Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/17/2019
02:30 PM
Ofer Amitai
Ofer Amitai
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter

The network no longer provides an air gap against external threats, but access devices can take up the slack.

Four potent forces have turned network security on its head: the decentralization of corporate networks; the proliferation of mobile devices; the evolution of the bring-your-own-device (BYOD) policies to include multiple devices; and the massively disruptive Internet of Things (IoT) phenomenon. One of these forces on its own is enough to weaken the best security defenses, but together they are wreaking havoc in enterprises in every industry.

The impact of these forces has essentially erased the enterprise perimeter, traditionally used to protect organizations from external attacks. The fall of this wall has created a new security landscape in which each endpoint, no matter from where it connects, has become its own perimeter — a weakness that can give adversaries access to the entire network.

The Fall of the Wall
Decentralization caused the first bricks to crumble. The final bricks were taken away by the widespread adoption of BYOD policies and the often chaotic infiltration of IoT devices.

Today, an enterprise might have multiple offices in cities across the country or across the globe, with each location potentially having different security protocols, products, and services. Meanwhile, employees connecting through public, unsecured Wi-Fi connections, as well as contractors and other third-parties using unmanaged BYOD devices all log in to the corporate network. 

The Lateral Threat
A significant challenge to network and information security is lateral movement of attacks such as malware or ransomware and hackers, once inside the network. Undetected, these threats can propagate from one compromised endpoint to others.

In recent years, adversaries have carried out large-scale attacks by exploiting known vulnerabilities and security gaps on endpoints. WannaCry, NotPetya, and Bad Rabbit malware all used lateral movement to spread on a global scale in 2017. Using a single entry point — generally, the most vulnerable device — hackers were able to quickly take down unpatched systems.

Often, the weakest points are unmanaged, unprotected IoT devices, especially those deployed on secure network segments used by important company assets. IoT devices aren’t transient and typically remain undetected by network scans. Therefore, security teams are often unaware of the attack surface they create.

Best Practices
Visibility: Having full visibility of all devices connected to the network is essential. This includes gathering information such as the location and type of device, the processes and applications it is running, and how many similar devices are connected across the enterprise. Full visibility should not be limited to headquarters and includes all branches and endpoints.

Use Historical Data: Historical data on endpoint usage — such as past processes, network connections, and other information — can be very useful in detecting compromised devices as well as in tracing the path of a threat once it has been identified. This data can also be invaluable for conducting rapid and accurate responses to incidents as well as preventing future attacks.

Keep It Simple: Simple security configurations and deployments can translate to painless ongoing maintenance and better security in a world of increasing threats. Simplicity is crucial because enterprises are shorthanded, manage dozens of security products, and have limited time to investigate and respond to threats.

Automate Monitoring and Mitigation: Continuous monitoring is the best way to prevent risks from escalating into security incidents. Organizations need the ability to automatically quarantine threats before they access crucial enterprise data or services. This allows the security teams to assess if a risk is a threat, and, if it is, to block affected endpoints.

Avoid Vendor Lock-in: In a dynamic world where organizations evolve through organic growth or through merger or acquisition, they should not tie their security to a specific vendor. To prevent vendor lock-in and future-proof security operations, adopt a vendor-agnostic approach when choosing security products or services.

Embrace the Cloud: A cloud service runs the latest version of software at any given moment, provides seamless upgrades, and delivers up to date capabilities. Additionally, it offers smooth scalability and distribution across the world, making it a must-have for decentralized enterprises.

Another advantage of a cloud-based approach: It handles threats both inside and outside the enterprise perimeter, allowing organizations to provide remote branches the same security as their corporate headquarters.

Ultimately, enterprises should consider a security approach that implements a perimeter on endpoints through continuous monitoring, risk assessment, policy enforcement, and automated containment/remediation of compromised devices. Following the previously mentioned best practices provides a good framework for re-establishing control over network security.

Related Content:

 

Ofer Amitai is CEO and co-founder of Portnox, where he is responsible for day-to-day operations and setting the company's strategic direction. He has over 20 years' experience in network security, during which time he established the first IT security team in the Israeli Air ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RitaJJohnson
50%
50%
RitaJJohnson,
User Rank: Apprentice
1/21/2019 | 11:46:46 AM
Re: Good Idea
Exectly
uversaprod9
50%
50%
uversaprod9,
User Rank: Strategist
1/21/2019 | 12:58:54 AM
Paw-ke Mon Go!
"Now, we come here to play Paw-ke Mon Go!"
jbeukelman
50%
50%
jbeukelman,
User Rank: Apprentice
1/20/2019 | 4:29:55 PM
Re: Good Idea
Articles like this just make me laugh. 

I've been consulting for 20 years and I still have yet to see a single organization allow BYOD devices on the corporate network.  If I ever see that, I will point it out as a huge security hole.  BYOD isn't common because the company can't transfer liability to the owner of that device.  If some end user puts corporate data on their personal laptop, which is then stolen, it's the company not the user that is liable.  Therefore, no BYOD. 

This author also said something about contractors putting BYOD devices on the corporate network.  This is also stupid and is not something that ever happens, and for the same reasons I described above.  In my experience, contractors are barely allowed to use the guest WiFi. 

The security perimeter is expanding, not disolving.  BYOD is not a threat if you don't allow them on the network.  Security comes before popularity. 

If you can't control it, don't allow it. 
HenryHSE1
50%
50%
HenryHSE1,
User Rank: Author
1/18/2019 | 3:50:09 AM
No more one size fits all
Organizations need to be realistic that they will have different endpoints with different levels of security. That's fine provided that they're conscious of it - and that they restrict what their less secure endpoints can do (ie don't allow insecure endpoints to talk to your most sensitive systems!)
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
1/17/2019 | 3:11:35 PM
Good Idea
No bring your own devices.  At work you use a CORPORATE ASSET or not at all.  THAT is a good rule.  Eliminates alot of troubles.  Corp has rules for usage of assets, but bringing your own in voids all of that in a flash. SO DON'T BE STUPID about it.  Work is work and that is that.  No outside anything except IF you have a defended guest network maybe and even then test the hell out of it.  Segment that off your corp in-office network.  Tools exist for that.  But NOTHING OUTSIDE ever comes in the door.  Simple and effective. 
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
CVE-2017-10723
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows it...