The Internet of Things (IoT) has become entrenched into every aspect of the modern pace of life. Learn how to incorporate cybersecurity into your IoT strategy from the beginning.
The Internet of Things, a broadly distributed, intelligent, autonomous network of smart devices, is already being rolled out all over the world, and with it come security concerns for every business network. Eventually expected to hit more than 25 billion objects by 2020, these devices can be as bulky as a soda vending machine or as innocuous as a smartwatch.
Computer security has lagged innovation in the industry for years. First through primitive floppy drives and then increasingly via the internet, as more and more machines were brought online, viruses and malware have cut through operating systems and productivity software almost without effort. No comprehensive defenses have ever emerged, and slapdash protection like antivirus scanners lag the threats by design.
Nonetheless, the patched-together defenses have been sufficient to allow the modern internet to function and even prosper with only a steady drip of breaches… albeit breaches costing approximately $6 trillion each year. With an average cost of $2.4 million and a time to recover of 50 days according to industry consultancy Accenture, businesses have been taking hits but making enough money in the process to write them off as just another cost of doing business.
But the advent of the IoT is likely to change that equation dramatically, and for the worse. While businesses today spend around $93 billion in cybersecurity services, the rapid explosion in both the number of devices to be secured and the difficulty of securing their proprietary and possibly unsupported operating systems will skyrocket.
To control those costs, it is imperative for businesses to develop strong, proactive strategies for securing their networks for the Internet of Things.
Recently, the Department of Homeland Security released a guide to strategic principles for companies to follow in this effort. The six steps are ones that every business and IT manager should know.
Incorporate Security at the Design Phase
Both the design of IoT devices and networks that will be supporting them will have to be carefully built from the ground up for security. Unlike today’s LANs and WANs, security cannot simply be an afterthought. Network-level security by default is the best practice, using explicit permissions for protocols and devices sending packets instead of the common default-permit procedures usually allowed on today’s networks.
Building networks tolerant of disruption and compromise is also important. Redundancy and segmentation capabilities can rapidly seal off compromised devices or network segments, allowing company business to proceed unmolested in other parts of the organization.
Advance Security Updates and Vulnerability Management
Some 80 percent of malicious attacks are conducted against security vulnerabilities that have already been found and fixed by the original vendors. Patch management is a chronic problem in today’s networks and it will only get worse with millions of more devices flooding corporate systems.
The brunt of this problem will fall on vendors themselves, but companies can assist them by selecting devices with strong patching support and moving aggressively to eliminate out-dated or unsupported IoT peripherals.
Build on Proven Security Practices
Although the IoT will undoubtedly lead to a sea change in corporate information security practices, the rest of the internet and its attendant weaknesses will not simply disappear. Current best practices are still important and can, in fact, mitigate many potential IoT vulnerabilities along with the more traditional holes they are designed to cover.
A solid, in-depth defense strategy that does not put all your security eggs in one basket is something every company should already have. Businesses that already use this technique are miles ahead when it comes to being prepared for their IoT roll-out.
Prioritize Security Measures According to Potential Impact
Risk models in the IoT may not conform to current ideas for structuring network security. IoT devices will cover the gamut from welding robots to coffee machines. Each of these is likely to have different intended uses and network environments and will come from the factory built with that use in mind.
But if there is anything that today’s internet has taught us, it is that users find their own applications for devices. IT departments will have to prioritize their security strategy to deal with unintended uses and to aggressively identify new devices on networks.
Promote Transparency Across IoT
Identifying and managing devices generally requires a new and powerful kind of transparency. Corporate networks that are managed piece-meal without network monitoring systems that cut across departmental boundaries will be especially vulnerable to insidious IoT breaches.
This transparency also has to include vendors, who will need to promote better customer awareness of device capabilities and vulnerabilities. Businesses buying IoT products will need to insist on a far greater amount of information about what they are plugging into their networks than is common today.
Connect Carefully and Deliberately
That leads to the final point, which is that IoT rollouts should be conducted carefully and deliberately. Only after engaging every other step in the strategic blueprint should IoT networks be brought online, and then only with close monitoring. Selective connectivity should be the rule of the day, even when this means preventing users from bringing in their own systems.
As DHS points out in their guide, mitigation in this area is a constantly evolving, shared responsibility. Businesses will have to learn to work more closely than ever with vendors of IoT devices, and those vendors will have to provide better support for longer periods more effectively than ever before if they hope to remain players in the market.
