Founder & CEO
During my recent travels around North America meeting with customers and talking to them about Security and their challenges, I’ve identified some common themes that I think are worth sharing.
YOUR SECURITY POSTURE
During these meetings, I frequently began the conversation by asking the customer what they think their security posture is today with respect to the world we live in. I almost always received the response that they feel they are in great shape because they have some form of a firewall or intrusion detection system (IDS) in place and they do regular “checks of the system”. I then ask them, are you monitoring it? This is when I see 50% of the them look at me with a blank stare and the other 50% give me a halfhearted, “yes we have someone who does that”. Both of these customers are just as vulnerable in my opinion for the following reason. If I take the statement, “yes we have someone” literally, then – to me – that means one person. From experience, I know that this one person probably spends 10-20% of his/her time monitoring while the other 80-90% of this person’s day is spent on the day to day operations needed to keep the lights on. On top of this, the last time I checked, people don’t normally work 24 hours, 7 days a week, 365 days a year.
So what happens when the IT guy goes home at 5 o’clock? The hackers don’t stop at 5 pm. In fact, our Security Operations team overlaps its shifts in the evening because we see an increase in malicious attempts during this time. This leads me to ask customers,“so who is looking at your crown jewels outside of your IT department’s regular work day?”.
PHISHING AND BREACHES
The reality is, good enterprise quality firewalls and an intrusion detection appliance or software will catch a great deal of the “standard” attack traffic, but what these devices and systems don’t catch are the more complex schemes and systems that are very prevalent in today’s world. Things like sophisticated phishing and social engineering attacks that, if successful, can allow an attacker to breach your system and gain access well inside the network. When something like this happens, a firewall and an intrusion detection device are about as useful as a winter jacket in Texas in the middle of the summer. Against these type of attacks, customers are better protected by a monitoring service that has a view of their systems 7x24x365 and can detect anomalies that can be quickly quarantined so that analysis can be performed to determine if they are malicious or not. This is the reason Bulletproof has launched a Security Operations Center (SOC), which can offer these services to our customers in 21 countries and has a staff of people to watch their systems around the clock.
SECURITY OPERATIONS CENTER (SOC)
To manage the sheer volumes of data that the SOC processes, a Security Incident Event Monitoring (SIEM) tool is used to correlate all of the data and categorize it quickly and efficiently. The key to these systems is that they have artificial and business intelligence built into them that alert the SOC when something out of the ordinary is occurring. This along with our internal processes that have been developed over the past 15 years allow us to manage copious amounts of data in real time.
The second point that customers often make is that they do regular security and risk assessments of their network. This is an excellent process and one that needs to be adhered to regularly. The only problem with doing just security assessments is that they are a “point in time” view of a company’s security posture. Regular assessments are an absolute necessity but are just one aspect of an overall security program that should also include other controls like ongoing monitoring for a defense in depth approach.
TOP 10 VULNERABILITIES
The following list outlines the top 10 vulnerabilities identified in our customer’s networks over the past two years. While some of these take real effort to fully mitigate, many of them are fairly easy to address; yet, over and over, we see the same types of issues in each of the customer environments we assess. The following list is not an exhaustive list of these issues but it’s the most common ones we see. I’m sharing it with this audience in the hopes that everyone can benefit from better understanding these trends and the services Bulletproof can offer to help.
1 – Network Weaknesses that Allow for Man-in-the-Middle Attacks
- Allows a malicious attacker to eavesdrop and intercept network traffic containing passwords or password hashes that can be cracked.
2 – Lack of Effective Internal Logging and Monitoring
- If a password is compromised, the next step is usually to create an account and escalate privileges on the network. Most casinos don’t have the systems or staff to detect and respond to events of interest that may indicate a malicious activity.
Coupled with this are response plans. The Casino should have a plan for who to engage in the event of a security incident.
3 – Weak Passwords
- We still see this in most locations we visit.
4 – Domain Users with Local Administrative Access
- If a malicious individual is able to capture the credentials of an administrator account on the domain, the next step is for them to see if the admin account has administrative access to the local machine they are attempting to compromise. If so, it makes their job much easier. Granting Domain Administrators local administrative access is usually not required and doesn’t align to best practices.
5 – Default Credentials
- Default vendor credentials are often discovered on networking equipment, databases, etc.
6 – Enterprise System Management Platforms Often have a Weakness that Permits Unauthorized Access
- This weakness can be utilized to initiate destructive commands or passively monitor the network for reconnaissance purposes.
7 – Sensitive Data Stored Unencrypted in Shares
- This can include sensitive patron information if such information is being collected by the Casino. It often includes financial and employee personally identifiable information as well.
8 – Service Level Accounts with Domain Admin Priveleges
- Generic service accounts that are not associated with a named user are often configured with more privileges that they require.
9 – Missing Critical Patches
- Patch management practices are often found to be lacking due to a shortage of resources or vendor concerns about updates and patches affecting the stability of their systems.
10 – Excessive Number of Domain Users with Administrative Accounts
- End users should use accounts with normal user permissions for everyday tasks such as checking e-mail and completing tasks. Out of convenience, many organizations provide end users with administrative level access. If a malicious individual is successful in compromising an end users account that has admin privileges, through social engineering or other means, they will have the access needed to further compromise the network and systems.
If your security program doesn’t already include regular security assessments and a monitoring service, then you may want to consider these options. Many people don’t realize that to provide a true 7x24x365 monitoring service you need at least 5 full time people to cover off, three shifts a day, weekends and holidays. At an average salary of 60K annually, or 5K a month, that’s a cost of over 25K a month if you factor in benefits and overhead, so why would you try to accomplish this internally when you can procure this service at a fraction of the cost through a provider that has the economies of scale and expertise to reduce your risk 10 fold.
In summary, if you have data that is confidential and critical to the operation of your business, don’t put it at risk by not investing in the proper protection services! Most often businesses survive an initial attack but struggle with the long term costs associated with response efforts and reputational impacts. It is my hope that you can use the information shared in this post, to stimulate the conversation needed to assess how you compare. Are you taking due care to protect your business in these areas? Are you getting the value from your investments in security? We, at Bulletproof, are always here to explore these questions with you and to help you make the right decisions for your business.
Contact Us to start the conversation!
Sign Up to get interesting news and updates delivered to your inbox!