Monthly Archives: December 2016

Charles Leaver – With Proper IT Asset Identification And Management Your Security Will Be Enhanced

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften

 

Trustworthy IT asset management and discovery can be a network and security admin’s friend.

I do not need to tell you the obvious; all of us know a good security program begins with an inventory of all the devices connected to the network. Nevertheless, keeping a present stock of every connected device used by employees and organisation partners is difficult. Much more difficult is guaranteeing that there are no linked un-managed assets.

Exactly what is an Un-managed Asset?

Networks can have countless linked devices. These may consist of the following among others:

– User devices such as laptop computers, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), cell phones, and tablet devices.

– Data center and cloud devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as routers, switches, firewalls, load balancers, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Sadly, much of these linked devices may be unidentified to IT, or not handled by IT group policies. These unknown devices and those not handled by IT policies are described as “unmanaged assets.”

The variety of unmanaged assets continues to increase for lots of businesses. Ziften finds that as many as 30% to 50% of all linked devices can be unmanaged assets in today’s enterprise networks.

IT asset management tools are normally enhanced to detect assets such as PCs, servers, load balancers, firewalls, and storage devices utilized to deliver business applications to organization. Nevertheless, these management tools generally overlook assets not owned by the business, such as BYOD endpoints, or user deployed wireless access points. Much more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Must Change”, that IoT devices have surpassed staff members and guests as the greatest user of the business network.1.

Gartner goes on to explain a new trend that will introduce much more unmanaged assets into the organization environment – bring your own things (BYOT).

Essentially, employees bringing products which were created for the clever home, into the workplace environment. Examples include wise power sockets, wise kettles, clever coffee makers, wise light bulbs, domestic sensing units, wireless cams, plant care sensing units, environmental controls, and ultimately, home robotics. A number of these things will be brought in by personnel seeking to make their workplace more congenial. These “things” can notice details, can be managed by apps, and can interact with cloud services.1.

Why is it Essential to Discover Un-managed Assets?

Quite simply, unmanaged assets create IT and security blind spots. Mike Hamilton, SVP of Product at Ziften stated, “Security starts with knowing exactly what physical and virtual devices are linked to the organization network. However, BYOD, shadow IT, IoT, and virtualization are making that more difficult.”.

These blind spots not only increase security and compliance danger, they can increase legal threats. Information retention policies designed to restrict legal liability are not likely to be applied to digitally kept info consisted of on unauthorized cloud, mobile, and virtual assets.

Preserving a current inventory of the assets on your network is crucial to great security. It’s common sense; if you do not know it exists, you cannot know if it is secure. In fact, asset visibility is so essential that it is a fundamental part of most information security infrastructures consisting of:

– SANS Vital Security Controls for effective cyber defense: Developing an inventory of licensed and unauthorized devices is top on the list.

– Council on CyberSecurity Important Security Controls: Developing an inventory of licensed and unauthorized devices is the very first control in the focused list.

– NIST Details Security Constant Tracking for Federal Info Systems and Organizations – SP 800-137: Information security continuous monitoring is specified as maintaining continuous awareness of info security, vulnerabilities, and dangers to support organizational risk management choices.

– ISO/IEC 27001 Info Management Security System Requirements: The basic needs that all assets be plainly identified and an inventory of all important assets be drawn up and preserved.

– Ziften’s Adaptive Security Framework: The first pillar consists of discovery of all your authorized and unauthorized physical and virtual devices.

Considerations in Examining Asset Discovery Solutions.

There are multiple techniques utilized for asset discovery and network mapping, and each of the approaches have advantages and disadvantages. While evaluating the myriad tools, keep these two crucial considerations in mind:.

Constant versus point-in-time.

Strong info security requires constant asset identification no matter exactly what technique is employed. Nevertheless, lots of scanning techniques utilized in asset discovery take some time to complete, and are therefore carried out occasionally. The drawback to point-in-time asset discovery is that short-term systems might only be on the network for a brief time. For that reason, it is highly possible that these transient systems will not be found.

Some discovery strategies can set off security alerts in network firewall programs, invasion detection systems, or infection scanning tools. Since these methods can be disruptive, discovery is just performed at regular, point-in-time periods.

There are, nevertheless, some asset identification strategies that can be used continuously to locate and identify linked assets. Tools that offer continuous tracking for unmanaged assets can deliver better unmanaged asset discovery results.