Like today’s internet, though, the IoT has the potential to entirely remake commerce and the daily life of every human being on the planet, and the economic benefits of ensuring security will pay huge dividends on the investment.
Tiered Cyber Risk Management Services
Learn more about the four necessary tools to prevent security breaches. No matter your organization size, you are at risk. No company is secure unless you don’t use the internet or computers, which is highly unlikely.
How to Prevent Security Breaches
Network security threats are constant and real. By simply using the internet, we are constantly being bombarded by multiple types of internet threats. All types of internet threats apply various forms of malware and fraud, in which every part of it uses HTTP or HTTPS protocols, and utilize other protocols and components, such as links in email or instant messaging, or malware attachments that have access to the Web. Read more on the Ultimate Guide to Network Security Threats
With all the many types of network security threats, how is it possible to prevent security breaches? Take a look at the four tools we use to help protect our clients.
Tool #1: SIEM
You need a SIEM to help log security events for your organization. This is the first line of defense to prevent security breaches. You may already have this tool on hand because it is required by compliance regulations. We recommend managed SIEM if you aren’t using the technology to its fullest capabilities or if you don’t have the resources needed to manage the SIEM.
Your organization likely has firewalls, IDS/IPS, and AV solutions installed that look for malicious activity at various points within the IT infrastructure, from the perimeter to endpoints. However, many of these solutions are not equipped to detect zero-day attacks and advanced persistent threats. Help prevent security breaches by adding SIEM technology to your arsenal.
What is a SIEM?
Security Information and Event Management (SIEM) – A SIEM platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.
A SIEM system centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.
Read more in our SIEM FAQs
If you already have a SIEM, why should you consider outsourcing the management of your SIEM to prevent security breaches?
There are many reasons to consider Managed SIEM including:
- Finding and maintaining experienced SIEM/SOC Security Analysts is NOT EASY (and also expensive)
- You could build it, but it will take much longer than outsourcing to a professional security services provider like Cybriant
- You are getting everything from an MSSP only at a fraction of what you could spend internally
- Scalable and Flexible
- Greater Threat Intelligence – We’ve been doing this awhile and we’ve seen a lot of things.
Without the proper planning and expectations around people and processes up front, the odds of achieving even the minimal capabilities of a SIEM solution are slim to none.
Tool #2: Endpoint Detection and Response (EDR)
Prevent security breaches with endpoint detection and response. Our team utilizes artificial intelligence that will help stop advanced threats and malware at the most vulnerable point – the endpoint.
Antivirus isn’t enough to protect endpoints.
The underlying technology for Cybriant’s EDR service is the only technology that stops over 99% of advanced threats and malware before they can execute to cause harm. It completely eliminates the need for legacy antivirus software, anti-exploit products, whitelisting solutions, and host-based intrusion detection and prevention systems.
Cybriant uses a “prevention-first” technology – we stop attacks before they cause harm, vs allowing attacks to happen, then clean up the mess. By reducing the number of endpoint security products deployed on the endpoint, customers gain operational efficiencies by not having to manage signatures, policies, or deployments of additional protection.
Cybriant’s Managed EDR can help eliminate legacy endpoint security technology that are not effective against today’s threat problems, thus improving cost savings and management overhead. The technology was tested by HIPAA security assessors and found to be significantly superior to any other antivirus or anti-malware product in finding malicious software.
Managed Endpoint Detection and Response Benefits
When you outsource the management of your Endpoint Detection and Response (EDR) to Cybriant, our security analysts are able to:
- Perform root cause analysis for any blocked threat or any other artifact deemed important found on an endpoint
- Proactively search endpoints for signs of threats commonly referred to as threat hunting
- Take decisive action when a security incident, or potential incident, is identified
Tool #3: Patch Management
How many recent cybersecurity breaches you’ve read about in the news have been caused by known vulnerabilities that need to be patched?
According to a recent Poneman study, “To prevent data breaches, security teams need to patch more quickly,” the study says. “However, the survey shows that they are being held back by manual processes and disconnected systems that compromise their ability to patch in a timely manner.”
Patch management is a simple process that tends to be overlooked by already overwhelmed IT employees but, to prevent security breaches, this can have the biggest impact.
The best way to ensure proper patch management is to outsource to a company like Cybriant and use automation.
