Partner Perspectives  Connecting marketers to our tech communities.
9/10/2015
11:13 AM
Ted Gary
Ted Gary
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Get Fit: Remove Security Weaknesses

Preventing problems by strengthening security is often more effective and less expensive than reacting to breaches after they occur.

Many security teams engage in preventive activities to reduce the number of security incidents incurred by their organizations. For example, they deploy firewalls and intrusion detection systems, assess systems for vulnerabilities, and audit them for misconfigurations. These preventive actions eliminate many security weaknesses and undoubtedly reduce the number of incidents. However, significant weaknesses can still be found in many organizations. These security weaknesses are often caused by weak policies or processes, including:

  • Limiting vulnerability assessments to scanning servers while omitting applications, network devices, and endpoints;
  • Hardening server operating systems but not middleware, databases, or enterprise applications such as email;
  • Lacking a comprehensive inventory of all Internet-facing systems and not ensuring that all are managed;
  • Configuration-management and change-management processes reintroducing old weaknesses when deploying new systems, especially virtual machines.

Remove Security Weaknesses By Building Strength

As with removing weakness from our physical bodies, removing security weaknesses is best accomplished by focusing on building strength. And it is best to start gradually with a balanced program and take a long-term view.

Strengthen your core: Institute a program that includes vulnerability assessment and configuration auditing and integrate it with patch and configuration-management processes. Many of the core muscles in your pelvis, lower back, hips, and abdomen are overlooked because they are hidden beneath exterior muscles (and flab). Likewise, it is easy for vulnerability assessment and configuration auditing to overlook network devices, middleware, databases, and applications’ mobile endpoints. These should all be included as part of the security core and must be included in a basic program, even if special effort is required to locate and strengthen them.

Many organizations’ networks include IoT (Internet of Things) devices such as medical equipment or industrial control systems that cannot be actively scanned. Fortunately, passive vulnerability scanners are available to identify the devices and their associated vulnerabilities based on monitoring network traffic.

Be consistent: Sporadic physical exercise has limited value, and it often makes you ache. In security, “be consistent” translates into “be continuous.” Performing vulnerability assessment and configuration audits infrequently exposes potential weaknesses caused by new vulnerabilities, new (and possibly unmanaged) assets on the network, and changes to existing assets. Strong security includes continuous network monitoring to detect and remove weaknesses as soon as they arise.

An important by-product of continuous monitoring is that remediation and mitigation workloads are smoothed out and can more easily be incorporated into ongoing work routines without creating major disruptions.

Identify and strengthen specific weaknesses: Even with insight into vulnerabilities and their severity, exploitability, the existence of a corresponding exploit, and misconfigurations, a network will likely have specific weaknesses that must be identified, prioritized, and removed. Attack-path analysis is analogous to a personal trainer who points out specific weaknesses that should be strengthened. It identifies the specific vulnerable and exploitable systems that can be used as stepping stones by an adversary to gain access to high-value resources. Attack-path analysis provides insight to inform remediation and mitigation-strengthening efforts.

Monitor your activity: As evidenced by the success of Fitbit® wearable activity trackers, monitoring activity levels can provide insight into our overall health. Despite mature vulnerability management, configuration management, and patch management, it is still possible for adversaries to look for and exploit weaknesses to gain access to enterprise data. Therefore, security practitioners need to look for weaknesses on the network that may indicate potential paths that are being tested by adversaries or that may have been exploited by malware. These paths may include Internet facing services that are known to be exploitable, or internal applications that trust exploitable clients that also connect to the Internet.

Watch for warning signs: Just as an increase in body temperature indicates a potential illness, increases or changes in network activity may indicate a weakness that is being or has been exploited. Detecting anomalous behavior assumes that normal behavior is known. Trusted connections, traffic volume (by each hour of the day), and user activity must be profiled so significant deviations from normal behavior will be noticed if and when they occur.

Preventing problems by strengthening security is often more effective and less expensive than reacting to breaches after they occur. However, both prevention and detection are necessary. When breaches occur, it is important to incorporate lessons learned into preventive measures to strengthen your security posture to prevent similar incidents in the future.

Please join Tenable’s upcoming webcast, 10 Weaknesses You May Not Know About, for more insights.

Ted Gary is Tenable's Sr. Product Marketing Manager for Tenable's SecurityCenter Continuous View product. He is responsible for translating the rich features of SecurityCenter into solutions for compelling problems faced by information security professionals. Ted has nearly ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18643
PUBLISHED: 2019-04-25
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-19359
PUBLISHED: 2019-04-25
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2019-11488
PUBLISHED: 2019-04-25
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
CVE-2019-11489
PUBLISHED: 2019-04-25
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.
CVE-2019-3720
PUBLISHED: 2019-04-25
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient san...