Network Security: Does Your Network Resemble a Sieve?

Posted on January 29, 2015 by Christopher Burgess

CISO Network Security The new year is on the here and you're putting together the goals and objectives for your network security team. The number of data breaches during the past year have finally caught the attention of your company's board of directors and executive decision makers. Resources have always been tight, but this year there is an allocation to secure the company's networks. It would appear that the years of cajoling and pleading for resources finally have an ear. Now what?

Identify the Low-Hanging Fruit

The desired outcome is to have a 100-percent secure and 100-percent available network. Resources will be limited, so knocking out these quick wins that provide immediate return on investment will help security management ensure resources will continue to be available for security-specific tasks.

What points should the network security team emphasize? If you are starting from zero knowledge, a good first step is to determine who and what is connecting to your network.

End Points

A review of the current network logs and company logistics records will give you an idea of the number of items connected to your network. These may include company-purchased mobile devices (tablets, smartphones, and items with IP addresses), and those items found in the data center. If you have a BYOD integration process, then you will also find the devices that employees are attaching to your network.

Once you've completed your nose count, you can determine if the devices, including those in the BYOD category, are in compliance with both the company information security policies and government regulations. In the process, you may discover that you have devices connected to your network that don't belong.

Vendor Management and Third-Party Access?

For those businesses that have vendor and/or third-party entities reaching their network with staff-like access, it is prudent to verify that security protocols and processes required of staff are also required of the third party. Items to check for include the infamous sneaker-net, where one login is used and information is then downloaded and walked across the "air gap" from your company network to the third-party entity's network. You need only look to the third-party POS breaches at Target and Home Depot to see the extent to which data was compromised. Assuming the attestations of well-intentioned implementations, without verification, may garner you a ticket to the data breach party. If formal audit and compliance (to the contractual obligations) inspections are not a part of the contract language, it may behoove you to have your contracting and legal team review to affect an adjustment.

If you leave these three areas unattended—identifying the low-hanging fruit, understanding your endpoints and the constituency that compromises your endpoints, and ensuring those third parties and vendors accessing your systems are held to the same security standards—and your network will resemble the proverbial sieve. But if you take the time and energy to lock them down, then you will have completed the first steps toward securing your networks.

Food for Thought

For additional food for thought on network security, let's go back to the 2014 RSA Conference. Jon Oltsik (principal analyst, Enterprise Strategy Group) moderated "Network Security Smackdown: Which Technologies Will Survive," a panel discussion which included Christofer Hoff (Juniper), Martin Brown (BT), and Bret Hartman (Cisco). The panel discussion traversed a number of network security areas of interest, including knowing what is what within your own network. The presentation is available for viewing via the RSA Conference video channel.

Key takeaways from this panel include: That technologies may evolve, advance, and be rendered obsolete, but the issues involved in securing one's network remain constant; and network intelligence is voluminous and drives the use of automated decision making. That said, it's possible that the amount of data available can overwhelm automated decision making (e.g. too many false positives). Who would wish to have a "kill session" command issued during a critical process due to a false positive? The human element remains a key (and critical) component in the network security continuum.

Contributors

Christopher Burgess

, Prevendra Inc.

cloud security data security security operations

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.