December 12, 2017 •Network Solutions
Are you confident that you will have your job next month? How about next year? If you are – maybe you should take a look at your disaster recovery plan again.
This is an important question to ask as you assess your company’s risk. The advancements in the Internet of Things (IoT), which I talked about in a previous post, has made the attack surface of businesses almost uncontrollable. ALMOST. There are things that you can do to mitigate your risk and keep your network under control.
We are going to work our way the inside out, talking about how you can reduce your attack surface from every level.
East/West Security
Businesses often operate with the notion that protecting edge devices and forward-facing applications is the key to security. This isn’t the case anymore. Think of your network as a hard candy. Placing a firewall at the edge of your Data Center is like the hard candy shell. What if that shell has a crack in it? Something could get in and then it has free reign of all your delicious insides.
East/West security is the protection within the hard candy. It protects against hackers ability to move through your DC with ease.
Implementing a dynamic security policy that is application-focused is the best defense against the tasty internals of your metaphorical hard candy. The agility needed for applications in the cloud environment requires security policies that can scale, and move, with the application.
Application-centric Infrastructure (ACI) is a development that gives enterprise businesses the ability to setup gates around their Data Center so that when there is a breach, the hacker will be quarantined to the single entry point they came through. This greatly reduces your attack surface by isolating your server: if one is breached, the malware cannot spread to the others and infect them as well.
Network as a Sensor
You can’t just say “NO MORE DEVICES.” There will be nearly 31 Billion IoT devices in the marketplace by 2020! Instead of trying to play catch-up and find everything that is on the network, have the network do the learning for you.
Utilizing the hardware that you already have, your network can become the sensor. Stealthwatch quite literally can feel the heartbeat of your network and detect what is normal and what isn’t. This is huge in reducing your attack surface.
A huge problem for network admins is that they can’t see if a device is trying to reach out to foreign servers for data exfiltration. This technology scans your network and learns what a typical day looks like, so it can say to itself “Hey, Bill shouldn’t be working at 2am from Hong Kong.” Once it detects an anomaly, it sends an immediate alert to the network admin. Giving you the time to react appropriately within the first few minutes of a breach.
DNS and Your Edge
Now to the initial point of contact. You have probably heard many times that protecting your DNS server is the first thing you need to do. If someone breaches a router and is able to change your DNS server settings, they can route all internet traffic to foreign servers.
DNS is the most common pathway for data exfiltration and having proper security measures is the first line of defense against ransomware or any other kind of attack.
Making sure your DNS is protected will reduce your attack surface by being able to block command and control calls by other devices on the network. The other devices don’t have the same protocols and if a breach occurs, having DNS be able to shut down the connection eliminates the immediate threat. This gives you enough time to find the device and remove it from your network.
Check out our other posts for more on protecting your business from those pesky hackers.
Questions You Should Ask About Your Cybersecurity Strategy
Encrypted Traffic Analysis: How to Find Hackers Where They Hide