Monthly Archives: December 2016

Enhance Your Cyber Security With Good IT Asset Discovery And Management – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften

 

Dependable IT asset management and discovery can be a network and security admin’s friend.

I don’t have to tell you the obvious; we all understand a good security program starts with an understanding of all the devices connected to the network. Nevertheless, maintaining a present inventory of every connected device utilized by employees and company partners is difficult. Even more challenging is making sure that there are no connected un-managed assets.

What is an Un-managed Asset?

Networks can have thousands of connected devices. These may consist of the following to name a few:

– User devices such as laptops, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), cellular phones, and tablets.

– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as switches, load balancers, firewalls, switches, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Sadly, much of these linked devices may be unknown to IT, or not managed by IT group policies. These unidentified devices and those not handled by IT policies are referred to as “un-managed assets.”

The variety of un-managed assets continues to increase for numerous businesses. Ziften discovers that as many as 30% to 50% of all linked devices could be un-managed assets in today’s enterprise networks.

IT asset management tools are normally optimized to spot assets such as computers, servers, load balancers, firewalls, and devices for storage used to deliver business applications to organization. Nevertheless, these management tools normally neglect assets not owned by the company, such as BYOD endpoints, or user-deployed wireless access points. A lot more unpleasant is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Must Change”, that IoT devices have exceeded employees and visitors as the most significant user of the business network.1.

Gartner goes on to describe a new trend that will present much more un-managed assets into the enterprise environment – bring your own things (BYOT).

Essentially, staff members bringing items which were designed for the wise home, into the workplace environment. Examples include smart power sockets, smart kettles, smart coffee machines, clever light bulbs, domestic sensing units, wireless web cams, plant care sensing units, environmental controls, and eventually, home robotics. A lot of these things will be brought in by staff seeking to make their working environment more congenial. These “things” can pick up info, can be managed by apps, and can communicate with cloud services.1.

Why is it Essential to Discover Un-managed Assets?

Quite simply, unmanaged assets produce IT and security blind spots. Mike Hamilton, SVP of Product at Ziften stated, “Security begins with understanding exactly what physical and virtual devices are connected to the business network. But, BYOD, shadow IT, IoT, and virtualization are making that more difficult.”.

These blind spots not just increase security and compliance danger, they can increase legal danger. Info retention policies created to limit legal liability are unlikely to be applied to electronically stored details contained on unauthorized virtual, mobile and cloud assets.

Keeping an up-to-date stock of the assets on your network is vital to great security. It’s common sense; if you don’t know it exists, you cannot know if it is safe. In fact, asset visibility is so essential that it is a fundamental part of a lot of information security frameworks consisting of:

– SANS Crucial Security Controls for efficient cyber defense: Establishing an inventory of licensed and unauthorized devices is number one on the list.

– Council on CyberSecurity Important Security Controls: Producing an inventory of authorized and unapproved devices is the first control in the prioritized list.

– NIST Information Security Continuous Monitoring for Federal Information Systems and Organizations – SP 800-137: Info security constant tracking is specified as preserving ongoing awareness of information security, vulnerabilities, and threats to support organizational threat management choices.

– ISO/IEC 27001 Information Management Security System Requirements: The standard needs that assets be plainly determined and an inventory of very important assets be prepared and preserved.

– Ziften’s Adaptive Security Framework: The first pillar consists of discovery of all your licensed and unapproved physical and virtual devices.

Factors To Consider in Examining Asset Discovery Solutions.

There are multiple techniques utilized for asset discovery and network mapping, and each of the techniques have benefits and disadvantages. While assessing the myriad tools, keep these two key factors to consider in mind:.

Continuous versus point-in-time.

Strong information security needs constant asset discovery regardless of what approach is used. However, numerous scanning methods utilized in asset identification require time to finish, and are therefore carried out regularly. The disadvantage to point-in-time asset identification is that short-term systems may only be on the network for a short time. For that reason, it is extremely possible that these short-term systems will not be found.

Some discovery strategies can set off security alerts in network firewalls, intrusion detection systems, or virus scanning tools. Since these methods can be disruptive, discovery is only executed at routine, point-in-time periods.

There are, nevertheless, some asset discovery methods that can be utilized continuously to find and determine linked assets. Tools that provide continuous monitoring for un-managed assets can provide much better un-managed asset discovery results.

