Security 911: How to Be a Zero-Day Network First Responder

When your network infrastructure is hacked, you need to take action that is immediate, local, automated and independent of the network itself.

Dark Reading Staff, Dark Reading

August 12, 2019

4 Min Read

Network security is like fighting a large fire. Every time the good guys make incremental progress against the blaze, the weather changes for the worse and the bad guys come up with something new and powerful to expand the destruction.

Today, most cybersecurity plans focus on defensive strategies to identify, protect and detect hacks. While important, a strong defense is not enough. Organizations also need to plan for cyber resiliency: how to mitigate risk, reduce response time and control the costs after the inevitable network intrusion.

Sticking with the fire metaphor, in an emergency you call first responders because they are stationed in your neighborhood for rapid response and have the tools and skills needed for the situation. An intelligent out-of-band management platform can be a zero-day first responder to rapidly counter and recover from a network hack. Deployed in the rack with network infrastructure and utilizing advanced out-of-band capabilities and automation allows for rapid remediation at the edge.

A Common Gap in the Framework
The NIST Cybersecurity Framework defines five core cybersecurity activities: Identify, Protect, Detect, Respond, and Recover. The first three functions are well established, and include a number of industry solutions. Respond and Recover, on the other hand, using traditional network management methods are too often overlooked. This is a problem.

When your network has been compromised (not if!) your reaction should be all about response speed and recovery. Planning for these situations can’t depend on the network itself and can’t rely on “sneaker-net” responses for deploying new configurations. Secure out-of-band access and automated network management capabilities serve both as a "panic button" or 911 call to initiate a lock-down. They also provide onsite tools that are critical for a quick and deliberate recovery. Here’s how it works:

An intelligent out-of-band management platform locates with — and directly connects to — managed devices. Like a virtual technician, it performs the monitoring, configuration and change, automated problem resolution and security tasks that are best done onsite. When it’s time to respond and ultimately recover from a hack, admins can always and rapidly reach remote gear using a dedicated out-of-band connection, even when the primary network is down or degraded.

Zero-day, Near Zero-Hour Responsiveness
From the moment you become aware that your network might have been hacked, a clock starts ticking. You want to minimize the impact by locking down impacted or potentially impacted network functions.

An intelligent out-of-band platform can store "safe mode" configurations for network devices, limiting functionality to effectively quarantine sections of the network. Admins can push a configuration to one device, or with the same effort, thousands deployed across the network. Think of it as a panic button to help restore order.

As the scope of the breach becomes clearer, additional configurations can be pushed to bring unaffected services and locations back up across the network, ensuring the fastest return to normal possible. Network resiliency is defined not just by how unlikely your network is to get hacked, but, even more importantly, by how quickly you can recover.

Scale Your Response Team with Automation
Using the network or an out-of-band link, an intelligent out-of-band management platform can automatically and remotely push configuration changes and upgrades without the risk that the changes could result in further network outages. Automated rollback capabilities restore valid configurations automatically. They also highlight issues requiring human intervention when problems occur.

Access passwords on one — or hundreds — of devices can be securely updated in a single action. Using configuration differencing to review recent changes to network and communications devices, admins can easily discern if either problematic or corrective changes have been made to devices. Administrative complexity created by heterogeneous network infrastructures is reduced by providing a single consistent management interface.

Out-of-Band Options
The core of any out-of-band management platform is persistent connectivity and continuous monitoring of remote gear. With connections to network and communications devices over an out-of-band connection of your choice (cellular, POTS line, DSL, and satellite links), you can count on maintaining management access and two-way control even when the network is down or degraded.

In addition to being able to connect to devices when the network is down, an out-of-band management platform continues to secure the console port of devices to enforce security policies, log all changes and the results of those changes, and continuously monitor critical device statistics and user interactions.

When your network infrastructure is hacked, you need an immediate response that is local, automated and independent of the network itself. An intelligent out-of-band management platform delivers cyber resiliency. The combination of network independence, direct connections to infrastructure and rapid automated responses make it a lifesaving tool for responding and bouncing back from cyberattacks.

About the Author

Lisa Frankovitch is a corporate development and executive management veteran with global experience growing early stage companies. Ms. Frankovitch is CEO of Uplogix, the most advanced out-of-band management solution on the market.


About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights