Five Security Truths for 2018: Part 1February 1, 2018 11:56 am
In a recent webinar, we reflected on the cybersecurity landscape of 2017 which exposed five security truths that are important to understand and accept as we start off 2018. These five truths are based on Lumeta research and conversations with our customers.
In part one of this two-part blog, we give an overview of the first three truths.
Truth #1: Infrastructure Visibility Blind Spots Are Undermining Security Efforts
Today’s business drivers have introduced a greater attack surface. Our research shows that, on average, over 40 percent of dynamic networks, endpoints and cloud infrastructure are unknown, unmanaged or rogue, leading to significant infrastructure blind spots and a lack of real-time security awareness. Attackers look for weak points and even a single endpoint or network left unchecked can lead to a breach. While public cloud providers like AWS, Azure and Google are responsible for security of the cloud, enterprises are responsible for security in the cloud. When it comes to public cloud security, enterprises need to focus on:
- Shadow IT
Truth #2: Successful Ransomware Attacks Are More Preventable Than You Think
Recent large-scale attacks like WannaCry have demonstrated the challenges of preventing ransomware. First, steps should be taken to prevent ransomware from initial insertion. If this is unsuccessful and ransomware insertion is successful, the challenge then becomes detecting, quarantining and eradicating the malware before the attacker is able to encrypt data. The good news, is thatransomware attacks are more preventable than you think by taking these workable prevention and detection steps:
- Identify endpoints that are frequently missed by vulnerability assessment tools for flagging CVEs exploited by ransomware
- Identify devices that are unknown to EDR solutions for rapid remote remediation and quarantine to prevent spread of ransomware
- Detect ransomware remote server call back attempts by correlating Netflow and Threat Intel data
- Detect Tor connections initiated by ransomware for purposes of progressing infection and facilitating file downloads
Truth #3: Undetected Leak Paths Enable Successful Attacks
The key consistent metric associated with all external attacks is the presence of a leak-path. Ransomware attacks leverage leak-paths for payload download, encryption key exchange and tracking ransomware proliferation. Nation-state attacks utilize leak-paths in a way that result in classified data theft and system disruptions. IoT/ICS attacks use leak-paths to disrupt critical infrastructure operations and cause manufacturing downtime. Enterprises must find, investigate and lockdown unauthorized network paths to/from “unrestricted” to “restricted networks, as well as to/from “restricted” networks to the internet. Additionally, enterprises need to identify segmentation violations across the environment.
Check back shortly to learn what the last two security truths of 2017 which will be revealed in part two of this post.
All five truths are available now if you download the recording of our January 25 webinar “2017 Cyber Security Year-in-Review & 2018 Predictions” at http://www.lumeta.com/lumetas-2017-cyber-security-year-review-2018-predictions-webinar-replay/.