The term “network security” tends to conjure up visions of firewalls, routers and switches, the physical devices and things that make up the bones or plumbing of a network. As we talk through network security issues, we need to think not only of the bones of the network, but also the connective tissue of the network: the endpoints, established routes, access controls, internal and external detection or prevention tools.
Since your network is the system that allows communication between internal systems and users, it’s basically your business in its barest sense. As such, it’s one of the most important things you can protect. Lots of focus has been on this over the years, and lots of technical problems and fixes have been demonstrated and resolved.
Humans are human however, and as security attempts to protect systems it can’t always keep up. No matter the size of your Security Operations Center, the size of your company or the gravity of your concerns, and even if your infrastructure is sound, there will still be network security issues you have to deal with.
Common Causes of Network Security Issues
Turtle shell syndrome or the castle doctrine
This is the classic security posture. If I bar the front door they can’t get in. This issue places all the detective and preventative focus on the exterior of the network. It’s composed of firewalls, top line ACL’s and a myriad of technologies to inspect and verify as many things from the outside world that attempt to connect to the network.
While this focus does help the issue, it can blind you from insider threats or from entry via trusted channels we have set up for our business partners, contractors, or in today’s world, our remote workers that could be sharing a work laptop at home.
Structuring your security with a Defense in Depth (DiD) approach is more effective. Unlike your crunchy turtle shell that has basically one method of defense, DiD utilizes tools like managed firewalls, intrusion prevention or detection systems (IDS/IPS), endpoint detection and response (EDR), network segmentation, the principle of least privilege, consistent patch management and other internal security tools to defend a network. This is the castle doctrine that gives you multiple layers or baileys of defenses.
The Department of Homeland Security’s Defense-in-Depth Strategies publication outlines steps to build up defenses inside your outer wall. It advocates for a holistic approach “that uses specific countermeasures implemented in layers to create an aggregated, risk-based security posture.”
That adaptability and agility are key. When it comes to cybersecurity, embrace the paranoia; trust as few connections and users as possible.
Set it and forget syndrome or blinky lights
Every now and again in cybersecurity you hear people say, “Listen, the auditor is coming, and I just need blinky lights to say that we are doing something.” Blinky lights and set it and forget it are standard issues in network security. I think it is best summed up with:
“The new tool is great. It does a wonderful job, and our partner set it up perfectly to work in our environment.”
The problem is that the wording for that sentence is wrong. We have to add a word. “The new tool is great. It does a wonderful job, and our partner set it up perfectly to work in our CURRENT environment.”
Our environments are constantly changing and threats are constantly evolving. This means while we hopefully have configured automatic updates for our security tools, they may still need to be rebooted for that new configuration to be put in place. Or, there is a new feature that needs to be turned on and configured.
More importantly, even though new detections are constantly created and applied, you don’t need to protect yourself against every bad thing ever concocted and distributed over the web. Even some current threats are probably things that you just don’t need to worry about. Without periodic updates and reviews, security infrastructure becomes just another ringing bell in the background, creating false positives and more work for the security team.
Here, consistency is key. Have a routine check up of your systems, procedures and tools. Make sure you’re reading your reports and acting on the information contained in them. If you’re struggling to keep up, hire a third party to provide vulnerability management or MDR for you. If you’re going to the trouble and the expense of paying for and setting up a security technology, do what you can to get your money out of it.
Ostrich syndrome or I have nothing of value
This one goes a couple of ways: people either stick their head in the sand and declare that they have instituted everything they possibly can and have a belief that from this point forward they are secure, or they stick their head in the sand and repeat the mantra of “I have nothing of value, they will leave me be.”
Sadly, neither of these is true.
As threats constantly change, even the protections in a Defense in Depth strategy will need to change. Some tools may age out, even if it is being constantly updated, monitored and managed. Additional devices may be brought into the network and change attack vectors while new applications and business rules can be implemented and compliance policies are updated. All of these can upset the previously perfectly thought-out defense plan.
Then there is the issue of security by obscurity. “No one knows who we are. We are too small. I have nothing of value to a hacker.” The brutally honest fact is that if you are on the internet in any kind of way, you are of some value to a hacker. You may be right, you have no data of value, but could they use your infrastructure for storage? Could you be part of a DDOS attack? An impression website or email address for a spam or malware campaign?
Sticking your head in the sand to avoid seeing danger doesn’t protect you from danger. Same with security. Even if you had a DiD security setup, even if you monitored your tools and read their reports, if you don’t have visibility into all areas of your network or have the ability to resolve network security issues wherever they arise, it’s not really worth much. You need to see them to protect against them, and understand them in order to prioritize your actions to resolve them.
In the end, it’s simple; you can’t fix what you don’t know about, and you can’t fix what you can’t touch. 24/7/365 visibility and monitoring of your network, assets and endpoints mean nothing goes unnoticed. Total access to your network, assets and endpoints means everything can be fixed.
Visibility and access to even the most decentralized and disparate endpoints are more important than ever in the work from home era we find ourselves in. Continuous alert monitoring, validation and other EDR services mean attacks can be identified, contained, remediated and a deep investigation can be done to find and fix the root cause, preventing the attack from happening again.
Avoid network security issues with a top-notch team
No one likes dealing with problems, but when things do come up, it’s better with a team.
deepwatch’s innovative Squad Delivery Model gives you a team of experts that knows your business inside and out. We work with you to determine the best course of action given your organization’s specific needs, assets, threats and opportunities. Our network security approach is tailored to match exactly what your organization needs to defend itself.
Reach out to the team at deepwatch today to get started on preventing network security issues from disrupting your business.