Network Perimeter Vulnerabilities: The Cyber-Threat Hiding in Plain Sight

0
16


Did you know that most companies are affected by high-risk network perimeter vulnerabilities?

In this article, I will go over the basics of vulnerabilities in the context of computer security, then single in on network perimeter vulnerabilities. So, if you want to find out what they are and what makes them particularly perilous, keep reading.

As always, stay tuned until the end for some actionable advice on how to protect your enterprise and its assets against network perimeter vulnerabilities. Ready? Let’s go!

An Overview of Network Perimeter Vulnerabilities

Before diving into the world of network perimeter vulnerabilities, it is first important to understand the concept of vulnerability. The official Wikipedia page for the term vulnerability in the context of computer security features eleven separate definitions outlined by eleven different digital authorities.

Nevertheless, there’s no need to feel overwhelmed by their number, as they all share a few points and essentially end up meaning the same thing. Here are the keywords that stood out to me (and that ultimately achieve the goal of defining the term):

  • weakness
  • asset
  • threat
  • exploit

Therefore, a computer security vulnerability is the weakness of an asset that can be exploited by a cyber-threat. Or, as the ISO/IEC 27005 set of standards issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) states:

Vulnerability is a weakness of an asset or group of assets that can be exploited by one or more threats, [where an] asset is anything that has value to the organization, its business operations, and their continuity, including information resources that support the organization’s mission.

Or, as per my favorite explanation issued by the European Union Agency for Cybersecurity (ENISA) via the Information Technology Security Evaluation Criteria (ITSEC), vulnerability is:

The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved.

I’m not going to bore you with the other nine definitions, so let’s move onto the specific topic of network perimeter vulnerabilities.

What Are Network Perimeter Vulnerabilities?

As per the aforementioned ISO/IEC 27005 set of standards, vulnerabilities can be classified according to the type of asset they belong to. Thus, you can deal with:

  • software vulnerabilities,
  • hardware vulnerabilities,
  • personnel vulnerabilities,
  • organizational vulnerabilities,
  • and network vulnerabilities.

It is the latter than I have set out to discuss primarily in this article. Network vulnerabilities refer to a company’s online perimeter cybersecurity and can be caused by insecure architecture or improperly protected communication lines.

Simply put, many of the devices or platforms your employees (and even yourself) use daily can be network perimeter vulnerabilities. A list of potential suspects includes, but is not limited to:

Mobile devices, which employees either bring with them to the office or use for their work as part of the company’s BYOD policy. Unfortunately, there are many ways in which smartphones and tablets can become vulnerabilities, such as physical theft or lookalike apps.

USB flash drives, which contain malicious files that auto-install once the device is plugged into a computer or laptop. Many high-scale cyberattacks, such as the 2008 cyberattack against the United States Department of Defense, were triggered by this very practice.

Intercepted authentications, which can happen via man-in-the-middle attacks, or credential cracking. User accounts become compromised and thus constitute a network perimeter vulnerability that gravely endangers the security of your assets.

Misconfigured firewalls, which are usually caused by an error of the network administrator, such as in the case of the 2019 Capital One breach. However, this can also be caused by improper firewall patching or management.

IoT devices, which consist of interrelated computing devices with the ability to transfer data within the network, but are outside the spectrum of what we generally consider as part of the system. This is why they are often overlooked, but IoT security is essential to the digital safety of an enterprise.

E-mail services, which are frequently used by businesses to send and receive data. Confidential communications become walking targets on e-mail platforms due to practices such as social engineering, malspam, and phishing.

Inside connections, which are by far the most dangerous due to the human factor behind them. Employees themselves can become network perimeter vulnerabilities, either inadvertently or intentionally.

Why Are Network Perimeter Vulnerabilities Dangerous?

Network perimeter vulnerabilities can hide in plain sight, within a seemingly innocent asset. This is particularly what makes them so dangerous. What is more, many companies have at least one such weak point in their organizational structure and might not even know it.

Recent research cited by Help Net Security has shown that the security of 84% of organizations in IT, finance, retail, manufacturing, government, advertising, and telecom is compromised by one or several high-risk network perimeter vulnerabilities.

What is more, 10% of the identified vulnerabilities have publicly available exploits that cyber attackers can abuse. Additionally, 58% out of the 3,514 hosts that were scanned during the study presents these openly available weak spots. Examined endpoints include network devices, servers, and workstations.

Network Perimeter Vulnerabilities Checklist

Without sounding too dramatic, network perimeter vulnerabilities are everywhere. To help you stay safe, I’ve prepared the security assessment checklist below. So, without further ado, let’s get into the most important part of this article: the one with the actionable advice.

