Better Security with Asset Inventory and Attack Surface Visibility
Steps to tackle vulnerabilities for a stronger security posture.
The number of connected devices deployed in today’s enterprise IT infrastructure represents a serious cyber risk to networks and their associated data and systems. Srinivas Loke of Ordr discusses how asset inventory and attack surface visibility could help manage vulnerabilities better.
According to IoT Analytics, the annual growth of the Internet of Things (IoT), Internet of Medical Things (IoMT), operational technology (OT), Industrial Internet of Things (IIoT) and other classes of devices connecting to the Internet is growing at 16% per year. It will reach nearly 17 billion active devices by the end of 2023. That’s a real challenge to IT operations and security managers, who must identify, track, and monitor every device in real-time.
Threat actors know this and target connected devices for the simple reason that there’s a good chance they can exploit their vulnerabilities or use them to move laterally within a network undetected. That’s why recent reports found cybercrime syndicates engaged in “a sophisticated attack campaign” targeting connected devices, while another ABI Research report suggests that malware attacks targeting IoT devices have risen 700% since 2020. And when attacks targeting connected assets succeed, the Ponemon Institute/IBM Cost of a Data Breach Report says organizations pay $195,428 above the $4.45 million average. A highly publicized attack on the University of Florida Health Leesburg Hospital and The Villages Regional Hospital forced staff to revert to pen and paper to document patient care for several weeks.
What Puts Security At Risk?
Because innovators are producing new types of devices to support every type of industry and organization, no one is immune. As one CISO lamented, “I’m even responsible for securing the devices I don’t know about.” Detecting, identifying, monitoring, and securing connected devices requires specialized tools, skills, and strategies to close visibility gaps and bring sophisticated automations to bear in defense of the enterprise. Here are two conditions associated with connected devices that plague IT operations and put security at risk.
See More: Key Takeaways From Verizon’s 2023 Data Breach Investigation
Unknown devices
If a device is unknown, then it is unprotected. If an unprotected device is connected to a network, it creates a gaping hole in the security posture for an organization and an accessible entry point that threat actors can take advantage of. Sometimes, the devices that connect are completely innocuous, such as a Tesla in the parking lot or a pair of parking garage gate control systems that just happen to connect with a facility’s network. But they may bring vulnerabilities that can be exploited by threat actors. We all know the impact of a cyberattack on an organization can be disastrous, but for those providing critical services, such as healthcare facilities, government agencies or utilities, it can be even worse. If healthcare professionals are unable to access data, critical systems, or equipment or have to revert to pen and paper due to a ransomware attack locking down the network, then patients are prevented from receiving the care that they need. Needless to say, this is not a matter to be taken lightly.
Obsolete hardware
Even known connected devices can pose a risk to a network. In environments like manufacturing and healthcare, where expensive and function-specific equipment is used, many of these devices are designed with functionality and longevity in mind, but not necessarily security. The software it was initially designed with can rapidly become obsolete, as the lifecycle of a hospital bed or welding robot far outlasts that of a traditional endpoint. In the absence of in-depth knowledge about the device, its software and its behavior, IT teams are unable to mark these devices as a potential security risk – and by extension, they are unable to take the necessary precautions to secure them.
IT teams and administrators can spend hours upon hours looking through equipment that’s connected to their network to discover and mitigate risks, but that time could be better spent actually protecting the network from potential threats or innovating new ways to improve services, outcomes, or increase revenues.
Six Steps To Improve Your Security Posture
While there is no “catch-all” solution to discover and address device vulnerabilities, there are several steps that teams can take to positively impact their organization’s security posture:
1. Comprehensive inventory management
An organization can’t protect its network without knowing what’s on it. Having visibility of the devices connected to your network is crucial for security, so it is essential to gain a comprehensive, real-time asset inventory of what’s on the network. This asset inventory should include granular details on all connected devices, including their make and model, software version, location, and other key factors.
