Reduce Risk By Finding Your Network Blind Spots
Increasing your organization's network visibility enables you to proactively stay on top of suspicious activities or vulnerabilities.
Articles published August 9, 2017 by Scott Hardee
If you’re like me, you dread eye appointments. After all, who likes being told their vision is getting worse and then dealing with the inconveniences and expenses that come with contacts and glasses? On the positive side, I guess I’m fortunate there are ways to improve my ever-decreasing vision.
When it comes to network visibility, the same concept applies. Many times, organizations need stronger visibility into their network, so they aren’t blind to what’s happening. If organizations can’t see or anticipate problems, it can lead to breaches, downtime, and lost productivity.
Increasing your organization’s network visibility comes with an expense, but just like contacts and glasses, it enables you to proactively stay on top of suspicious activities or vulnerabilities. Being secure and safe from breaches and cyberattacks is critical, and identifying your network’s blind spots can prevent a breach from happening to your organization.
Here are several network blind spots you need to be aware of to keep your organization secure.
Domain Name Service (DNS)
A Cisco report found that 91 percent of malware use the Domain Name Service (DNS) to control infected devices and obtain data. However, the same report revealed that 68 percent of organizations don’t monitor for unauthorized DNS access. To prevent this from happening to your organization, be on the lookout for this unauthorized use, and shut it down before it becomes a major issue.
Does your organization let employees work remotely? The Citrix Mobile Analytics Report revealed that 61 percent of employees work outside the office at least part of the time. While allowing employees the flexibility to work remotely is important and beneficial to your organization, it also comes with a set of risks.
Remote access is another way hackers can infiltrate your network. When employees work outside the office, it’s difficult to control how they share sensitive data. This could create new vulnerabilities for hackers to exploit.
Here are two ways to prevent hackers from gaining remote access to your network.
Implement a Strong Data Security Policy
To combat data breaches, have a data security policy in place, which all employees are aware of, fully understand their obligations, and follow. It is important for your employees to know what the risks and implications are, should a data breach occur.
A data security policy is used to define approved methods to securely transfer or share data and define restricted methods to help stop the use of unsupported or unsafe services and applications. Policies should be very specific on what is acceptable and not acceptable for all employees. They need to include information about email, mobile devices, social networking, and internet usage. Make sure these policies are documented, communicated (multiple times), and enforced, as well as periodically reviewed and updated.
Manage Your Mobile Devices
At a basic level, the goal of mobile device management is to protect the data on employee devices. This reduces the risk of a mobile device being vulnerable, and can help secure your data, should it become compromised. Most mobile device management systems allow you to manage the users’ devices, establish a user policy, and wipe or reset the device in certain cases.
Today, more and more organizations are adopting a Bring Your Own Device (BYOD) mentality, where employees use their own tablets, smartphones, and laptops. While this can save the organization money, it also comes with challenges. One big issue surrounding BYOD—and personal technology as a whole—has to do with privacy and security. Whether it’s through apps, training, or just well-worded policies, you need to ensure your employees aren’t sharing confidential information about your business or your customers. Likewise, you should have a plan in place that preserves employee privacy and doesn’t leave your company liable to charges that you’re using technology intrusively. You should also have a process around employee transitions, and identifying what happens to the employee’s mobile device when they leave your organization. Does the phone get wiped, and does the employee know what to do with it when they leave? This goes hand-in-hand with mobile device management, and can benefit your organization in the long run (especially if an issue does occur).
Managing your server platform and being cognizant of rogue servers on your network is critical. A rogue server is a server that isn’t approved or controlled by your IT personnel (or IT service provider). Rogue servers are a real threat, because you can’t control them or shut them down easily, and they can consistently steal data and confidential information. To prevent this, conduct regular backups of your data and network, so that if you ever encounter a rogue server, you will still be able to retrieve all of your data from a previous backup.
Is your organization still using some form of Telnet activity? If you aren’t sure, it’s worth looking into. Telnet is an insecure method of sharing unencrypted data, and hackers can easily access it and steal sensitive information. Telnet activity is insecure because it doesn’t encrypt usernames and passwords. Although there are ways to encrypt Telnet traffic, there are more secure alternatives available.
Server Message Blocks
Many organizations use Server Message Block (SMB) to allow applications to interact with your servers. SMB is a kind of message format used to share files and information. Attackers know that organizations utilize this, and they use SMB to plant malware and infiltrate your servers and data. To remove this blind spot, limit SMB traffic to private networks or virtual private networks (VPN), and block all unsolicited communication and traffic from the internet. Another way to prevent hackers from attacking your network is to always stay up to date on the latest version of SMB.
Fix Your Blind Spots
Being aware of critical network blind spots is essential to ensure your organization stays proactive and doesn’t fall victim to a breach. To do this, you need solutions that provide insight and visibility to your network. Examining your network takes time, but thankfully, there are tools that can do the work for you.
One example of an automated solution is Advanced Threat Protection (ATP), which is a combination of different security solutions designed to prevent cyberattacks, malware, and hackers from stealing private and sensitive data. There are some differences in ATP solutions, depending on the company, but the most common solutions include:
- Network devices
- Email gateways
- Centralized management console
- Malware protection
- Endpoint agents
An effective ATP can prevent, detect, and mitigate threats, so you don’t have to constantly be on the lookout for potential breaches and threats.
Another option is to actively monitor your network activity for security threats. Security Information and Event Management (SIEM) is one effective strategy that delivers a centralized view of all network data. From that data, it can identify any threats and track them throughout your organization’s system. SIEM consolidates all logs and provides a clearer picture of what’s happening on your network.
A Better Vision
With an awareness of the network blind spots and solutions to give you a strong lens into your network, you can stay on top of any potential vulnerabilities or breaches. This allows you to have better overall vision of your network, and gives you peace of mind that your organization won’t be the next data breach news headline.
Have you identified all of your network blind spots?
Read our case study: Managed IT Services Benefits Medical Field