” Since passive detection operates 24 × 7, it will detect temporal assets that may just be occasionally and briefly connected to the network and can send out alerts when brand-new assets are identified.”.

Passive versus active.

Asset identification tools supply intelligence on all found assets consisting of IP address, hostname, MAC address, device manufacturer, and even the device type. This technology helps operations groups rapidly clean up their environments, removing rogue and unmanaged devices – even VM expansion. Nevertheless, these tools tackle this intelligence gathering in a different way.

Tools that employ active network scanning successfully probe the network to coax responses from devices. These actions provide ideas that assist determine and fingerprint the device. Active scanning regularly takes a look at the network or a segment of the network for devices that are linked to the network at the time of the scan.

Active scanning can normally provide more extensive analysis of vulnerabilities, detection of malware, and configuration and compliance auditing. However, active scanning is carried out regularly because of its disruptive nature with security infrastructure. Unfortunately, active scanning dangers missing out on transient devices and vulnerabilities that develop between scheduled scans.

Other tools utilize passive asset identification techniques. Because passive detection runs 24 × 7, it will spot temporal assets that might only be sometimes and quickly linked to the network and can send out alerts when brand-new assets are detected.

In addition, passive discovery does not disrupt sensitive devices on the network, such as industrial control systems, and allows visibility of Internet and cloud services being accessed from systems on the network. Additional passive discovery strategies prevent activating alerts on security tools throughout the network.

In Summary.

BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT suggest a growing number of assets on to the business network. Regrettably, much of these assets are unidentified or unmanaged by IT. These un-managed assets pose severe security holes. Eliminating these unmanaged assets from the network – which are far more most likely to be “patient zero” – or bringing them up to corporate security standards greatly reduces a company’s attack surface area and overall risk. The bright side is that there are options that can offer continuous, passive discovery of un-managed assets.

Charles Leaver – Your Enterprise Antivirus Is Not Enough

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

 

Dwindling Effectiveness of Enterprise Anti-virus?

Google Security Master Labels Antivirus Apps As Ineffective ‘Magic’.

At the recent Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Entrusted with investigation of extremely advanced attacks, consisting of the 2009 Operation Aurora project, Bilby lumped business antivirus into a collection of inefficient tools set up to tick a compliance check box, however at the expenditure of real security:

We need to stop buying those things we have actually revealed do not work… Antivirus does some beneficial things, however in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary saying ‘Thank god it inhaled all the harmful gas.

Google security gurus aren’t the first to weigh in against organization antivirus, or to draw uncomplimentary examples, in this case to a dead canary.

Another highly experienced security team, FireEye Mandiant, likened fixed defenses such as business anti-virus to that notoriously stopped working World War II defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are fast ending up being a relic in today’s threat landscape. Organizations invest billions of dollars each year on IT security. But opponents are quickly outflanking these defenses with smart, fast-moving attacks.

An example of this was offered by a Cisco managed security services executive presented at a conference in Poland. Their group had actually identified anomalous activity on one of their organization customer’s networks, and reported the presumed server compromise to the client. To the Cisco team’s awe, the customer simply ran an anti-virus scan on the server, discovered no detections, and positioned it back into service. Horrified, the Cisco team conferenced in the customer to their monitoring console and was able to show the hacker performing a live remote session at that very moment, total with typing mistakes and reissue of commands to the compromised server. Finally convinced, the customer took the server down and totally re-imaged it – the organization anti-virus had actually been an useless interruption – it had actually not served the client and it had actually not hindered the attacker.

So Is It Time to Get Rid Of Enterprise Anti-virus Already?

I am not yet all set to state an end to the age of business anti-virus. But I understand that companies have to buy detection and response capabilities to complement conventional antivirus. However progressively I wonder who is matching whom.

Experienced targeted opponents will always effectively evade antivirus defenses, so against your greatest cyber hazards, enterprise anti-virus is essentially useless. As Darren Bilby mentioned, it does do some useful things, however it does not provide the endpoint defense you require. So, don’t let it distract you from the highest top priority cyber-security financial investments, and don’t let it distract you from security measures that do basically assist.

Shown cyber defense procedures include:

Configuration hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Constant network and endpoint tracking, consistent vigilance.

Strong file encryption and data security.

Staff education and training.

Consistent risk re-assessment, penetration screening, red/blue teaming.

In contrast to Bilby’s criticism of organization antivirus, none of the above bullets are ‘magic’. They are just the continuous hard work of appropriate organization cyber-security.