Our Responsive Patch Management solution will scan your systems, check for missing and available patches against our comprehensive vulnerability database, download and deploy missing patches and service packs, and generate reports to effectively manage the patch management process of the enterprise.
Our Responsive Patch Management solution handles every aspect of Windows, Mac, Linux and third-party application patch management. This includes deploying patches seamlessly across desktops, laptops, servers, roaming devices and virtual machines, from a single interface.
Our Responsive Patch Management solution will update the configuration baseline definitions to include the new patches, regularly analyze to assure that all endpoints remain in compliance, identify improvements and customize the patch management process accordingly.
Tool #4: Vulnerability Management
To prevent security breaches, it’s important to understand that an asset is no longer just a laptop or server. It’s now a complex mix of digital computing platforms and assets which represent your modern attack surface, including cloud, containers, web applications, and mobile devices. Proactively discover true asset identities (rather than IP addresses) across any digital computing environment and keep a live view of your assets with our managed vulnerability management service.
Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities. The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.
By using risk prioritization, our security experts have the skills to understand exposures in context. They will prioritize remediation based on asset criticality, threat context, and vulnerability severity. Our reporting will help you prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique
The modern attack surface has created a massive gap in an organization’s ability to truly understand their cyber exposure.
The larger the gap, the greater the risk of a business-impacting cyber event occurring. Traditional Vulnerability Management is no longer sufficient. Managed Vulnerability Management extends vulnerability management by covering the breadth of the attack surface (IT, Cloud, IoT/OT) and provide a depth of insight into the data (including prioritization/analytics/decision support).
If you are ready to prevent security breaches for your organization, consider PREtect. It’s our tiered service that offers all four products in a flexible and affordable cyber risk management service.
All 4 Tools in 1 Service
Are You Overlooking This Vital Patch Management Process?
Patch Management is a seemingly simple task that is often overlooked. And has been one of the causes of the biggest breaches in cybersecurity history. IT operations workers that apply the patches are often pulled many different directions, so patch management isn’t always a priority.
While the patch management process seems simple, the actual implementation is overwhelming. There are often many open vulnerabilities and patching them all just seems too complicated.
So, many companies just skip the patch management process and only focus on critical needs.
Sometimes even understand what is the most critical to patch seems difficult.
Enterprises typically have thousands of different pieces of software, ranging from mobile apps on phones to legacy systems of record running in on-premises data centers – and everything in between.
Furthermore, such software is typically a mix of commercial off-the-shelf (COTS) packages, open source software, and custom-built applications. Vulnerabilities crop up in all of these on a regular basis.
Given this never-ending stream of available patches combined with perennially limited security staff, prioritization is essential. A recent Ponemon study underscored this point. “65% of respondents say they find it difficult to prioritize what needs to be patched first,” explains the ServiceNow-commissioned study Today’s State of Vulnerability Response: Patch Work Demands Attention. “To accurately prioritize vulnerabilities, you need to know both the severity—as measured by Common Vulnerability Scoring System (CVVS) scores, for example—and the types of business systems affected.”
Importance of Patch Management
“To prevent data breaches, security teams need to patch more quickly,” the study says. “However, the survey shows that they are being held back by manual processes and disconnected systems that compromise their ability to patch in a timely manner.”
If patch management is not a priority at your organization, consider Responsive Patch Management from Cybriant. As part of our PREtect ADVANCED service, it takes the stress and guesswork out of your hands and put it into our capable expertise.
An often-missed piece of the patch management process is understanding your inventory. Our Responsive Patch Management solution will scan your systems, check for missing and available patches against our comprehensive vulnerability database, download and deploy missing patches and service packs, and generate reports to effectively manage the patch management process of the enterprise.
Our Responsive Patch Management Process
By utilizing an industry-leading patch management software and our dedicated experts, your patch management process will always be a priority.
Our patch management process includes:
Step 1: Automatic System Discovery
You can choose the systems that are required to be managed and we take it from there. The agent will perform a vulnerability assessment scan and patch deployment.
Step 2: Online Vulnerability Database
A vital feature of our patch management process is our vulnerability database. This hosts the latest vulnerabilities that have been published after a thorough analysis. When we find a patch that matches a vulnerability on your system, we download the patch from this database. This provides the information required for patch scanning and installation.
Step 3: Vulnerability Assessment Scan
We scan all the systems for missing Windows patches in the operating systems as well as applications. It reports the level of vulnerability after the scan. Missing Windows patches are identified from the local vulnerability database.
