Page 71 - Cyber Warnings
P. 71
8. Laptops, desktops, phones and numerous IoT devices with connections to uncontrolled
hotspots using wire, WiFi, Bluetooth, Near Field and soon office lighting and satellites.
This creates uncontrollable holes galore in a company’s network security.
9. LAN networks with unknown mapping of ports and that lack the ability to shut down ports
with suspicious behavior instantaneously.
10. Home computers (and devices, often with malware already embedded) that the
company has given direct access into companies networks.
11. BYOD requires tools, policy and the ability to protect the company from devices with
weak protection, and embedded malicious code.
Assuming logs and tools for detection provide security. They only monitor what has gone
wrong after the animals have left the barn they are useful, but don't protect you. Great for
post analysis and testing but they are not protection. A bit too late don’t you think?
WHAT IS WORKING
1. Automated stakeholder management works so that every user, device and app is
managed.
2. Zero trust endpoint management.
3. Using techniques that improve resistance to hacking, invisibility of endpoints, honey
pots, secondary firewalls and data protection. These items help to make systems really
difficult to hack.
4. Two factor authentication, including for individual users. However, it must be in place
for each and every connection (phones, laptops, even IoT devices with a threat immune
infrastructure)
Blacksands security is a great example of these capabilities
5. Anti-malware software that uses heuristics to sense threats that have not yet been
identified.
Kaspersky is a good example of the use of heuristics.
6. Data protection, managing rules for what can or cannot be sent and received. This must
include encryption of all data and filtering what data can be received and sent. Watch out
for those quantum computers, a few already exist. Encryption algorithms are going to
need to be changed sooner than later to protect from quantum based code breaking).
Microsoft has strong capabilities in the data protection space.
A PLAN TO COVER ALL
Most of the time the security staff is so busy bailing water there is no time to patch the holes, let
alone row faster.
71 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide