More and more people are working from home. Now, organizations need a way to understand the role a remote workforce plays in their network performance and security posture. Fortunately, with network traffic metadata, organizations can easily monitor VPN traffic, whether it’s through a split tunnel or no-split tunnel.
Read moreAuthor: Justin
Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.
How can data theft be prevented?
Corporate data theft is nothing new. In fact, according to a study conducted by McAfee, “[a] majority of IT professionals have experienced at least one data breach during their careers—61% at their current company and 48% at a previous company.” This is an alarming reality, but it’s one that we can understand better to prevent future data breaches.
Read moreProtecting your network from IoT peer-to-peer vulnerabilities
In a recent article on Dark Reading, it was revealed that millions of IoT devices were exposed to a peer-to-peer (P2P) vulnerability. Given how wide-spread IoT devices are, and how device adoption will continue in organizations, it is important to understand the nature of these devices and how organizations can prevent these vulnerabilities from becoming backdoors into the corporate network. Specifically, let’s take a look at how businesses can protect themselves from P2P and IoT vulnerabilities.
What is P2P?
Nearly everyone reading this already knows the answer, but for those of you that don’t—or are unwilling to ask—let me break it down for you. P2P (yes, that’s a link to Wikipedia; you didn’t think I would just copy and paste it here, did you?) has been around for decades, and was made popular by Napster in 1999. This type of traffic is often marked as unwanted or illegal because of its connection with BitTorrent et al. with regard to downloading pirated software, music, games, etc. However, the technology is also deployed in many legal ways that improve network performance by reducing bandwidth. One such example is Windows Updates in Windows 10 when Delivery Optimization is enabled. Instead of every user on the network downloading updates independently, network-connected machines can retrieve already downloaded updates from peers on the network. It’s a great technology that can significantly reduce download time and network congestion, but, unfortunately, is now being used by hackers to take over IoT devices and gain access to the broader network.
So, we know that P2P is a feature included in many devices, like IoT cameras, that lets users access them without special, manual configuration. These devices have unique IDs that let the users connect to them from nearly any device, but what can organizations do to protect themselves from attacks?
Protecting your network from IoT devices
In the case of the iLnkP2P, there doesn’t seem to be much recourse other than completely disconnecting the devices from the network (which isn’t really helpful given that these are supposed to be internet-connected cameras).
For all IoT devices, it is critical that you monitor the traffic taking place between the devices and the rest of the network. Specifically, understanding the baseline traffic pattern for these devices is paramount. All IoT devices have one thing in common; they are all purpose-built to deliver on a narrow set of tasks—be that a camera, a smoke detector, or microwave. Because of this commonality, IT professionals can easily detect when network devices stray from the path and start communicating with devices on the network that they wouldn’t normally communicate with.
In some cases, this type of communication is more difficult to baseline, as is the case of the iLnkP2P connected devices. Because they rely on P2P, it can be difficult to understand normal communication from external devices, but internal communication should be a concern when these devices are communicating with devices that have no part in the devices functions (e.g., control servers or DVR systems for internal cameras).
If you want to understand how your IoT devices are communicating on the network, download a 14-day trial of Scrutinizer today. It will show you how these devices are interacting on your network and alert you when they start going off the path.
Creating a secure IoT environment
With global IoT product adoption continuing to grow, many organizations are trying to tackle the challenge of allowing these devices in while maintaining a strong security posture for the business. How businesses do this varies, but there is some good news for IoT aficionados who hope to deploy some new tech to make their jobs easier.
A growing trend for security
This week there were a few notable announcements related to the world of IoT. Firstly, the global internet of things security market was valued over US $550 million in 2017, and it is expected to have a compounded annual growth rate (CAGR) of over 34% in 2019. What does that mean exactly?
Well, with 34% growth, we can expect that companies will continue to invest in IoT security and that developers of these devices will have more opportunities to build devices that are inherently more secure. This is great for both consumers and businesses because when devices are deployed in an organization, they will likely have better controls that enable to business to keep the devices secure. Examples may include firmware update capabilities, encrypted communications, and the ability to change default credentials for devices.
As a signal to the market, Secure Thingz announced this week that they will help in the pursuit of securing IoT devices by making it easier to deploy security from the start. According to the announcement, “[b]uilding in security from the start of the design process is widely acknowledged as the optimal approach to tackling security challenges, and it starts with the creation of a security context that defines the application security.”
