24x7x365 Entisys360 Client Technical Support: Call (877) 368-4797 opt 9, or

At the end of another action-packed year, cyber professionals set their sights on what is coming over the horizon. 2021 ended with a “bang” and many cybersecurity teams worked well into the wee hours of the new year combating the Log4J vulnerability. Many are still fighting to secure their environments. Why do vulnerabilities tend to surface increasingly around the holiday season? It has a lot to do with vacations and organizations having a skeleton crew starting around Thanksgiving. Given this trend, what can organizations do to prepare for the next incursion and perhaps this time have an uneventful holiday season in 2022? I see 5 tactics – some new and some age-old basic security principles—that in combination establish a strong organizational security posture not just for the holiday season, but for the entire year.

Identity and Access Management

A significant number of breaches involve either stolen credentials or abuse of privileges. A strong identity and access management program needs to leverage multi-factor authentication (MFA), privileged access management (PAM), and certificate management (CM) to reduce cyber risk. The keys to mitigating identity attacks are ensuring someone is who they say they are and that the device they are coming from is who it says it is. Leveraging proper identity management in all aspects of cybersecurity should be the foundation you build the rest of your program on.


As much as we would all like, organizations cannot prevent every compromise. Extended Detection and Response (XDR) tools can help address compromises before they spread. Combining vulnerability management with detection and response is an emerging capability known as VMDR. Imagine being able to detect a behavior or compromise and patch it in real time as opposed to waiting for the weekly or monthly scans, review a report, and then decide to act. The legacy ways of addressing vulnerabilities are too slow.

Ransomware Readiness

Ransomware? Are we still doing this? The answer is, yes and increasingly. Ransomware is alive, well, and spreading quickly. Organizations continue to be vulnerable to ransomware. To help combat the potential impact of compromise, a ransomware readiness assessment that includes a live fire exercise with a breach attack simulator is recommended to help identify attack vectors and remediate detected issues. A ransomware readiness assessment also allows an organization to test their ransomware response ‘playbook’ making sure that their roles, responsibilities, communications, and processes are set up to effectively respond to a real-world attack.


Email is still the most targeted attack vector organizations need to defend. Phishing attacks remain a constant threat and are among the top entry points for ransomware and credential harvesting. Organizations should implement strong anti-phishing protections including tools and awareness training. Also consider leveraging web and email isolation to prevent malware from infecting your organization.

Zero Trust Edge

Also known as Secure Access Service Edge (SASE), Zero Trust Edge (ZTE) is “where the industry is going”. With increased adoption of SaaS services as well as cloud computing overall, it makes sense to have a centralized policy decision and enforcement point in the cloud. Imagine having DNS security, cloud firewall capabilities, Data Loss Prevention (DLP), Software Defined WAN, secure web gateway, and an SSL VPN in a single console? With the right ZTE provider, organizations can also leverage the same capabilities and still access legacy on prem applications and data with the same protection from the cloud.

Defending against attacks and reducing overall cyber risk requires a multilayered approach. We have all been searching for the “silver bullet” of cybersecurity, but one bullet won’t do the job. We need an entire arsenal of tools, processes, and people to combat what is coming. The best chance we have at a less eventful 2022 is to adopt strong identity and access management practices and pair them with zero trust edge. Our endpoints should have XDR capabilities and we need to be hunting ransomware before it happens. Phishing can and should be reduced to a minimal risk category combined with the right tools and processes focused on isolation and reputation. By embracing the five ideas above, you increase your chances of a peaceful and happy new year.

If you would like to discuss ways to enhance your security posture in 2022, please contact one of our security experts at advyz@entisys360.com.

For more information

Our Expertise

Security and Cyber Risk Services

Creating a strategy for managing risk and compliance, while helping to filter the noise of myriad cybersecurity technologies.

Automation and Cloud

Accelerating IT service delivery for our clients through the adoption of agile methodologies that are all part of a systems-oriented approach.

End User Computing

Helping businesses keep infrastructure uptodate, minimizing security risks, and maintaining compliance

Software Defined Data Center

Empowering your enterprise to achieve its full potentialand greatest efficiencyby keeping IT infrastructure operational, available and secure.

Core Infrastructure Services

Offering design, implementation, licensing optimization, and environmental services to ensure the use of Microsoft’s best practices and configurations.

Microsoft Expertise

Helping set goals and establishing benchmarks for the journey toward the successful deployment of Microsoft solutions.

Our Services


Enjoy a stressfree implementation that comes through the knowledge and experience of our professional services team.

Managed Services

Align your business initiatives with evolving industry trends to obtain a clear understanding of the impact of future technologies.

Cloud Strategy
and Services

Meeting a diverse range of business requirements through deployments that are flexible, scalable, and have the right mix of elements.


Never miss another maintenance or warranty contract renewal date or pay for unused maintenance contracts or warranties.


Through this service, our project management team takes the lead role in planning, executing, monitoring and closing projects.

Our Markets and Market Support Vehicles


Professional services and nationallyrecognized expertise that align perfectly with the trends and challenges facing a variety of industries.


Recognizing the unique challenges faced by healthcare IT organizations, and offering understanding, capabilities, and trusted relationships.

Public Sector

Helping organizations contain costs maintain high availability while finding new ways to increase security, compliance and more.

Group Purchasing

Industryleading IT consulting services and technology solutionsaccessed through a streamlined contracting process.



Learn about our upcoming events and webinars.

Solutions Literature

Accesstodownloadable assets with information on solutions and services offerings.


Gain expert technical insights around today’s leading enterprise technologies and solutions.

Press Releases

Read news and updates from the Entisys360 team.

News Stories

Learn about new developments with Entisys360 and our team.

About Entisys360

About Entisys360

Our mission, vision, leadership and team


Notable industry awards and recognition


Entisys360’s and its commitment to privacy


Our commitment to the community


Entisys360 Career opportunities

Contact Us

Entisys360 locations and contact resources