By Michael Oldham
That may sound a bit dramatic, but all you need to do is look at the headlines to see that it’s happening. It doesn’t matter how much money you’re spending or what name-brand security company you’re using; if you are like most other organizations out there, you’re potentially vulnerable.
Almost all the attacks we see out there are designed for one task – to get inside your organization. While this sounds obvious, there’s a strong rational behind it. Once hackers get past the perimeter of the outside network, there’s little or no protection to keep them from achieving their insidious goals. That’s because most organizations’ defenses are still set up like a castle and moat defense – hard on the outside, but soft and gooey on the inside. Get past the shell and it is game over.
Today’s attacks, such as the SolarWinds breach, are still after the same targets; hackers are just taking novel approaches to achieve the same goals. Stolen credentials, phishing attempts, business email compromise (BEC), exploitation of remote access vulnerabilities through VPNs, RDP and other solutions, brute force or dictionary attacks – regardless of the type of attack, the goal is universal: Get a foothold inside your infrastructure to do wider damage.
Once hackers get that foothold, there is very little that can be done to stop them from taking or locking up whatever they want. That’s because most organizations are NOT set up to block an attacker who is already inside their information systems. There is little to no protection once an attacker is inside your infrastructure. Even if the hackers don’t have permissions to gain access to everything, once inside, it’s even easier to find the people who do have those permissions and find ways to fool them – by leveraging other user accounts to introduce malware and steal their credentials, for instance. Most organizations are helpless if a hacker has valid credentials and is inside their network.
So, what do you do to stop this?
First, put in multi-factor authentication (MFA). Period. This is the baseline to significantly prevent your accounts from being taken over. MFA makes it much harder for hackers to get inside your infrastructure by stealing, guessing or buying credentials. Even better, use multiple factors of authentication, which could include device validation, certificate checks, Geo IP intelligence, etc.
Second, close as many exposure points as possible to the outside world. That means closing ports across your legacy infrastructure that have been opened for cloud, web services, Shadow IT and other applications – some that you may not even be aware of.
Every open port is another point of attack that hackers will gleefully exploit. Think about it: each solution – such as VPN, RDP, MDM, Web Servers and even cloud services or infrastructure – opens wide another door for attackers to walk on through. The more open ports you have, the more your exposure increases. And your already overwhelmed IT team fights an often losing battle as they just try to keep up with managing, maintaining, patching and installing updates for all those various solutions.
Failure to do so on even one product increases your exposure dramatically. And honestly, what IT team today can keep up with all that patching and do it on a timely basis? That presents a huge risk to your business. Closing ports to better secure your organization has a real, direct, significant business benefit.
Third, introduce segmentation inside your infrastructure. Everyone is committed to keeping hackers out, but the truth is they still get in, or you may even be attacked by an internal member of your organization. If you are breached, the segmentation of resources limits the damage anyone can do inside your infrastructure.
Segmentation prevents bad actors from pivoting once they are inside and prevents them from gaining access to other parts of your infrastructure, where they can steal or lock up data. With segmentation, those compartmentalized resources aren’t accessible without proper authentication (see the first and second steps above).
For example, if someone steals a user’s credentials, they only get access to what those credentials were authorized for. If you’ve combined those credentials with a multi-factor authentication plus device validation, they shouldn’t be able to even get into your infrastructure in the first place.
Another benefit of segmentation is that it doesn’t have to just be at the network level. Segmentation can be done at the resource level through intelligent policies that provide access to resources only under specific circumstances.
Implementing any of these three tactics will ensure a much greater level of security and minimize risk for your organization. If this all sounds like too high of a mountain for you to climb, it’s not. I’ll be happy to show how you can ascend to the peak of security quickly and cost effectively.