Five Trends in Network Insecurity
’Tis the season for predictions, lists, and goal setting. I actually love this time of year. From November through January I am a happy person. I love the time with family, holiday parties, shopping and I even love the travel. Additionally, I especially love wrapping up my goals and figuring out what I am going to do for the next year! I am driven by challenges and I essentially thrive on them.
However, end of the year reflections doesn’t always bring about good news. As I began to reflect on the last year, I started to notice some trends in how client’s networks are secured and where there are growing weaknesses. These weaknesses are caused by misconfigurations, misconceptions, and misinformation. Below are the top five things I want to point out about what could be a weakness in your network barrier.
Increased Insecurity of the Endpoint - While firewalls have become more sophisticated in the level of attacks they can detect, there is a diminishing amount of security on the endpoint. I have determined the reason to be the misunderstanding of the firewall capabilities. 45% of people in a survey say they have worked from home at some point in the year. This statistic is a little old so let’s round that up to 50%. This means 50% of devices or access to your network is not inside of the walls you control with your firewall. While firewalls have gotten better, the software companies used to secure the endpoints are not being updated. Most companies are content with sticking with their current AV solution. Traditional AV solutions don’t work! You need to secure the endpoints with the same level of security you have on your firewall. That is to say, the policies from your firewalls need to extend to the endpoints. Things like Data Loss Prevention need to be on the endpoint to detect when data is being exfiltrated from the company. Malware detection, zero-day threats, intrusions, and phishing protection are not beneficial if they are only detectable on the corporate network. Look for a firewall solution that can extend the policies of the firewall to the endpoint, regardless of where they go and how many people work from home.
Cloud Data Doesn’t Have a Firewall - Most businesses now have some amount of data in the cloud. Whether its Office 365 for email or storage on AWS, your business is using the cloud for something. 80% of companies do nothing to protect the data in the cloud with a firewall they control. They falsely believe that the cloud provider is providing firewall security, however, they are not. They are relying on you to secure your data and protect your information. The cloud providers just provide the storage and platform to give you access. It is up to companies to secure the data. Get a cloud firewall today!
Not Blocking Applications on the Firewall - Application Detection on the firewall is the ability to see what someone is doing on the internet, whereas Packet Inspection is the ability to allow access to the internet. Traditional firewall configurations just allow access to the internet and some may block websites based off of the URL. But this does little to increase security. Application Control is where you program the firewall to not only detect the application but allow or deny access to that application. Traditional firewalls may have blocked access to facebook.com but Application Control allows the user to access facebook.com but not allow them to access Facebook Messenger. Application Control is something that has risen in the security world over the last 7 years. The ability for organizations to monitor and control access to applications is critical to preventing and detecting threats. In fact, it is the only way you can have insight into what your users are doing either intentionally or unintentionally.
Not Reviewing Logs - Cyber thieves are looking for any weakness in your firewall. They are actively trying to get your users to click on phishing emails and install malware. Once inside of your network they are going to scan for valuable information then perform exfiltration of that data to an outside source. That data will then be packaged and sold on the dark web. A firewall can be like the lock on your front door. When you install a lock, most people will never look to see if a thief has tried to get in. They just assume the lock is doing its job. A firewall can be the same, once it is installed very little thought is given to see if it is actually working. But regularly reviewing the logs is the only way to detect modern malware and hackers. Marriott could not detect a breach in the Starwood network for 4 years! No one was looking at the logs. Be better than Marriott, get a log solution and have them analyzed on a regular basis.
Lack of Network Segmentation - This is a big one and one that I could dedicate a book to. Network Segmentation refers to the practice of dividing the network up into segments and then preventing those segments from communicating freely with each other. The technology to do this is pretty basic and nearly every company already has the ability to do this, just very few do. When your network is segmented off, if a user gets malware or a bad actor gets access to your network the damage they can cause is limited to only what they have access to. It is common practice to segment a guest network, but internally you should be segmenting as well. For example, not all departments on the network need to communicate with each other. They all may need to communicate to the servers and datacenter, but those can be secured with internal firewalls. So, take a look at your network and start segmenting it off to increase your level of security.
Thank you so much for reading our BLOGS this year. We hope the content is relevant and thought provoking. From everyone on our content team we wish you a great holiday season!