Because many developers don’t have a background in security, devices are often built with little consideration to security and protecting the user. This doesn’t mean that the developer doesn’t care about security, but because it requires additional resources, it is often left out of the planning stages or added as an afterthought before release. With this approach, many devices can’t be patched or don’t allow the user to change the settings. The result is backdoors for malicious actors to spread malware or leak data from network resources where the device is connected.
IoT security is further fueled as government initiatives for smart cities continue to grow. Countries are focusing on advancing smart cities to manage resources and assets efficiently. The investment in smart city projects will accelerate the deployment of network infrastructure, which will create the grid by which the various devices will communicate. This, in turn, will create demand for IoT devices like smart lighting, smart meters, telecommunication equipment, and more that will need to be secure. After all, we don’t want our city’s lighting or traffic systems compromised because we move from our current system to these “smarter” systems.
Securing the insecure
So, great news, we are starting to see a trend toward security for our IoT devices, but what about our current devices? While it’s true that future devices will be more secure, there are still millions of devices that consumers and business continue to deploy each year. How can we ensure that what we currently have is put in place so that we don’t find out we had a compromise because of a data leak?
The first step is proper research. Don’t just buy something because it looks cool and says it can do everything you need it to. Try to understand the security currently built into the devices. If it connects over the internet, it should use secure channels to communicate. You should also research to see if you can change the default password for the device. A simple Google search and you’ll easily find a manual for the product that will tell you if this is possible. If it’s not, move on. You don’t want a device you can’t update or that can’t provide basic security.
Only add IoT devices to guest or isolated networks. Even home routers have guest network capabilities, so there is no excuse not to do this. By putting IoT devices in isolation from other devices on your network, you prevent them from stealing data should they be hacked. Isolation is one of the best approaches to IoT security because the insecurity of a device won’t compromise other devices. It’s reassuring to know that even if a device is hacked, the only thing the device can do is communicate with itself. Take that, hackers!
Sometimes, though, you need to add the device to the network for it to do the job it was built to do. If the device is monitoring other devices, it won’t do you any good to put it in isolation. In this case, you need to monitor every part of your network and verify that the IoT devices you deploy aren’t communicating outside of their job description. Network traffic analytics can provide you with real-time data and show you when anomalous behavior is taking place. By using this type of data, you will prevent unknown data leaks from wreaking havoc on your network, and the business.
To take advantage of the data already on the network and keep your network and the IoT infrastructure you have secure, download a 14-day trial of Scrutinizer.
The dangers of IoT devices and what you should know
IoT devices are dangerous! Now, I know what you are thinking, “Justin, IoT devices provide convenience and make many mundane parts of life so much more interesting.” Consider, however, that many of the IoT devices on the market are designed with little care or interest in security. So, what should be considered before you bring a shiny new IoT device onto your network? Let’s explore.
IoT checklist—what to consider before you deploy
IoT devices are one of the most vulnerable devices that can be deployed on a network. They are usually put on the network as trusted devices, are rarely updated—if updates are even an option for the device—and are built to be deployed quickly, so security is often an afterthought. Because of this, IoT devices are extremely vulnerable to attack, and malicious actors love when IT professionals deploy them on corporate networks. After a short period, the devices remain without updates, and hackers exploit known vulnerabilities.
Because these devices are on the network, often with full access to many or all shared resources, the hackers begin their assault. The IoT devices have become the proverbial Trojan Horse, and the IT team has walked it right into the network.
When you are looking for a connected device that will solve a problem—let’s say connected locks that allow employees to use an app to gain access to a part of the building—you need to be certain of a few things. Namely, you need to understand if the devices are capable of firmware and software updates. Should a vulnerability be exposed, you need to have a way to update devices. Talk about the irony of your connected locks being the key to your entire network. Additionally, you must understand the security built into the devices. Are all communications over a secure, TLS channel? Does that encryption use industry standards with appropriate key sizes? While some of this information will be difficult to understand before purchase, it is certainly something you can find out by deploying a test device in a lab to understand the communications it has. This is an important step to understanding if deploying the device is relatively safe or if the device will become that Trojan horse.
Deployment guide
Okay, you now know how bad IoT devices are, and you understand that malicious actors will use these devices as much as possible to wreak havoc on your network. You also understand some of the security features built into the devices, and you want to deploy the device on the network. Now what?