❒ Vulnerability Assessment

This process is known as vulnerability risk assessment, and it is a mandatory starting point of any successful cybersecurity strategy. During this process, a company identifies its security risks and decides whether to remove them or roll with them.

Therefore, assessing your enterprise’s cybersecurity risks means identifying the network perimeter vulnerabilities hiding in plain sight. In this way, you will know exactly what it is that you need to act against.

Performing a vulnerability risk assessment also allows you to set priorities for remediation. Chances are that you will need to close these gaps in security one weakness at a time, which means that you should ideally know what needs to be dealt with and when.

❒ Software Patching

The aforementioned research cited by Help Net Security has found that 47% of network perimeter vulnerabilities can be corrected by installing the latest software versions. That’s almost half of them. What is more, 42% of them used software that had reached its end of life and received no security from the developer. The oldest identified vulnerability was from 16 years ago.

Additionally, every single company involved in the study had an issue with keeping its assets up to date. But why does this happen, considering the importance patching holds in the ecosystem of IT security? The answer is surprisingly simple: because it’s disruptive and time-consuming.

This is where Heimdal Security steps in. The X-Ploit Resilience automatic software updater integrated into our core offering of Thor Foresight Enterprise is specifically designed to facilitate the process of vulnerability management through optimized and reliable patch deployment.

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise


Is our next gen proactive shield that stops unknown threats
before they reach your system.

  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;

X-Ploit Resilience allows you to define policies for software installation and patch distribution. The module is managed under Heimdal’s Unified Threat Dashboard (UTD), allowing you to set schedules and other parameters for updates so that interruptions are minimized and efficiency is maximized.

❒ Firewall (and NGAV)

Network firewall security is part and parcel of the safety of your company’s online perimeter. After the border router, your firewall is the first line of defense your data has against malicious third parties looking to exploit system vulnerabilities. Therefore, having a reliable firewall should be very high on your cybersecurity priority list.

In terms of best practices, I will always recommend pairing your firewall with a next-generation antivirus solution to achieve maximum protection. This is something our very own Thor Vigilance Enterprise offers for truly advanced risk management and mitigation.

❒ DNS Content Filtering

In a nutshell, the term DNS content filtering, as my colleague Elena extensively explained in her article,

refers to the process in which an Internet filter allows or blocks access to a specific website’s content according to its IP address and not to the domain name.

Its purpose is to prevent unsavory or illegal content from entering your network. Therefore, it won’t only prevent your employees from looking at porn during work hours, but also stop malware, ransomware, Trojans, and other threats in their tracks.

Thor Foresight Enterprise with its proprietary technology of DarkLayer Guard™ (DLG) uses next-gen traffic telemetry to filter digital dangers at the level of the DNS. However, please note that Foresight’s DLG does this at the level of each endpoint. To secure your network perimeter in its entirety, my recommendation is to use Forseti, Heimdal’s perimeter-level application of the DLG module.

❒ IPS/IDS Tools

An intrusion prevention system is a network perimeter security asset working in tandem with an intrusion detection system to not only identify but also stop cyber-threats. It achieves this by continuously monitoring the network, much like a DNS filter would.

In terms of efficient tools that work as both an IPS and IDS, I once again turn towards Heimdal’s Forseti as a recommendation. Our IPS security solution eradicates malware, ransomware, and other dangers that lurk beneath the surface with its high-performing network prevention, detection, and response technology.

 

Heimdal Official Logo

Increasingly, hackers target organizations at network or DNS traffic level.

FORSETI

FORSETI IS THE ADVANCED INTRUSION PREVENTION SYSTEM THAT ALLOWS

YOU TO PREVENT, DETECT AND RESPOND TO NETWORK-BASED THREATS

  • Full DNS protection and full network logging.
  • Uses Machine Learning on device to infrastructure communication for a strong HIPS/HIDS and
    IOA/IOC add-on to your network.
  • An easy way to add network threat prevention, detection and blocking.

Due to the machine learning-driven AI found in its VectorN Detection™ module, Forseti recognizes hidden threats that not even a next-gen firewall could detect.  For this reason, Forseti is a strong HIPS/HIDS and IOA/IOC supplement to your network perimeter security strategy.

Wrapping Up…

Network perimeter vulnerabilities are a dangerous liability for your company, especially considering how widespread and undetectable they are. Therefore, having a proper cybersecurity strategy that starts with risk assessment and continues with at least software patching is essential for the well-being of any organization.



Source link