Step 4: Approval of Patches
Most often, patches are deployed in a sandbox environment before they are introduced to your entire network. This extra set makes the patch management process error-free and stable. Our team can ensure that the patches tested are directly approved for deployment.
Step 5: Patch Deployment
When approval has been finalized, we will deploy the necessary patches. The status of the patch deployment is updated back to you. The installation process can also be scheduled for a specific time.
Step 6: Patch Reports
Reports are available for system vulnerability level, missing Windows patches, application Windows patches, and task status. These reports can be exported to PDF or CSV formats.
Step 7: Severity-Based Patch Management
Our team will work with you to determine and configure severity levels for missing patches, eliminating the need to evaluate system health and vulnerability status based on a common list of missing patches. This helps deploy patches based on severity and ensures accuracy on identifying missing patches.
Step 8: Automated Patch Management
An important piece of the patch management process is automating patches for computers on your network. We can automatically install software, patches, and services packs in regular desktop activities. This includes:
- Scanning computers periodically to identify missing patches
- Identifying and downloading the missing patches from the vendors’ websites
- Downloading required patches and creating tasks related to patch deployment
- Downloading required patches automatically and installing them on to specific computers
This process can be specified for a targeted set of client systems. You can choose to have different levels of automation for different sets of client systems. The process of deploying patches automatically depends on the level of automation you choose. This helps ensure that all computers remain up to date with the latest patch releases from OS and application software vendors.
If the patch management process is important to you, but you don’t have the necessary resources on staff to manage it, consider our Responsive Patch Management Service.
Patch Management is included in PREtect PREMIUM!
Hackers and cybercriminals have quickly outpaced traditional enterprise antivirus tools. Endpoint detection and response (EDR) security tools provide antivirus features but can help protect an organization’s modern attack surfaces.
Legacy enterprise antivirus also fails to accommodate for the modern enterprise’s IT environment. In the heyday of antivirus solutions—not coincidentally also the earliest days of computers—few business processes relied on digital actions or interconnectivity to function optimally. Enterprises didn’t really have a digital network perimeter to protect, as endpoints were generally treated and managed individually. Enterprise antivirus solutions were installed on each endpoint with no central administration and were then forgotten about until it was time for their renewal.
As more enterprises undergo a digital transformation—becoming digitized and taking advantage of new online business programs such as cloud storage—the more the decentralized cybersecurity protocol fails to properly secure the IT environment. With the introduction of the mobile revolution and the remote employee—not to mention the increase of computers in everyday enterprise interactions and business processes—the enterprise’s IT perimeter is constantly expanding.
A digital perimeter of this size can be assailed from multiple entryways and attack vectors simultaneously, requiring a consistent and coordinated cybersecurity platform to ensure the highest level of protection. Endpoint security can provide the centralized security that compiles security alerts from throughout the IT environment and updates every endpoint’s cyber-protection simultaneously. Only with this cybersecurity can your IT security team be aware of what threats are assailing your enterprise and from where.
In the battle of endpoint security vs legacy antivirus, the former certainly proves superior to the latter for enterprises looking to secure their endpoints against modern hacking tools and tactics.
Many organizations are not comfortable removing their antivirus product completely. Very often, clients will utilize managed EDR security services to determine just how much their current AV has missed. Managed EDR Security solutions can typically augment or replace traditional antivirus security solutions. You’ll have the ability to detect and prevent hidden exploit processes that are more complex than a simple signature or pattern and evade traditional antivirus. Gartner coined the term EDR back in 2013.
Read more, “7 Reasons You Need Managed EDR Security”
Enterprise Antivirus: Unknown Threats
An enterprise’s attack surface is complex and ever-changing, and that’s partly because of the constantly evolving modern threat landscape.
Many successful modern cyber attacks stem from previously unknown threats. Because legacy enterprise antivirus solutions often only block known attacks, they are being rendered increasingly ineffective.
Modern organizations will need to be prepared to combat unknown threats with proactive, preventive technology. With the power of AI, unknown attacks can be identified and stopped before they cause harm, actively reducing the enterprise attack surface and saving a business both time and money.
Do you have a handle on the vulnerabilities attackers are increasingly pursuing, and what it takes to protect them?