IoT devices still should not be trusted. They need to be in isolation as much as possible, with only critical connections allowed. Additionally, they need to be monitored. Network traffic analytics is the best, first step to understanding what these devices are doing, and when they are compromised provides an effective way to find where hackers are trying to gain access. Network traffic analytics allows for scoring and monitoring of these devices at all times. According to Barracuda Networks, “IoT products should be scored constantly, and their security posture be published in the same way as motor vehicle safety ratings are, to enable businesses and consumers to make informed decisions when choosing products.”
To fully understand what your IoT devices are doing on your network, download a free trial of Scrutinizer today.
Securing the network from new devices
It’s that time of year again. Employees have gone away from the office to spend time with friends and family. They will, of course, return shortly in the new year, many of whom will have new devices that they will want to join the corporate network to stay connected. Many of these devices include smartphones, televisions, watches, phones, tablets, etc. The technology provides an exceptional level of convenience for the user, but it means that more information is being shared with third-parties, and new threat surfaces are being created as more devices are added. With these new devices, the security of the information they collect (and in fact the security of the devices) is not perfect. So, what can you do to make sure you secure your devices, data, and network? Let’s take a look! Read more
Securing your retail business during the holidays
With mere days until Hanukkah and less than a month before Christmas, retail organizations are starting to see a spike in online and in-store purchases. This is the “most wonderful time of the year” for retail because it means ending the year with a big boost in sales. However, this is also a time when malicious actors are interested in breaking into your network to steal the vast amount of customer data you’ve collected, or siphon the credit card information as it passes through your point-of-sale (POS) gateway. A new study from ACI Worldwide shows a projected fourteen percent increase in fraud attempts during the 2018 peak holiday season, and overall volumes of purchases are expected to rise 18 percent. With that in mind, what can you do to protect your retail business from malicious actors?
How to reduce your IoT threat surface
Recently, there has been an increase in distributed denial-of-service (DDoS) attacks that involve the use of compromised IoT devices like IP cameras, and it is extremely common today for organizations and consumers to purchase IoT devices. So how can organizations reduce the IoT threat surface that these devices bring, and how can they see what these devices are doing?
Reduce the number of IoT devices on your network
While this may sound like an obvious solution, it’s likely not something you’ve considered given the availability of these devices in the market. But have you considered alternatives, or have you considered abandoning the purchase all together? Sure, that IP camera setup is extremely easy and doesn’t require you to drill holes, but connecting it to your corporate Wi-Fi may not make the most sense. Many hardwired versions of popular IoT devices are available and can provide similar functionality without the added risk associated with them.
Isolate the devices
Okay, so you must have that IoT coffee bar with built-in voice control to create that perfect cappuccino in the morning. But you don’t have to add it to the corporate network to use its internet-enabled features. When you have a device that requires internet connectivity, deploy the device on a guest network instead of the main, corporate network. This setup will allow the device to connect to the internet for updates and to retrieve those updated macchiato recipes you so desperately desire, but will keep the devices from connecting to business-critical applications and wreaking havoc on your corporate assets. We know you must have your iced quad upside-down caramel macchiato with light ice, but let’s make that possible while reducing the threat surface.
Deploy devices with least privileges
So your coffee bar might be something you can get away with putting on a separate, isolated network, but some devices might require connecting to an application or server on the main network. Fret not; it is still possible to deploy the IoT device on the corporate network without adding too much risk (risk is always possible when deploying any device).
When deploying IoT devices on the main network, they should always be deployed with a least-privilege approach. This means that you will deploy the device on the network, but the device will be locked down from communicating to everything that isn’t absolutely required.
Imagine you are deploying a new IP camera system that connects to the internet to provide DVR-like functionality. This new system will likely have a central storage server (either on the local network or online) where the individual cameras connect. In this setup, the IoT system is very limited in its requirements. Specifically, the individual cameras only need to communicate to the local, internal server for storing the video, or a limited set of connections to the internet (a range of IP addresses or hostnames where the internet server is located). Because of this, you can fairly easily limit the communications from the cameras by creating an ACL for these IP cameras and allow connections to the limited number of devices required to record and store the necessary video effectively.
Monitor IoT devices for anomalous behavior
If you are going to deploy IoT devices on your network, you need to monitor the traffic that these devices are generating. While ACLs are an important step in a multi-layered approach to network security, you must have a way to detect and alert on breaches to these policies. When the IP camera starts to communicate to the mail server or attempts to access your financial documents, a red flag should immediately be raised because, after all, these devices are purpose-built and have no viable reason to communicate with these servers or applications.
By having the insight on these IoT devices, you can reduce your IoT threat surface while still maintaining the convenience and improved performance that these devices provide.
If you would like to learn more about monitoring IoT devices on your network and leveraging network traffic analytics to see when they are communicating with device unrelated to their function, download Scrutinizer today; our team will help you get set up.
Protecting your organization from social media breaches
In a recent data breach, Facebook said hackers gained access to nearly 50 million accounts in what amounts to the largest-ever security breach at the social network. As of Friday, the company indicated that they did know who was responsible for the breach. The breach is the latest breach for Facebook (in March, the company said that the data of millions of users were improperly shared with Cambridge Analytica).
With these types of breaches taking place so close together from a widely-used platform, many organizations are unsure what to do with these types of networks, or, more importantly, how to protect themselves from the breaches when they occur.
What steps can I take to protect the organization?
There are a few steps to take to safeguard your organization against social media breaches.
Develop a Social Media Risk Management Strategy
The best step to take to protect your organization from social media breaches is to review and update your organization’s social media risk management strategy. If your organization doesn’t have one, you should seriously consider creating one.
Be sure to include the policies, processes, and specific programs to address each type of threat (e.g. training data breaches, weak passwords, publishing sensitive company information, etc.). Also, develop a clearly-defined plan that addresses every type of risk, with specific roles and workflows. You want to make sure the organization understands that who’s responsible when breaches occur. This will look a lot like your incident response plan if you are on the right track. Make sure these are all well-communicated to the key stakeholders across the organization.
Finally, develop an employee social media policy that your employees will follow. A social media policy outlines how an organization and its employees should conduct themselves online. It helps safeguard your brand’s reputation and encourages employees to share the company’s message responsibly. You can read more about creating a social media policy at https://blog.hootsuite.com/social-media-policy-for-employees/
Communication and Training
Once you have a well-developed strategy regarding your social media risk management and employee policies, you need to articulate the new plans for the company. You also want to get feedback from the employees (if everyone isn’t on board, you will have a tough time enforcing the policy).
During a company’s annual training is a great time to introduce these policies. During this training, be sure to include detailed instructions on how social media hacks happen. Articulating the need for strong passwords and two-factor authentication is an essential part of this training as it is vital that everyone understand the security problems from weak authentication (as IT professionals it is easy to believe that these are obvious steps, but for your sales, accounting, or service departments, it may not be as straightforward).
After the initial training, develop employee communications, training, and other programs to help employees understand, identify, and manage these risks, and make social media training for employees a part of the new employee onboarding process. This will prevent misunderstandings after a new hire comes on board. Additionally, include the employee social media policy and training in brand guidelines. This will allow you to extend the new policies to your partners and vendors that work with your company.
Finally, monitor social media and make sure that everyone who is responsible for social media monitoring is aware of what to look for, and the plans and workflow in the case of an attack. It’s great to have policies and strategy in place, but if nobody is looking for breaches/hacks, it won’t do you much good.
What to do in the event of a breach.
If you have everything in place and your employees have been trained, there is still the likelihood that you will experience a breach. If you do, reach out to the customer support team of the breach social media channel. If applicable, contact your account representative at the affected social media channel(s) to escalate the support request. At this point, you need to request that any unauthorized posts be deleted and temporarily disable the account until it is safely back under your control. You may find it helpful to partner with a technology vendor in some circumstances. Tools and technologies can proactively protect these accounts and alert you to potential hacks. Deploy these technologies to proactively defend against advanced attacks that may come from email, social media, or mobile apps.
By following these tips and best practices, you’ll are now prepared to protect your organization against a social media breach. When an incident occurs, you are ready to handle it!
Now that you’re ready against social media hacks, check out one of our latest blog posts to help you Catch and Stop Insider Threats.
Fintech is making traditional financial services obsolete
When my wife and I were looking to renovate our garage and landscape the yard, we went online to check our options for financing such an endeavor. Our primary bank, a typical brick-and-mortar operation with relationship managers and personal finance advisors, had a bunch of information on their website about the options we had for financing. We could do a home equity line of credit (HELOC), a personal loan, a home equity loan (second mortgage), etc. We had lots of information, but when we went down the road to application, we found that the process was extremely cumbersome and that our bank—where we’ve been a customer for over fifteen years—had grown dated along with our house. Read more