” Since passive detection operates 24 × 7, it will identify transitory assets that may just be occasionally and quickly connected to the network and can send notifications when new assets are detected.”.

Passive versus active.

Asset identification tools provide intelligence on all found assets including IP address, hostname, MAC address, device maker, as well as the device type. This technology helps operations teams quickly clean up their environments, removing rogue and un-managed devices – even VM proliferation. However, these tools tackle this intelligence gathering differently.

Tools that use active network scanning effectively penetrate the network to coax reactions from devices. These responses supply hints that help determine and finger print the device. Active scanning occasionally analyzes the network or a section of the network for devices that are connected to the network at the time of the scan.

Active scanning can typically supply more thorough analysis of vulnerabilities, malware detection, and configuration and compliance auditing. Nevertheless, active scanning is carried out regularly because of its disruptive nature with security infrastructure. Regrettably, active scanning threats missing short-term devices and vulnerabilities that emerge between scheduled scans.

Other tools utilize passive asset discovery methods. Due to the fact that passive detection runs 24 × 7, it will detect transitory assets that might just be periodically and briefly linked to the network and can send out alerts when new assets are spotted.

Additionally, passive discovery does not disrupt sensitive devices on the network, such as industrial control systems, and permits visibility of Internet and cloud services being accessed from systems on the network. Additional passive discovery techniques avoid setting off alerts on security tools throughout the network.

Summary.

BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT mean more and more assets on to the business network. Unfortunately, a number of these assets are unknown or un-managed by IT. These unmanaged assets pose serious security holes. Eliminating these unmanaged assets from the network – which are far more likely to be “patient zero” – or bringing them in line with business security requirements considerably decreases a company’s attack surface and overall risk. The bright side is that there are options that can supply constant, passive discovery of unmanaged assets.

Don’t Believe That Your Enterprise Antivirus Will Save You – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

 

Dwindling Efficiency of Business Anti-virus?

Google Security Expert Labels Antivirus Apps As Inadequate ‘Magic’.

At the recent Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Tasked with examination of extremely advanced attacks, including the 2009 Operation Aurora campaign, Bilby lumped organization antivirus into a collection of inefficient tools installed to tick a compliance check box, however at the cost of genuine security:

We have to stop buying those things we have actually shown are not effective… Anti-virus does some useful things, but in reality, it is more like a canary in a coal mine. It is even worse than that. It’s like we are loafing around the dead canary saying ‘Thank god it breathed in all the toxic gas.

Google security gurus aren’t the first to weigh in against business anti-virus, or to draw unflattering examples, in this case to a dead canary.

Another extremely experienced security team, FireEye Mandiant, compared fixed defenses such as enterprise antivirus to that notoriously failed The second world war defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are quick becoming an antique in today’s risk landscape. Organizations invest billions of dollars every year on IT security. But cyber attackers are easily outflanking these defenses with smart, fast-moving attacks.

An example of this was offered by a Cisco managed security services executive presented at a conference in Poland. Their team had actually identified anomalous activity on among their enterprise customer’s networks, and reported the believed server compromise to the customer. To the Cisco group’s amazement, the client just ran an antivirus scan on the server, found no detections, and positioned it back into service. Horrified, the Cisco group conferenced in the customer to their tracking console and was able to show the opponent performing a live remote session at that very moment, complete with typing errors and reissue of commands to the compromised server. Lastly encouraged, the client took the server down and fully re-imaged it – the enterprise anti-virus had been an useless distraction – it had not served the customer and it had not prevented the opponent.

So Is It Time to Ditch Enterprise Anti-virus Now?

I am not yet all set to declare an end to the age of business antivirus. However I understand that businesses have to purchase detection and response abilities to match traditional antivirus. But significantly I question who is matching whom.

Skilled targeted cyber attackers will constantly effectively avert anti-virus defenses, so versus your biggest cyber dangers, business antivirus is basically worthless. As Darren Bilby mentioned, it does do some helpful things, however it does not offer the endpoint defense you require. So, don’t let it distract you from the highest priority cyber-security financial investments, and don’t let it distract you from security procedures that do essentially help.

Shown cyber defense measures include:

Setup hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Constant network and endpoint monitoring, consistent caution.

Strong encryption and data security.

Staff education and training.

Consistent hazard re-assessment, penetration screening, red/blue teaming.

In contrast to Bilby’s criticism of business antivirus, none of the above bullets are ‘magic’. They are just the ongoing effort of appropriate organization cyber-security.