With this in place, organizations can quickly identify vulnerabilities in both unknown and known devices – empowering them to take the necessary steps to secure them. For example, think of the recent MOVEit file transfer vulnerabilities; full visibility would allow an organization to know if they are using any compromised devices or software and take steps to prevent or remediate any potential intrusions.
2. Baselining device activity
Being able to determine whether or not a device is behaving normally is important in discovering anomalies. Organizations can better identify and address vulnerabilities by creating a baseline for normal device activity. Baselining creates a standard level of activity for an organization to expect from devices connected to their network.
This enables an organization to see if a device is operating at an abnormal or suspicious level, allowing them to further investigate and determine whether it poses a security risk or not. It gives teams an important opportunity to mitigate a potential situation before it evolves into something more malicious and harmful.
3. Utilizing autonomous tools
As previously established, time is crucial when faced with the possibility of a cyber threat; attempting to manually identify devices is an uphill battle and is both inefficient and ineffective. Not only does a manual approach siphon massive amounts of time, it also leaves room for errors, such as when an employee writes down an incorrect serial number or manufacturer name. To address this challenge, organizations can implement automation to help with the discovery process. Autonomous asset discovery solutions enable organizations to have continuous visibility at all times over their networks. They can work around the clock to discover devices and vulnerabilities faster than any human could, allowing security teams to rapidly pacify potential threats.
4. Zero-Trust security policies
If unknown devices can pose a great risk to your network, then why not try to prevent them from connecting in the first place? Implementing robust access controls and Zero Trust policies is a rudimentary step in maintaining network security, but one that can have an excellent return. Strong, continuously updated controls can help to prevent unauthorized access to the network.
For example, when a new device connects to a network or an existing device has a change in configuration, the device is restricted from network access until it can be verified to be safe. You can also implement proactive Zero Trust policies for devices running outdated operating systems if you can “baseline” communications (as described earlier).
By understanding normal communications for assets in the network, you can create Zero-Trust security policies to allow only those communications and nothing else. This is the fundamental principle of Zero-Trust security. Put simply, it provides an extra layer of security against threats, both inside and out, ensuring a more secure network. In the example of devices running outdated operating systems (where patches are no longer available), these Zero Trust policies keep devices securely in operation, which can also help with costs to rip and replace them.
5. Conducting regular security audits and assessments
As made apparent by the almost daily news stream of high-profile data breaches and cyberattacks, both the technology and the methods cybercriminals use are evolving. Being complacent with your security posture is almost an open invitation for threat actors to exploit your network. This is why another best practice is to implement regular security audits and assessments.
These audits should include a thorough review of the organization’s security policies and procedures, as well as an evaluation of their effectiveness. It is an absolute necessity to look in the mirror and identify your vulnerabilities. This will allow your organization to pinpoint weak spots and reinforce them to better protect your network and data.
6. Fostering a security-centric culture
Although upgrading, reinforcing, and maintaining the technological components of a network are critical to maintaining security, the human element should be equally stressed. In fact, around three-quarters of data breaches and security incidents are a direct result of human error.
Furthermore, in-depth training of staff can reduce the cost of a breach by almost $233,000. An organization could utilize the most state-of-the-art security technology, but if employees are not well-versed in cybersecurity protocol, any advantage can be nullified by a simple mistake. Therefore, it is extremely important that employees are well-trained to not succumb to the tactics of hackers.
See More: How To Choose the Right Approach To Vulnerability Prioritization
Proactive Security with More Visibility
Although, at times, it may seem impossible for companies to defend against the constant onslaught of cyber-attacks, hope for the future of cybersecurity is far from lost. Innovation in cybersecurity gives organizations new ways to fight back while supporting efforts at improving network protection by making it easier to adhere to proven best practices.
By investing in better tools and techniques, companies can greatly amplify their security posture and take a proactive approach to defending the ever-growing attack surface and keeping themselves from appearing in the next cyberattack headline.
Are you investing in asset inventory and a wider or deeper attack surface visibility? Tell us about it on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON ATTACK SURFACE VISIBILITY
