14
E-guide Achieve the Best Network Security Possible Practice good habits for effective network security
E-guide
Achieve the Best Network Security Possible Practice good habits for effective network security
Page 1 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
In this e-guide: Achieving network security is trickier than ever. While network security threats are evolving and multiplying, the very the nature of the network is changing, too.
This guide explores key obstacles to achieving the best network security and the latest means for battling top threats. Inside:
• Stronger network security could be the key to preventing a ransomware infection. Expert Kevin Beaver shares 5 ways organizations can stop ransomware threats.
• Beaver explains how to overcome problems related to network security alerts, from dealing with a high volume of alerts to a lack of actionable intelligence.
• Consulting Systems Engineer Teren Bryson digs into the need for a network security overview in an era where major network breaches are being reported with alarming frequency.
Page 2 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
Five ways to prevent a ransomware infection through network security
Kevin Beaver, Information Security Consultant - Principle Logic, LLC
Ransomware attacks are not only becoming more common, they're becoming more creative. This advanced malware that once targeted users directly is now being deployed via remote exploits of unsecured web servers running WordPress and, now, JBoss. According to Cisco's Talos threat intelligence organization, a new type of ransomware called SamSam is targeting enterprises running vulnerable versions of JBoss. Rather than the ransomware infection spreading through phishing attacks or drive-by downloads, it instead attacks a compromised server and spreads throughout the internal corporate network. This is just one example of a myriad of highly-complex threats targeting corporate assets and resources every day. Ransomware appears to be coming of age.
So what can enterprises do to protect themselves from initial ransomware infection? If ransomware gets into one system, how can enterprises stop it from spreading to others? It all comes down to common sense. The ransomware threat is no different than any other threat; there's a vulnerability and the criminals want to exploit it for ill-gotten gains. The method and underlying technologies evolve, but the threat itself needs to be handled in the same manner as any other threat. Here's how enterprises can approach this security challenge:
Page 3 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
1. Acknowledge that you don't know what you don't know
The sign of a truly wise security professional is admitting that many things on the network are unknown. Systems, applications, users, information and the like all make up a group of assets that are often unaccounted for and, therefore, undersecured and currently at risk to ransomware. Another key indicator of a smart security pro is the presence of a plan to make things better.
2. Acquire support from management and users
Before anything can get off the ground in security, management needs to politically and financially back it, and they needs to do so on an ongoing basis. Assuming the security team is able to get management on board with their plan for fighting ransomware, they'll also need to get the users on board with policies, ramifications of bad choices and the overall setting of expectations on "this is how things work here."
3. Deploy the proper technologies or tweak your existing setup
The heart of a strong malware defense is well-designed and properly-implemented technologies. If a network is to stand up against a modern day ransomware infection, it needs the following:
• First and foremost, patching needs to be under control. Many businesses struggle with this, especially with third-party patches for Java and Adobe products, and hackers love this. Until software updates are deployed in a timely fashion, the organization is a sitting duck. A network is just one click away from compromise.
Page 4 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
• Effective malware protection is also a necessity. Steer away from the traditional and look more toward advanced malware tools including non-signature/cloud-based antivirus, whitelisting and network traffic monitoring/blocking technologies.
• Data backups are critical. Organizations' systems -- especially the servers that are at risk to ransomware infections -- are only as good as their last backup. Discussions around backups are boring, but they need to be well-thought-out to minimize the impact of the ransomware that does get through and encrypts critical assets.
• Network segmentation is another important part of ransomware protection, but it's only sometimes deployed properly. Just keep in mind that VLANs -- the most common segmentation technique -- aren't secure if an internal user can guess the IP addressing scheme that's likely a mere digit increment or decrement away.
