Information technology (IT) and security budgets are tight. Organizations are struggling to keep customers, employees, and shareholders. Imagine that this was the year you were going to upgrade that application or group of devices, as they are no longer supported by the manufacturer. Your budget has disappeared and most everything has been put on hold. However, you still have to protect your customers and employees from an elevated threat of attackers that are using the pandemic to spread malware and steal credentials and data. It may look like all doom and gloom, but there are steps you can take to be proactive in protecting against most attacks aimed at your infrastructure and ways in which adopting principals will provide mitigating controls for audit and compliance.
When it comes to protecting devices from attackers, one of the best lines of defense is preventing access to the device in the first place. Micro segmentation allows for isolation where only devices on the same segment are allowed to talk to each other. When reducing the amount of traffic traversing the network, analysis becomes easier and protection is inherited by belonging to the segment. There are several approaches to micro segmentation, but the most popular forms are host based and network based.
Traditional organizations protected internal assets by erecting a barrier between the internet and the internal network. As time went on and attacks became more sophisticated, organizations found themselves victims of attacks that moved laterally through the organization. East/west firewalls help prevent lateral movement by inspecting traffic as it moves inside of the organization vs. north/south to the internet. Both firewall configurations should be considered in todays security architecture, especially in the data center.
Most organizations have devices that are unable to have an agent installed on them or have an unsupported operating system that can no longer be patched. Micro firewalls are small devices that sit in front of a system or device and filter ports and protocols. Imagine a medical device that performs a singular task and only communicated on a handful of ports. Why would you leave the device open to any other port than the ones it needs for operation? By limiting the ports and protocols, you are in essence reducing the attack surface of the device.
Treat legacy devices like Internet of Things (IoT) devices
With medical devices and manufacturing devices making up the bulk of devices with unsupported operating, organizations are searching for practical ways to secure them. The reality of the situation is that unsupported devices, in effect, become IoT for the simple reason that they can’t be patched or updated by traditional means. Sure, some of the more progressive IoT technologies are coming out with more secure systems that can be updated, but these make up a small number and don’t address the existing billions of “things”. By leveraging approached like micro segmentation, east/west firewalls, and micro firewalls – you have a path forward in securing unmanaged devices.
Up your analytics game
As the old adage goes “You can’t manage what you don’t measure”. Reporting and Analytics are key when it comes to managing legacy devices and applications. Behavior-based analytics are important to help understand what a device should be doing and what it is doing. Secondarily, analytics should be able to trigger actions when a device falls out of normal behavior by segmenting it off or removing connectivity to the device completely while investigations happen. They key is to tie analytics, reporting, and actions into a repeatable process that evolves as your attack landscape changes.
Advyz Cyber Risk Services
The main goal of Advyz Cyber Risk Services is to help clients mature their cybersecurity programs. Teaming with leading security providers, we work closely with you to ensure that your organization is prepared and has the tools and technologies in place to help you navigate the right solutions partners. Our team focuses on protecting your data, applications, and infrastructure from the threat of data breaches or other cybersecurity incidents.