A long-time contact informed me that he had a serious cybersecurity problem at the end of last fiscal year. After installing three layers of security, the company just finished an audit.
The audit revealed that five security incidents had occurred since the company had completed their installation. All of them were within their security perimeter and bypassed most of their protection.
They wanted to know what they had done wrong and how they could fix it.
This company was not the first to experience the problems they faced. The source of the problem and the path to resolving it are difficult.
Why Network Security?
Network Security is often seen as something we can accomplish with a few tools. This is not necessarily true. Security is the state that you reach by addressing all possible threats. Each threat must be dealt with in its own way. Hackers can gain access to applications or databases by stealing credentials or exploiting weak authentication.
They can also be caused by exploits. This is where a program’s faults (applications, middleware or operating systems) can be used as a trigger for malicious behavior. They can also be caused by malware that has been introduced. Combinations of these three security problems are becoming more common.
As this business owner pointed out, enterprises have been more focused on perimeter security to protect themselves against the first two security issues. They haven’t considered, or perhaps they should have, the second two.
These other problems can be fixed without abandoning perimeter security. It means that all possible problem sources must be addressed.
Rules for sharpening security focus.
Rule 1 is that a wall can’t be built if the gate is open. Many companies are too lax about protecting employee devices. In fact, a majority of security incidents are caused by infected laptops.
Does your work-from home policy low company VPN access to devices that are not only not secured but also not inspected. Work devices should not be used for private reasons, and vice versa.
Rule 2 “Who will monitor the guards?” Management, monitoring, and security tools all have access to resources and apps. In the past six months, we’ve experienced two major security issues related to contamination of one of these tools, the SolarWinds breach, and Log4j.
These problems show that the things we need for our networks, applications and data centers can come back to bite us. We have to be vigilant about keeping them up-to-date and looking out for unusual behavior.
Software updates are essential to comply with these rules. Unfortunately, this is often a problem in enterprises. It can be difficult to update desktop software, especially WFH software. However, a combination of central software management and regular review of software versions on personal systems can help.
Don’t let your operations tools get neglected by open-source tools. They seem to be happening a lot. You should include a review of critical operation software in your software management program. It is a smart idea to look closely at new versions at least once every six months.
Even with all this, it is unrealistic to expect an enterprise will be able to anticipate all possible threats from all possible bad actors. It is better to prevent disease than to treat it when symptoms occur. One of the most overlooked security principles is that understanding good behavior is key to preventing bad behavior.
No matter what the cause of a security problem may be, it almost always indicates that someone is doing something it shouldn’t. How do we find out? You can do this by looking for patterns in behavior. Zero Trust, another widely misunderstood security term, is all about this. It’s sometimes true, and other times it’s not.
What Zero Trust actually means
It’s easy to put a label on a product, or service. You’ll be surprised at how zero-trust solutions work. We don’t even agree on what the concept means. How can you trust a term that is meaningless or has multiple meanings? Zero Trust should be about behavior control and monitoring.
What about the number of applications that a typical worker can access? The company was unable to give me the answer.
Then, how could the company determine if the worker or another worker was stealing data? They were not able to spot what was illegal, as they didn’t know what was allowed. Zero Trust is the solution.
Zero-trust systems should assume there is no implied right to any connection. Connection rights are not permissive but explicit and this property is critical for Zero Trust security.
No one can deny the difficulty of defining the permitted connectivity for workers and the requirements for middleware and management software. These problems are the reason enterprises fail to accept Zero Trust security, and vendors may claim but not deliver the required capabilities. Zero Trust is more work but you cannot avoid it and still be secure.
The pain doesn’t stop at defining permissible connectivity. Unauthorized connections must be detected and recorded by Zero Trust. It’s this feature that makes Zero Trust so valuable. Nearly all inside-the-perimeter attacks will seek out connectivity and resources in search of something.
A good Zero Trust system will detect these explorations and record them, alerting the managed services that something is amiss. The company can save the day by acting quickly.
It is best to examine how to apply a Zero Trust system that a vendor proposes to validate it. Because all accountants, as well as all accounting software, will likely have the same connection permissions, it is a good idea to support a hierarchical framework to assign connection rights.
Does this seem like a lot of work? Products that require little of your time are more likely to give you little in return. Security is essential. Don’t compromise connection permissions or exception journals just to save time. It is difficult to secure the internet, but it is much more difficult to recover from security problems.
What is the best solution? Contact SparTan, INC. in Florence SC for a comprehensive audit of your network and security protocols. You will sleep better tonight knowing your company’s data is secure.
SpartanTec, Inc.
Florence, SC 29501
843-396-8762
http://manageditservicesflorence.com
Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston
