Thinking Out-of-the-Box Does Not Come Out of the Box

Take a step back, change your perspective of the situation, look at the whole picture, and look for what people are ignoring. Think, out-of-the-box. Here are 7 cyber security controls that are often overlooked, and definitely don't come configured out of the box.

TL-BRA (Too Long, Bro. Read it Anyway):

1. Put simple effective controls in unexpected places, and then let them work their magic
2. Automate the removal data
3. Rebuild infrastructure rather than restoring old backups, use restoring backups as the backup plan.
4. Turn things off, sometimes even when they need to be on
5. Look for impossible actions or events
6. Reduce system performance
7. Diversify and distribute your security solution layers

1. Distribute security controls unevenly. Put security in unexpected places. A simple firewall with custom rules in between the VIP laptop and the rest of the network will provide security that a sophisticated firewall using defaults at the WAN border will always miss.
2. Delete, purge, remove, and decommission unneeded information, data, or systems. Unless you are required to keep the data as part of your business or related contracts and regulations, get rid of it! Hackers can't expose, sell, or exploit data that doesn't exist. Only keep data you need to keep.
3. Automate your ability to rebuild systems and infrastructure. The ability to rebuild systems and infrastructure on the fly enables you to move to new infrastructure, update baselines, and leapfrog vulnerabilities that plague static systems. Infrastructure that can move and reshape itself is going to last longer. Consider rebuilding instead of restoring a backup when systems fail.
4. Schedule maintenance windows when the only thing you do is observe what happens when you turn systems off. This is especially effective when some people were expecting the system to be on. Turn off servers, remove services, disable ports, and uninstall software. Like when carving a statue, perfection is achieved by removing the unnecessary and excess pieces in your infrastructure. Harden your systems by cutting out the softest parts. 
5. Alert on absolute negatives. Anyone who's been on a SOC team knows that adding an alert or two, one here and one there, is what results in the flood of alerts at two in the morning, but stick with me on this next one. Similar to honey pots, alerts for actions that should never be performed in your environment will help reveal hidden problems or adversaries before they cause additional damage. A few examples:
1. Alert if your CEO (or their secretary) tries to SSH into network equipment
2. Get notifications if the camera system visits company websites
3. Record connections when guest network IP addresses show up on protected networks
4. Use code names so you can alert when "key words" show up in shared folders
6. Slow down suspicious connections rather than immediately blocking them. The world we live in is fast-paced, and speed is often the difference between keeping and losing business or contracts. The other side of that coin is that speed can also be the difference between keeping and losing sensitive data. So slow down initial access approvals, implement ways to cause delays when monitoring traffic, limit bandwidth, and limit the number of permitted connections on un-trusted links especially for necessary but low priority services. Make time your friend rather than your enemy. Give yourself and your team time by purposefully slowing things down.
7. Diversify your security solutions and layers. There's a major drawback to standardizing on a single solution for a specific security control, once the control is bypassed or a system is compromised, all other systems with the same control are sure to fall in short order. Layers of security are most effective when you diversify each layer. Use a less common but effective AV solution on systems when appropriate, put in different types of firewalls at logical boundaries, use alternate network inspection technology. For example:
1. Run Windows Defender on a Linux box
2. Set up a pfSense firewall in between the Sales and HR departments

I'll stop this post with a warning. Employing non-standard solutions can also open up vulnerabilities. The key to successfully using uncommon controls is to keep it simple. Simple is not the same as stupid, just as sophisticated is not the same as complex.

Eventually I'll post "The 10 most effective security controls you should never forget!"... once I'm able to remember them myself.