Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
9/10/2015
11:13 AM
Ted Gary
Ted Gary
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Get Fit: Remove Security Weaknesses

Preventing problems by strengthening security is often more effective and less expensive than reacting to breaches after they occur.

Many security teams engage in preventive activities to reduce the number of security incidents incurred by their organizations. For example, they deploy firewalls and intrusion detection systems, assess systems for vulnerabilities, and audit them for misconfigurations. These preventive actions eliminate many security weaknesses and undoubtedly reduce the number of incidents. However, significant weaknesses can still be found in many organizations. These security weaknesses are often caused by weak policies or processes, including:

  • Limiting vulnerability assessments to scanning servers while omitting applications, network devices, and endpoints;
  • Hardening server operating systems but not middleware, databases, or enterprise applications such as email;
  • Lacking a comprehensive inventory of all Internet-facing systems and not ensuring that all are managed;
  • Configuration-management and change-management processes reintroducing old weaknesses when deploying new systems, especially virtual machines.

Remove Security Weaknesses By Building Strength

As with removing weakness from our physical bodies, removing security weaknesses is best accomplished by focusing on building strength. And it is best to start gradually with a balanced program and take a long-term view.

Strengthen your core: Institute a program that includes vulnerability assessment and configuration auditing and integrate it with patch and configuration-management processes. Many of the core muscles in your pelvis, lower back, hips, and abdomen are overlooked because they are hidden beneath exterior muscles (and flab). Likewise, it is easy for vulnerability assessment and configuration auditing to overlook network devices, middleware, databases, and applications’ mobile endpoints. These should all be included as part of the security core and must be included in a basic program, even if special effort is required to locate and strengthen them.

Many organizations’ networks include IoT (Internet of Things) devices such as medical equipment or industrial control systems that cannot be actively scanned. Fortunately, passive vulnerability scanners are available to identify the devices and their associated vulnerabilities based on monitoring network traffic.

Be consistent: Sporadic physical exercise has limited value, and it often makes you ache. In security, “be consistent” translates into “be continuous.” Performing vulnerability assessment and configuration audits infrequently exposes potential weaknesses caused by new vulnerabilities, new (and possibly unmanaged) assets on the network, and changes to existing assets. Strong security includes continuous network monitoring to detect and remove weaknesses as soon as they arise.

An important by-product of continuous monitoring is that remediation and mitigation workloads are smoothed out and can more easily be incorporated into ongoing work routines without creating major disruptions.

Identify and strengthen specific weaknesses: Even with insight into vulnerabilities and their severity, exploitability, the existence of a corresponding exploit, and misconfigurations, a network will likely have specific weaknesses that must be identified, prioritized, and removed. Attack-path analysis is analogous to a personal trainer who points out specific weaknesses that should be strengthened. It identifies the specific vulnerable and exploitable systems that can be used as stepping stones by an adversary to gain access to high-value resources. Attack-path analysis provides insight to inform remediation and mitigation-strengthening efforts.

Monitor your activity: As evidenced by the success of Fitbit® wearable activity trackers, monitoring activity levels can provide insight into our overall health. Despite mature vulnerability management, configuration management, and patch management, it is still possible for adversaries to look for and exploit weaknesses to gain access to enterprise data. Therefore, security practitioners need to look for weaknesses on the network that may indicate potential paths that are being tested by adversaries or that may have been exploited by malware. These paths may include Internet facing services that are known to be exploitable, or internal applications that trust exploitable clients that also connect to the Internet.

Watch for warning signs: Just as an increase in body temperature indicates a potential illness, increases or changes in network activity may indicate a weakness that is being or has been exploited. Detecting anomalous behavior assumes that normal behavior is known. Trusted connections, traffic volume (by each hour of the day), and user activity must be profiled so significant deviations from normal behavior will be noticed if and when they occur.

Preventing problems by strengthening security is often more effective and less expensive than reacting to breaches after they occur. However, both prevention and detection are necessary. When breaches occur, it is important to incorporate lessons learned into preventive measures to strengthen your security posture to prevent similar incidents in the future.

Please join Tenable’s upcoming webcast, 10 Weaknesses You May Not Know About, for more insights.

Ted Gary is Tenable's Sr. Product Marketing Manager for Tenable's SecurityCenter Continuous View product. He is responsible for translating the rich features of SecurityCenter into solutions for compelling problems faced by information security professionals. Ted has nearly ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10102
PUBLISHED: 2019-07-22
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: ne...
CVE-2019-10102
PUBLISHED: 2019-07-22
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
CVE-2019-10102
PUBLISHED: 2019-07-22
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections ...
CVE-2019-9959
PUBLISHED: 2019-07-22
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
CVE-2019-4236
PUBLISHED: 2019-07-22
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to ...