Lester Nichols

Dealing with a security incident is not a singular or static process. The aspect of identification, isolation, remediation and lessons learned is a cyclical process that allows for improvement of processes and controls to prevent or limit the impact of future issues.

Assessing the impact of an incident or security failure is critical in understanding the scope of the blast radius or impact. Is this a singular issue or a larger more systemic concern. This will allow you to identify, isolate/quarantine, and remediate in the most efficient way possible while also gathering any necessary evidence or details for forensic analysis. Triaging the issue is also very important when dealing with multiple issues at the same time.

Being as transparent as possible is key with any failure. Owning mistakes is key in growing and maintaining customer support. While making mistakes or dealing with fault is not desired, accepting the mistake and learning from that is key and shows customers that striving to improve and preventing future incidents or mistakes.

Encryption is critical for any communication for data at rest or transit regardless of mesh network. Encryption technologies such as AES is part of industry standards, whether your using 128 or 256-bit will be dictated by the requirements and any regulatory or compliance needs.

The use of a mesh network really depends on the scope of what you are planning on doing. Will the mesh network going to be using a third-party service such as Tailscale or some other service? Will this be a self hosted platform? Projects such as Netbird can be deployed at home to potentially limit exposure to a third party. The risks can be wide and varied to include threat actor access to specific system all the way to the entire network. With that in mind, the use of mesh VPN or network connectivity can help expand services and access when not within the specific network such as remote connectivity. The key when planning any type of remote or extended access, it is to understand the control reqs and risks to be properly mitigated.

The best way to safeguard sensitive information is to insure that it is encrypted at rest, in memory and in transit. Once that is accomplished, implementing least privileged access to that information and making sure that only those users or systems that need access have access. All other access should not be allowed technically and through policy.