Patching is just what it sounds like. Patches for software are sent out monthly, weekly and sometimes daily. As soon as an operating system vulnerability is discovered Microsoft develops the patch and sends it out. I am sure you are familiar with Windows Update. Your operating system is patched, but you cannot stop with just the operating system. Third party applications have to be patched as well; programs like Java, Flash, TeamViewer, Skype or pretty much any program that you loaded on your machine will have updates.
Another first line of protectionis to filter out known and potentially known malicious websites right from the start. This is done through a Domain Name System (DNS) filtering service, as compared to your ISP’s generic DNS that has no security. DNS filtering uses a database of malicious sites and blocks the user from going to them in the first place.
Event log monitoring and analysis is something that needs to be looked at as well. Your organizations' IT infrastructure generates a huge amount of log data every day. These machine generated logs contain vital information that provide insights and network security intelligence into user behaviors, network anomalies, system downtime, policy violations, internal threats, regulatory compliance, etc. which is critical to cyber threat intelligence.
What is needed is a cost-effective Security Information and Event Management (SIEM) software platform. With this tool you can automate the entire process of managing terabytes of machine generated logs by collecting, analyzing, correlating, searching, reporting and archiving from one centralized console.
Network Segmenting is a portion of a computer network that is separated from the rest of the network by a device such as a repeater, hub, bridge, switch or router. Each segment can contain one or multiple computers or other hosts. If an attacker successfully compromises a single computer in a network segment every computer in that segment is at risk.