Finally, security assessments can help protect enterprise networks. Stop pen testing for the sake of PCI DSS, and start performing comprehensive security vulnerability assessments that look at the bigger picture. If the security team keeps malware in mind when it looks at its internal network from the internet, it'll find a slew of weaknesses that are currently facilitating the ransomware infection threat. Document these findings and present them to management for the necessary support. 4. Monitor and respond Security teams can't secure -- or respond to -- the things it doesn't acknowledge. Most enterprises have a half-baked monitoring, alerting and incident response program. Security teams need to do what needs to be done: monitor servers, workstations and network for anomalies, take quick
Page 5 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
action, and do what's necessary to respond to the current event and prevent it from reoccurring. 5. Fine-tune to get better Many people -- both in management as well as IT and security -- view security as a one-time deal. You invest, you deploy, you assess and everything else will take care of itself, but this is hardly the case. IT and security teams are pressed for time because they're constantly having more projects layered on top of what is still left undone. Figure out a way to fix that. It may be in terms of time management, different processes or hiring new FTEs. Whatever it is, fix it.
The security solutions to a ransomware infection are not endpoint-centric, as Cisco Talos' report shows, nor are they network-centric. They're holistic. It's a little bit of everything -- in various parts of the organization -- working together to create barriers to entry and exploit. Sound familiar? It's the same tried and true approach to information security that's been known about for decades yet organizations continue to struggle with. The technical understanding is there, but security is impeded by politics and special interests. From the CIO to the CLO to the CEO and a lot of people in between, everyone involved has his or her own agenda that keeps what needs to be done from getting done.
An organization might not be able to overcome the human aspects of information security but it can at least try to make the criminal hacker's job as difficult as possible.
Page 6 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
Network security alerts: Managing and overcoming obstacles
Kevin Beaver, Information Security Consultant - Principle Logic, LLC
A recent survey from the Cloud Security Alliance and Skyhigh Networks, titled IT Security in the Age of Cloud, showed a significant number of IT and security professionals are having trouble drinking from the proverbial security fire hose, and it just keeps getting more difficult. Nearly a third of the 228 respondents said they ignore network security alerts because there are too many false positives. Twenty-six percent of respondents said they receive more security alerts than they can investigate. These findings alone are not only a breach waiting to happen, but they essentially negate a significant portion of everything that has been done to improve security in the enterprise.
The study also found that 40% of respondents claim there's a lack of actionable intelligence in the network security alerts they do receive. What does that say about the security controls and processes they've invested in to this point? Oddly enough, a majority of respondents (53.7%) said their organizations plan to increase their security budget in the next 12 months. That begs the question: Are they just going to throw more money at the problem? The mantra is to simply invest more money and that will, presumably, fix everything. Unfortunately, information security programs aren't that simple. Quick fixes do not -- and never will -- work. What's needed
Page 7 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
to minimize these challenges in IT is a fresh look, and perhaps a significant retooling, of how information security is managed.
So how do IT and security pros move forward and get past this disarray with network security alerts? Everyone's situation is unique but there are some common strategies and tactics that can be utilized to gain some semblance of control over the situation. The first part is coming to an agreement on what matters. That is, what types of attacks against which specific systems in the network environment need the attention of IT and security staffs. This might involve enterprise applications in the DMZ combined with firewall and intrusion detection system (IDS) alerts. It might be internal-facing endpoints, perhaps involving DLP and malware protection. Whether it's external or internal, a security information and event management (SIEM) provider, managed security services provider or other entity might be involved. What new, or better, information is needed? Perhaps not enough information is being provided, or at least the right information, to help facilitate good decision-making?
I have found that, by and large, most problems related to network security alerts and the subsequent challenges and oversights are due to a lack of tuning of the security systems in use. Given the time constraints and lack of time management skills, combined with knowledge and training gaps related to products and security events -- what to look for -- many security systems are "set it and forget it." Unless there is continual measurement and subsequent tweaking of firewalls, IDS or intrusion prevention system, SIEM and the like, there's no possible way to achieve measurable improvements. Individual security systems must be treated as a feedback loop -- adjustments for which are then fed into the larger security program.
Page 8 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
There are a lot of moving parts in properly setting and managing network security alerts, but the solution is simple. With user demands for simplicity and convenience, enterprises must set aside time and resources for this ongoing work to make security better. Otherwise, they're going through the motions, which serves to create a false sense of security and sets everyone involved up for failure over the long haul.
