Partner Perspectives  Connecting marketers to our tech communities.
9/10/2015
11:13 AM
Ted Gary
Ted Gary
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Get Fit: Remove Security Weaknesses

Preventing problems by strengthening security is often more effective and less expensive than reacting to breaches after they occur.

Many security teams engage in preventive activities to reduce the number of security incidents incurred by their organizations. For example, they deploy firewalls and intrusion detection systems, assess systems for vulnerabilities, and audit them for misconfigurations. These preventive actions eliminate many security weaknesses and undoubtedly reduce the number of incidents. However, significant weaknesses can still be found in many organizations. These security weaknesses are often caused by weak policies or processes, including:

  • Limiting vulnerability assessments to scanning servers while omitting applications, network devices, and endpoints;
  • Hardening server operating systems but not middleware, databases, or enterprise applications such as email;
  • Lacking a comprehensive inventory of all Internet-facing systems and not ensuring that all are managed;
  • Configuration-management and change-management processes reintroducing old weaknesses when deploying new systems, especially virtual machines.

Remove Security Weaknesses By Building Strength

As with removing weakness from our physical bodies, removing security weaknesses is best accomplished by focusing on building strength. And it is best to start gradually with a balanced program and take a long-term view.

Strengthen your core: Institute a program that includes vulnerability assessment and configuration auditing and integrate it with patch and configuration-management processes. Many of the core muscles in your pelvis, lower back, hips, and abdomen are overlooked because they are hidden beneath exterior muscles (and flab). Likewise, it is easy for vulnerability assessment and configuration auditing to overlook network devices, middleware, databases, and applications’ mobile endpoints. These should all be included as part of the security core and must be included in a basic program, even if special effort is required to locate and strengthen them.

Many organizations’ networks include IoT (Internet of Things) devices such as medical equipment or industrial control systems that cannot be actively scanned. Fortunately, passive vulnerability scanners are available to identify the devices and their associated vulnerabilities based on monitoring network traffic.

Be consistent: Sporadic physical exercise has limited value, and it often makes you ache. In security, “be consistent” translates into “be continuous.” Performing vulnerability assessment and configuration audits infrequently exposes potential weaknesses caused by new vulnerabilities, new (and possibly unmanaged) assets on the network, and changes to existing assets. Strong security includes continuous network monitoring to detect and remove weaknesses as soon as they arise.

An important by-product of continuous monitoring is that remediation and mitigation workloads are smoothed out and can more easily be incorporated into ongoing work routines without creating major disruptions.

Identify and strengthen specific weaknesses: Even with insight into vulnerabilities and their severity, exploitability, the existence of a corresponding exploit, and misconfigurations, a network will likely have specific weaknesses that must be identified, prioritized, and removed. Attack-path analysis is analogous to a personal trainer who points out specific weaknesses that should be strengthened. It identifies the specific vulnerable and exploitable systems that can be used as stepping stones by an adversary to gain access to high-value resources. Attack-path analysis provides insight to inform remediation and mitigation-strengthening efforts.

Monitor your activity: As evidenced by the success of Fitbit® wearable activity trackers, monitoring activity levels can provide insight into our overall health. Despite mature vulnerability management, configuration management, and patch management, it is still possible for adversaries to look for and exploit weaknesses to gain access to enterprise data. Therefore, security practitioners need to look for weaknesses on the network that may indicate potential paths that are being tested by adversaries or that may have been exploited by malware. These paths may include Internet facing services that are known to be exploitable, or internal applications that trust exploitable clients that also connect to the Internet.

Watch for warning signs: Just as an increase in body temperature indicates a potential illness, increases or changes in network activity may indicate a weakness that is being or has been exploited. Detecting anomalous behavior assumes that normal behavior is known. Trusted connections, traffic volume (by each hour of the day), and user activity must be profiled so significant deviations from normal behavior will be noticed if and when they occur.

Preventing problems by strengthening security is often more effective and less expensive than reacting to breaches after they occur. However, both prevention and detection are necessary. When breaches occur, it is important to incorporate lessons learned into preventive measures to strengthen your security posture to prevent similar incidents in the future.

Please join Tenable’s upcoming webcast, 10 Weaknesses You May Not Know About, for more insights.

Ted Gary is Tenable's Sr. Product Marketing Manager for Tenable's SecurityCenter Continuous View product. He is responsible for translating the rich features of SecurityCenter into solutions for compelling problems faced by information security professionals. Ted has nearly ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...
CVE-2019-8908
PUBLISHED: 2019-02-18
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/g...
CVE-2019-8909
PUBLISHED: 2019-02-18
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.