Legacy enterprise antivirus is no match for unknown threats. Organizations cannot wait for the latest update or a threat to first be discovered, identified, and added to AV. Signature- and behavioral-based solutions that use a defined list are reactive and suited only to block yesterday’s attacks. Today the most dangerous threats are unknown—i.e., custom, brand-new (zero-day), or polymorphic exploits and payloads.
To stay ahead of attackers, organizations need dynamic, proactive security that can identify previously unknown threats and harmful payloads before they can execute.
Other common attack surface tactics and how to defend against them
Memory Exploits: Potential file executions from possible unknown malware need to be analyzed in milliseconds before they have an opportunity to execute in the computing device’s memory. A malicious payload may begin with a benign operation to fool security measures. Analysis should be rapid and deep enough to see downstream malicious actions.
Unauthorized Applications: Application control capabilities are a must as the next line of defense on purpose-designated servers and fixed-function devices. These need constant monitoring to prevent unauthorized apps from running or unauthorized use of a system.
Cloud Assets and Infrastructures: The cloud must not be a weak link in your attack surface. Cloud environments need to be protected from misconfiguration. The same security from on-prem resources needs to be extended to the cloud and provide consistent protection.
Using an AI-driven EDR solution, Cybriant offers a Managed EDR service that delivers self-contained, automated, machine learning threat detection modules which uncover threats that would be nearly impossible to find with static behavior rules.
Enterprise Antivirus: Replace with EDR
There is no doubt that organizations stand to benefit from EDR technologies, which enable faster response and remediation for security incidents. According to 451 Research, the right EDR components can greatly augment and complement existing prevention-based security postures. Read the 451 Research report: Expanding Machine Learning Applications on the Endpoint.
Keep pace with the threat landscape. Modern attacker tactics, techniques, and procedures (TTPs) are quickly outpacing legacy antivirus products, rendering them less effective over time. The same will hold true for EDR solutions that rely on rules alone. See how AI-powered EDR compares with the traditional EDR approach.
An organization’s attack surface includes all elements that can be used by an attacker to gain control of systems, networks, software, users, and assets. As much as 97% of all malware now uses a polymorphic technique to avoid detection by legacy AV. 1 The attack surface is constantly changing — new users, new systems or software, network changes, and security changes. In order to gain access, an attacker will look to exploit the weakest link in the attack surface. In an ideal world, security teams would simply reduce their attack surface to virtually zero. However, in today’s hyperscale enterprise environment, where new assets are added as demand dictates, it’s unrealistic to assume that enough action can be taken by the IT team to achieve this.
Attackers Seek the Weakest Link
Organizations want to minimize their attack surface, but realize that the attack surface is constantly growing and changing. Legacy AV is no match for unknown threats. Organizations cannot wait for the latest update or a threat to first be discovered, identified, and added to AV. Signature- and behavioral-based solutions that use a defined list are reactive and suited only to block yesterday’s attacks.
Today the most dangerous threats are unknown—i.e., custom, brand-new (zero-day), or polymorphic exploits and payloads.
To stay ahead of attackers, organizations need dynamic, proactive security that can identify previously unknown threats and harmful payloads before they can execute. It’s time to focus on the bigger picture. An organization’s attack surface is the total sum of all vulnerabilities in a device or network that an attacker can exploit to gain access and compromise the system or environment.
The aim is to keep the attack surface as small as possible and to actively manage all potential areas of vulnerability. But in today’s hyperscale enterprise environment, where new assets are added as business demand requires, the strategy for managing the attack surface has become ever more unwieldy. Here, we review some of the considerations and best practices for managing your attack surface. Potential file executions from possible unknown malware need to be analyzed in milliseconds before they have an opportunity to execute in the computing device’s memory. A malicious payload may begin with a benign operation to fool security measures. Analysis should be rapid and deep enough to see downstream malicious actions. Application control capabilities are a must as the next line of defense on purpose-designated servers and fixed-function devices. These need constant monitoring to prevent unauthorized apps from running or unauthorized use of a system.
The cloud must not be a weak link in your attack surface. Cloud environments need to be protected from misconfiguration. The same security from on-prem resources needs to be extended to the cloud and provide consistent protection.
Reduce Your Attack Surface with AI-Driven Security Solutions
It’s time to say goodbye to traditional EDR approaches that don’t actively reduce risk and are only capable of slowly reacting and responding to attacks after they’ve executed.
With evolved, AI-driven Managed EDR security, you will reduce the overall volume of security alerts and cut down on the amount of time required to remediate.