undefined | Better HN

0 pointsdogman1442y ago0 comments

It’s a mix of training highest risk users and then layering a lot of defense in depth behind them from security tools offered by 0365 or (more commonly for a startup)GSuite, MFA everywhere early on (SMS would be fine very worst case for a lean/mean startup), EDR to catch DNS logging and if the phish got onto the endpoint successfully, and an idp like okta so you can quickly kill sessions for the breeches user. More advanced approaches are to sequester the most vulnerable users into something like Amazon workspace, where a successful phish goes nowhere. This can be harder to enforce though.

0 comments

1 comments · 1 top-level

littlestymaar2y ago

> EDR to catch DNS logging

What's an EDR? And what's the link between phishing and DNS?

> like okta so you can quickly kill sessions for the breeches user

I can the see the usefulness of the ability to kill compromises session, but if your user get his Okta account pwnd, then the attacker has access to the entirety of what the user had access to without needing to do any additional work, which is the worse possible scenario. And unless the user has the right reaction (seeking help ASAP), your kill switch isn't going to save you.

Also, MFA isn't really helping against phishing: the user is going to give the MFA code to the attacker anyway…

j / k navigate · click thread line to collapse