During my recent travels around North America meeting with customers and talking to them about Security and their challenges, I’ve identified some common themes that I think are worth sharing.

YOUR SECURITY POSTURE

During these meetings, I frequently began the conversation by asking the customer what they think their security posture is today with respect to the world we live in.   I almost always received the response that they feel they are in great shape because they have some form of a firewall or intrusion detection system (IDS) in place and they do regular “checks of the system”.   I then ask them, are you monitoring it? This is when I see 50% of the them look at me with a blank stare and the other 50% give me a halfhearted, “yes we have someone who does that”. Both of these customers are just as vulnerable in my opinion for the following reason. If I take the statement, “yes we have someone” literally, then – to me – that means one person.   From experience, I know that this one person probably spends 10-20% of his/her time monitoring while the other 80-90% of this person’s day is spent on the day to day operations needed to keep the lights on.  On top of this, the last time I checked, people don’t normally work 24 hours, 7 days a week, 365 days a year.

So what happens when the IT guy goes home at 5 o’clock?  The hackers don’t stop at 5 pm. In fact, our Security Operations team overlaps its shifts in the evening because we see an increase in malicious attempts during this time. This leads me to ask customers,“so who is looking at your crown jewels outside of your IT department’s regular work day?”.

 

PHISHING AND BREACHES

The reality is, good enterprise quality firewalls and an intrusion detection appliance or software will catch a great deal of the “standard” attack traffic, but what these devices and systems don’t catch are the more complex schemes and systems that are very prevalent in today’s world.  Things like sophisticated phishing and social engineering attacks that, if successful, can allow an attacker to breach your system and gain access well inside the network.   When something like this happens, a firewall and an intrusion detection device are about as useful as a winter jacket in Texas in the middle of the summer. Against these type of attacks, customers are better protected by a monitoring service that has a view of their systems 7x24x365 and can detect anomalies that can be quickly quarantined so that analysis can be performed to determine if they are malicious or not.  This is the reason Bulletproof has launched a Security Operations Center (SOC), which can offer these services to our customers in 21 countries and has a staff of people to watch their systems around the clock.

 

SECURITY OPERATIONS CENTER (SOC)

To manage the sheer volumes of data that the SOC processes, a Security Incident Event Monitoring (SIEM) tool is used to correlate all of the data and categorize it quickly and efficiently.  The key to these systems is that they have artificial and business intelligence built into them that alert the SOC when something out of the ordinary is occurring. This along with our internal processes that have been developed over the past 15 years allow us to manage copious amounts of data in real time.

 

SECURITY ASSESSMENTS

The second point that customers often make is that they do regular security and risk assessments of their network.  This is an excellent process and one that needs to be adhered to regularly. The only problem with doing just security assessments is that they are a “point in time” view of a company’s security posture. Regular assessments are an absolute necessity but are just one aspect of an overall security program that should also include other controls like ongoing monitoring for a defense in depth approach.

 

TOP 10 VULNERABILITIES

The following list outlines the top 10 vulnerabilities identified in our customer’s networks over the past two years.  While some of these take real effort to fully mitigate, many of them are fairly easy to address; yet, over and over, we see the same types of issues in each of the customer environments we assess.  The following list is not an exhaustive list of these issues but it’s the most common ones we see. I’m sharing it with this audience in the hopes that everyone can benefit from better understanding these trends and the services Bulletproof can offer to help.

1 – Network Weaknesses that Allow for Man-in-the-Middle Attacks

2 – Lack of Effective Internal Logging and Monitoring

3 – Weak Passwords

4 – Domain Users with Local Administrative Access

5 – Default Credentials

6 – Enterprise System Management Platforms Often have a Weakness that Permits Unauthorized Access

7 – Sensitive Data Stored Unencrypted in Shares

8 – Service Level Accounts with Domain Admin Priveleges

9 – Missing Critical Patches

10 – Excessive Number of Domain Users with Administrative Accounts

If your security program doesn’t already include regular security assessments and a monitoring service, then you may want to consider these options.  Many people don’t realize that to provide a true 7x24x365 monitoring service you need at least 5 full time people to cover off, three shifts a day, weekends and holidays.  At an average salary of 60K annually, or 5K a month, that’s a cost of over 25K a month if you factor in benefits and overhead, so why would you try to accomplish this internally when you can procure this service at a fraction of the cost through a provider that has the economies of scale and expertise to reduce your risk 10 fold.

In summary, if you have data that is confidential and critical to the operation of your business, don’t put it at risk by not investing in the proper protection services!  Most often businesses survive an initial attack but struggle with the long term costs associated with response efforts and reputational impacts. It is my hope that you can use the information shared in this post, to stimulate the conversation needed to assess how you compare. Are you taking due care to protect your business in these areas? Are you getting the value from your investments in security? We, at Bulletproof, are always here to explore these questions with you and to help you make the right decisions for your business.

Contact Us to start the conversation!

Sign Up to get interesting news and updates delivered to your inbox!