Next article
Page 9 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
How a network security overview pays dividends
Teren Bryson, Consulting Systems Engineer - World Wide Technology
"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked."
-- Richard Clarke
In the world of information technology, the security team is often viewed with suspicion, frustration and complete bemusement from the outside. It's often comprised of the "no" men and women; the people with the power to block your well-designed initiatives and to shut down all but the most critical of network changes or application rollouts. They are gaining more and more power, but is that really a bad thing?
In an era where major network breaches are being reported with alarming frequency, information security budgets are growing accordingly as IT execs catch up with the facts on the ground. In its Global State of Information Security Survey 2016, PwC reported that information security budgets increased by 24% in 2015 alone, and that the "theft of 'hard' intellectual property increased by 56%" in the same period. Tacking on to that, some of the highest ranking cybersecurity experts in the government have also sounded the alarm about the need for a network security overview, with Richard Mueller, former director of the FBI, stating, "There are only two
Page 10 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
types of companies: those that have been hacked, and those that will be." Given this reality, is it any wonder that information security departments are gaining so much power, budget and control over all aspects of the business?
Not everyone has gotten the memo.
Rogue projects proliferate Projects and initiatives are still being implemented without a network security overview by information security departments, often with disastrous consequences that may or may not be felt immediately. Rogue users or entire departments (frequently with at least tacit approval from managers) begin to set up outside services, resulting in what is commonly referred to as shadow IT. Maybe it starts with social media to replace kludgey corporate systems, or Dropbox to get around restrictive file-sharing policies, but it eventually finds its natural end at full-blown public cloud "shadow" environments.
While all of these behaviors carry serious risk of exposing sensitive company data -- either by users' credentials being compromised internally or by breaches happening to the external providers of the service in question -- they stem from serious needs: speed to execution and convenience. The problem with most enterprise security measures is they tend to be slow in reacting to change not related to immediate security threats. If a user requests a better file-sharing experience, the services or applications that might be beneficial to fill that need must be vetted and balanced against the
Page 11 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
need for security. This often takes an inordinate amount of time and may, at the end of the process, result in a "no" from the security folks. So, in one established process, both the speed and convenience a user perceives is needed to increase the value they bring to the company is stymied. Hence, shadow IT.
Questions, questions -- what do we do about it? These issues are the same as have been faced by applications, storage, server and virtualization groups for some time now, and are currently being felt by the network team as well. The seemingly meteoric rise of software-defined [fill in the blank here] is a direct result of the perceived slowness on the part of the traditional network hierarchy, and while software-defined networking (as an example) may tackle the technology side of the equation, the real change comes from a more collaborative approach to the management of the entire IT ecosystem.
Holistic approaches to security, to achieve a network security overview, need to be adopted in order to bring the pendulum back to the center on the management and usage of corporate systems. The fewer silos the IT groups are neatly categorized into, the more awareness of the overarching needs of the business. As a result, the company can move more quickly and the dreaded workaround is largely avoided. As applications teams -- or users and departments -- are brought into a more collaborative process, the more they will be valued and their concerns addressed. The net result? Better security.
Page 12 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
There is a truth in network security that past a certain point of password complexity required to log into a service, the less security you actually have. At some point, users can't, or choose not to, remember these more complicated passwords and so what do they do? They write them down and keep them somewhere close by their computers. The same can be said for security roadblocks during the course of doing business. The more you clamp down on security, the more you operate in a vacuum, the less security you actually attain. The need for a network security overview could not be clearer.
Next article
Page 13 of 13
In this e-guide
Five ways to prevent a ransomware infection through network security p.2
Network security alerts: Managing and overcoming obstacles p.6
How a network security overview pays dividends p.9
About SearchSecurity p.13
E-guide
About SearchSecurity IT security pros turn to SearchSecurity.com for the information they require to keep their corporate data, systems and assets secure.
We're the only information resource that provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, podcasts, Security Schools, a selection of highly focused security newsletters and more -- all at no cost.
For further reading, visit us at http://SearchSecurity.com/ Images; Fotalia
© 2017 TechTarget. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher.
