoSec communications, protect sensitive data, and eliminate the risk of critical information falling into the hands of the adversary - or worse, losing the ability to coordinate a response.
Schedule a consultation with a HighSide team member to discuss how to get started with HighSide One as a part of your Incident Response and Disaster Recovery program.