best practices best practices for reducing your attack...
TRANSCRIPT
Enhance Network and Endpoint Visibility
Visibility into your entire network—including endpoints—will help you form a more accurate picture of your attack surface. To achieve this visibility, it’s essential to become knowledgeable about your network topology, how devices and endpoints are connected, and how your network is segmented. Identifying the configurations and vulnerabilities of all your servers, desktops, and mobile devices will help increase overall endpoint visibility. Combining network and endpoint visibility provides valuable context for security decision making.
Barbarians at the Network: Cybercriminals and the Ever-Expanding Attack SurfaceHeartbleed. Target. Adobe. Businesses are under siege by cybercriminals looking for financial gain and political actors looking for trade secrets. Millions of records containing consumer credit and debit cards can be compromised in a single breach. Enterprise executives are called in to testify to Congress. Vulnerabilities get fancy names and make the mainstream news. Today, no one is immune.
While these breaches may have been eye-opening to the average consumer, the stories are all too familiar to security practitioners working to safeguard their systems and root out any attackers.
The attack surface—the total sum of all ways an organization can be attacked—is extremely difficult to defend. It’s like a balloon that can expand and contract with the introduction and remediation of vulnerabilities. Time is critical because the attack surface grows with every new vulnerability, and it intensifies by the number of systems affected by that vulnerability.
If exposed vulnerabilities linger unresolved for weeks and months, the likelihood of exploitation grows exponentially. A larger attack surface offers more entry points for attackers as well as more lateral moves once the network perimeter has been breached.
Identifying and turning off risky services, closing exploitable access paths, remediating vulnerabilities, and consolidating parts of the network are steps to shrink the attack surface and lower risk across an organization.
While it may only take minutes for an attacker to find one exploitable vulnerability to breach your defenses, it often takes security teams months to identify and root out vulnerabilities and other risks on a corporate network. For example, some organizations only run vulnerability scans once a month (or less), and it could take weeks to evaluate the risks and decide on a response. Time between scans and time taken to evaluate their results can leave your network exposed as a sitting duck.
It’s critical for organizations to find ways to shrink their attack surface and get their risk level under control. Doing so makes it more difficult and more expensive for cybercriminals to find weak points to breach defenses, and more likely that the security team can prevent or contain an attack quickly.
Best Practices
Best Practices for Reducing Your Attack Surface5 Steps to Shrinking Your Window of Vulnerability
1
Best Practices to Reduce Your Attack Surface www.skyboxsecurity.com2
Police Your EndpointsIn addition to a holistic view of the network, it’s important to know the location and behavior of your endpoints.
End points also vary based on the industry. For example, retailer endpoints may include bar code readers or point-of-sale terminals, while a bank would consider ATMs. According to news reports, the hackers who planted point-of-sale malware at Home Depot locations initially used stolen credentials from a third-party vendor to enter the retailer's system. Once inside, they were able to enter the company’s main computer network by exploiting a vulnerability in Windows.
By identifying what types of end points are on the network, what’s installed on them, and what patches are needed, an organization can visualize what’s exploitable and streamline its remediation efforts.
2
Segment Your NetworkThe Target attack helps illustrate the importance of network segmentation. According to reports, the retailer’s failure to properly segment systems handling sensitive payment card data gave hackers a point of access. These types of attacks are like a bull in a china shop: breaking down the door was bad enough, but the real mayhem comes once he’s inside. So how do you contain the bull?
A fundamental part of any security strategy should include a review of your network to ensure that it is properly segmented into zones. Start by analyzing your network:
• What does your network look like?• What kinds of connections exist or
could exist?• How is my network segmented?• What kind of security controls are in
place between the different segments?
Finally, the security settings and access for different areas should be based on the sensitivity of information and who is allowed to access those areas.
3
Best Practices to Reduce Your Attack Surface www.skyboxsecurity.com3
Utilize Risk Analytics
If an organization only relies on its scanning technology for monthly scans (or even less frequently) to avoid network disruption, it’s missing key vulnerabilities and leaving their network vulnerable to outside attack. Risk analytics can help avoid disruption by identifying gaps in your firewalls, finding and prioritizing risks, identifying relevant threats, and providing context-driven remediation. With this type of intelligent approach, organizations can achieve scan-less discovery of vulnerabilities, ensuring greater, ongoing awareness of their attack surface.
4
Prioritize Your Risks
Assessing and prioritizing risks can help your organization create and implement optimal, timely remediation. With modeling and simulation technologies, you can create a comprehensive model of your network technology. This model can then be evaluated for potential security gaps created by the intersection of network topology, security controls, and infrastructure. Such solutions allow you to identify infrastructure vulnerabilities, possible routes and types of attacks, and hot spots where there may be a concentration of vulnerabilities.
5
Copyright © 2015 Skybox Security, Inc. All rights reserved. Skybox is a trademark of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. BP_AttackSurface_EN_012152015
www.skyboxsecurity.com | +1 408 441 8060 | www.skyboxsecurity.com/contactus
Next StepsIn today’s security landscape, companies’ networks are under constant attack, and many cybercriminals are looking for the path of least resistance to breach their defenses. Gaining a greater knowledge and awareness of your attack surface is crucial to bolstering current security measures and reducing the amount of time to identify, respond to, and remediate issues on your network.
Skybox Security provides the most powerful risk analytics for cyber security, giving IT security management and network operations the solutions needed to visualize the network, identify vulnerabilities, and expedite remediation. Skybox solutions provide a context-aware view of the network and risks to achieve effective vulnerability and threat management, firewall management, and continuous compliance monitoring.
Let Skybox help you reduce your attack surface. To learn more, download our free 30-day trial at www.skyboxsecurity.com/trial, or contact your local Skybox Security representative at www.skyboxsecurity.com/contactus.
About Skybox SecurityEstablished in 2002 and headquartered in San Jose, California, Skybox Security is a privately held company with worldwide sales and support teams that serve an international customer base of Global 2000 enterprises and large government agencies. Skybox Security customers are some of the most security-conscious organizations in the world, with mission-critical global networks and pressing regulatory compliance requirements. Today, six of the top 10 global banks and six of the 10 largest NATO members use Skybox Security for automated, integrated security management solutions that lower risk exposure and optimize security management processes.