[BreachExchange] 4 Network Security Mistakes Bound to Bite You
Destry Winant
destry at riskbasedsecurity.com
Tue Jul 30 10:15:38 EDT 2019
https://www.darkreading.com/cloud/4-network-security-mistakes-bound-to-bite-you/a/d-id/1335357
It's Shark Week again! Are you ready to outmaneuver sharks of the
cyber variety? These tips can help.
Just like sharks off the Florida coast, encrypted threats are lurking
in network traffic. And as the volume of transport layer security
(TLS) encrypted traffic rises exponentially, organizations become even
more vulnerable to attacks. Ouch!
We all cringe at the reports of shark sightings each summer. If you're
one of the 35 million viewers planning to partake in the cultural
feeding frenzy that is Shark Week, I offer you a primer. Here we marry
our shark appreciation with some serious discussion around the
following four network security mistakes bound to bite you:
1. Letting familiarity fool you into complacency
Most shark attacks occur less than 100 feet from the shore, says
National Geographic. But even when sharks are in close proximity to
you — for example, just a few feet away from these swimmers at Daytona
Beach — they're really hard to see. The same can be said for the
network. It's a familiar environment, yet more than half of malware is
now hiding right beneath your nose in encrypted traffic.
Pro tip: Treat encrypted traffic as an attack vector. Make sure you
can quickly expose encrypted attacks, hidden command and control
channels, malware, and unauthorized data exfiltration exploits.
2. Misjudging the effectiveness of your gear
It's important to wear a hat and lather on sunscreen at the beach, but
while you're focused on blocking the sun, let's not forget you could
still be acting as a shark magnet, according to one researcher,
depending on your tattoos, nail polish, and jewelry. Allowing for
pockets of risk is much like the way operations teams want visibility
into encrypted traffic, but encryption also blinds security and
application monitoring tools. In order to gain visibility, decryption
via Secure Sockets Layer (SSL) is needed, but it is extremely
computationally intensive and can introduce network latency.
Pro tip: Before deploying any SSL decryption solution, be aware of the
total volume of network traffic and how much of it is encrypted with
SSL/TLS. Know how and where traffic is traversing the network. For an
SSL/TLS solution to work effectively, it needs to see both directions
of traffic. Asymmetric traffic can cause incomplete decryption if all
traffic is not combined and fed to the solution.
3. Ignoring cloud considerations
>From dusk until dawn and when dipping into murky waters, cloudy
conditions carry an increased risk of shark encounters. Security
leaders are navigating similar visibility challenges that come as a
result of enterprises deploying more and more software to private and
public clouds and making wider use of software-as-a-service
applications.
Pro tip: Remember to establish a clear line of sight and to secure all
data in motion, not just across the enterprise, but also cloud
environments. Don't get caught like a shark out of water, which can
happen when you can't see where and how network data is increasing and
you end up caught in a period of catch-up that can hurt business
transformation projects such as cloud adoption. Effective network
visibility helps scale the network — and the business.
4. Not knowing the response plan if there's an attack
Shark Week programming will likely strike fear, but will you walk away
knowing what to do if faced with an attack? (See here for advice.)
When it comes to cyber sharks, only 58% of organizations feel highly
confident that they could detect an important security issue before it
has a significant impact.
Pro tip: Honestly appraise your threat detection and incident response
tools and processes, and evaluate any architectural improvements you
might need to make to stay a step ahead. Intentionally engineer your
security strategy to overcome data and tool-set silos to get
information to the right place at the right time, and base your
architecture on a deliberate attempt to identify, respond to, and
counter threats.
No security posture — or open-water swim — is absolutely safe. But
taking appropriate safety measures like the ones outlined above can go
a long way toward a reliable and maintainable security infrastructure.
Bottom line: When it comes to swimming with sharks, visibility
matters.
More information about the BreachExchange
mailing list