Reducing Your Attack Surface: Think like a Hospital
The Skybox Blog Team Feb 17, 2015
The Anthem data breach with the growing list of others—Sony, Target, and more—continues to highlight the gravity of reducing your attack surface. Enterprise networks are under constant threat, and automated, consistent security management processes are needed to shrink your attack vectors, and detect and respond to attacks.
You manage an enterprise network in the era of big data. To think your information is not valuable to hackers is a mistake.
What Hackers Want
Do you have personal information on your customers? Employees? Social Security numbers? Dates of birth? This information is valuable to hackers, as we’ve seen in the Anthem cyber-attack. In the Sony hack, it seems the motives were humiliation and destruction–embarrassing employee emails were used for blackmail, blockbuster films like Fury were leaked, and the release of The Interview was almost quashed entirely.
These attacks aren’t concerned with credit card or bank account information (although I’m sure hackers will gladly take that info if they can get to it). The data itself is valuable.
Patent records were the target in the Anthem breach, and experts estimate a patient record—even without medical or financial information—can be sold on the black market for about $10. Chump change? Not when you steal 80 million records. By comparison, credit card data can sell anywhere from $2 to $135 per record, depending on the “freshness” of the data and the market demand.
So the enemy is at the gate. And the window. Hovering above, and waiting to creep in from the basement. What can you do? Get ready.
Think like a Hospital
You’re a doctor. If you dream of the day sick people will stop coming through your hospital doors, don’t hold your breath (extensive breath holding will also result in hospital visits). There will always be more people getting sick, accidents, and inflicted harm.
Likewise, in IT enterprise security, your job is never done. There will always be new vulnerabilities, mistakes made in routine security processes like firewall configurations, and bad guys trying to get your goods. You need to take precautions and prepare for errors.
1. Take an x-ray: Like a surgeon, you have to know what you’re getting into. Visualize your network with a comprehensive model—you can’t fix what you can’t see. Understand your assets by analyzing what of your data is valuable and to whom. Knowing who’s interested in you, where your data is, and where you are vulnerable is half the battle.
2. Vaccinate: A hot-button issue lately, but also an important parallel to network security. Do you simulate attacks on your network? You should. Attack simulation helps you identify at-risk assets and understand how attackers would get around after a breach, allowing you to better segment your network. Think of it as strengthening network immunity so you can better fend off the real attacks when they come along. You don’t want to be exposed in the event of a vulnerability outbreak—this isn’t Disneyland.
3. Use the latest innovations: Mistakes happen; especially, it seems, when a change occurs. Just one misconfiguration leaves your network exposed … and how many changes do you make every day? Week? Month?
Due to its data-intensive nature and the need to track and audit changes, firewall change management is ripe for the application of automated tasks. Automating path analysis, risk assessment, and change tracking greatly reduces the chance of human error and allows personnel to focus on more intellectual tasks.
4. Have the ER ready: When a critical vulnerability is announced or your network is attacked, you need triage operations ready to go. Once a vulnerability has been exposed, it’s an open door for hackers. Close that door quickly.
Effective vulnerability management means having the data you need at your fingertips so you can launch into action. You need to be able to understand emerging threats not just for what they are, but how they put you at risk. Accurate, up-to-date network modeling is vital to quickly understanding which assets could be affected and how far the attack might reach.
5. Limit your exposure: Reducing your attack surface is the best protection against potential attacks. It’s a holistic process. Minimizing firewall and change management errors; mitigating vulnerabilities as soon as technologically possible; and having the resources, processes, and data in place to respond to threats as they emerge are the prescription for a healthy network.
You can’t disappear off the hackers’ grid completely, but, with a smaller attack surface, you can make your network a harder target to hit.