Security engineers spend countless hours tightening the perimeter of their network, purchasing appliances, virus protection and sandbox services to combat the latest zero-day warnings. Then the one day they think they have it all under control, the unthinkable happens – a breach in the network. The team manages to gain control, closes the gap and remediates the issues. When the disaster recovery plan has been completed and the summary report is due, the source of the invasion was something that was simply overlooked. All the planning, hardware, BMP and employee training was subverted by an issue that deserves the hardest face-palm.
Education and awareness are key! These five overlooked security tasks can help your customers avoid the pain and embarrassment of an impending face-palm. Be the trusted advisor you are, and consider using the following as security conversation starters.
- Shadow IT: Up to 80 percent of workers admit to using Shadow IT. These are applications, cloud-based storage, and file sharing applications that have not had IT approval. In fact, Shadow IT Cloud Storage is up to 10 times the size of Known Cloud Usage.1
- Log Data Analysis: Thousands of entries can be generated by a log server in a matter of minutes. The best attacks on record have often been those that took place quietly over a long period of time and under the guise of normal network operation. If no one is reading the logs or “watching the wire,” these logs aren’t worth the cost of storing them in the server. Often log reviews will show anomalies that when investigated further can expose a trail of unauthorized actions. Real-time monitoring and proper alerts must be set up and tested to ensure that the important events are looked at closely.
- DMARC/DNSSEC Policies: Enabling Domain-based Message Authentication, Reporting and Conformance (DMARC) is one of the single most effective ways to help prevent phishing attacks via the network. This implementation requires full cooperation from the email and messaging administrators in your customers’ organization. Using DMARC helps to reject spoofed emails, but it has to be enabled on all email and messaging servers. DNSSEC deals with DNS calls. When an email link is clicked, a DNS call is made. If the site is determined to be malicious, the call will be blocked, and the user is sent a message. DNS Security Manager products are available via Tech Data.
- Supply Chain Security: Security administrators are often reliant on third-party vendors and products that are allowed access and communication through a business’s security safeguards. These vendors and their networks must be scrutinized as well – compliance documentation requirements need to be provided. It’s important to know if the vendor has a history of security issues or a breach. Third-party access can lead to a catastrophic data breach like the one that occurred with Home Depot in 2014.2
- Network Mapping: Old network maps or an unreliable network mapping application is similar to having a pest control problem. No matter how many times your customers map their network and document its contents, unwanted pests will continue to appear. Similar to Shadow IT, employees and self-starters like to install items on the network that have not been approved. These items can take the form of rogue access points, cellular hotspots, switches to split Ethernet connections and unsecured personal devices. In addition to segmenting all BYOD with wireless capabilities, hardwired networks must be checked often for these unauthorized devices. The 2016 Veteran’s Administration breach of 26.5 million veterans’ records began with a personal laptop being used to store confidential personal information, resulting in millions of dollars in damages and fines.
As frustrating and embarrassing as these overlooked security tasks may be for your customers, there is a solution, and it can be implemented long before they need to explain the situation to the board or the CIO. Tech Data has a full list of providers that can help you help your customers with network mapping, asset inventory, log analysis and wire watching, as well as other services and consulting sure to keep those often overlooked details from becoming real issues.
For additional information about security solutions offered by Tech Data, please reach out to firstname.lastname@example.org.
Resources and Sources: