Market research consulting firm Frost & Sullivan’s recent analysis found that enterprises were becoming more vulnerable to cyberattacks due to an expanded attack surface increase by “multiple touchpoints through an open network and easy accessibility to database[s] and applications.” As users join and leave the network from myriad devices, organizations need a way to improve their security posture without significantly increasing costs. But as the threat surface grows, what can organizations do to reduce risk?

Employ network device discovery in your cybersecurity strategy

According to the 2021 Verizon Data Breach Investigations Report, “eighty-five percent of breaches involved the human element.” The “human element” described in the Verizon report accounts for phishing (36%)—notably up from 25% in the previous year—and stolen credentials (61%). These figures are so high due, in part, to the fact that as employees, vendors, and authorized network users bring more devices on the network, there are more opportunities for malicious actors to steal credentials to gain further access to valuable company resources—the trend appears to be that the attack surface and complexity to manage devices increase together because with more devices comes additional burden for IT to understand the increased threat surface.

Network device discovery enables organizations to understand what the organization looks like from the malicious actor’s point of view. This means that even before an attack takes place, you can see the devices on the network and prioritize resources to resolve or mitigate problems that attackers are more likely to exploit. As was the case with the log4j vulnerability, organizations that employ network device discovery can be sure to patch the most vulnerable systems quickly because they understand which devices the network is comprised of. The log4j vulnerability confirmed that many security teams did not have the proper visibility to limit the attack surface. Furthermore, attacks on these types of vulnerabilities are not fixed with traditional firewall or endpoint security systems. 

Combine device discovery with NDR

When it comes to cyber security, the most powerful tool in fighting threats is flow-based NDR because it gives the largest range of visibility and is cost-effective and scalable across the entire organization. When you add in device discovery, you further enhance an NDR solution’s ability to provide even more granular information when threat hunting.

As you can see from above, humans, like usual, create most of the problems and loopholes in our security defenses. To counter the problems we create, deploying a layered security approach gives added protection to these weaknesses. By using device discovery information to supplement network flow data, you can be sure to see the whole picture. When device- or application-specific vulnerabilities are revealed, you’ll have the information you need to prioritize and protect the most vulnerable assets. 

Network device discovery for operational efficiency

While not specifically related to NDR, device discovery also has non-security advantages that can help organizations achieve operational efficiency because it can show devices that are not being used to their full potential. When you are looking to do a hardware refresh of network equipment or datacenter systems, using device discovery along with a network performance monitoring and diagnostic (NPMD) system can help you find the underutilized network resources. This is especially true if your network is constantly adding and removing devices because it can help you understand if the resources need to be upgraded or not. You may find that shifting network resources is more efficient and a refresh can wait a few more years—especially for those rarely-used guest networks. 

Organizations need to reduce risk and improve operational efficiency. Combining an NMPD/NDR solution with network device discovery further enhances your security posture to reduce cost and risk. To learn more about combining these solutions, look at our platform today

 

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related

Leave a Reply