A proactive network security approach: continuous monitoring and assurance for misconfigurations is key
Date published: 05 Dec 2022
Every network security strategy aims to maintain a careful equilibrium between reactive response and recovery, and proactively preventing attacks and identifying vulnerabilities. The proactive approach has now come more into focus as organizations embrace cybersecurity automation.
Adopting a proactive cybersecurity approach builds resilience
It has been forecasted by Gartner that by 2023, information security spending will reach more than $123 billion, and as budgets grow, organization leaders will expect there to be a decline in network breaches and greater cyber resilience.
The cost of misconfigurations is a concern for network security teams. A recent study commissioned by Titania found that failing to remediate network misconfigurations can come at a high price for organizations, with estimates suggesting the cost is 9% of their annual revenue.
Being proactive could reduce these costs. It means not waiting for an attack to happen, and then reacting to it, but carrying out proactive measures to identify and deal with vulnerabilities as they arise.
Teams that take the proactive approach no longer view compliance as a tick box exercise. They shift their mindset away from waiting for an annual audit to check that devices are compliant with policy to checking them on a continuous basis.
While sampling (assessing a random set of firewalls) has been a widely used method in network security assessments, it is an inherently risky approach that leaves misconfigurations and security gaps exposed. Rather than only checking perimeter firewalls, proactive network security teams shift to checking all firewalls, switches and routers.In fact, zero trust best practice indicates that continuous assessment of all devices is essential for preventing attacks and inhibiting lateral movement across networks.
While continuous assessment of all devices is an agreed ideal, in practice many organizations are not assessing all devices when validating network configuration settings.
Routers and switches are being overlooked in audits
Titania’s study found that while 94% of organizations prioritize the configuration and auditing of firewalls, only 4% assess switches and routers as well. This leaves the organization vulnerable to attackers who will try every way to access a network until they succeed in gaining entry.
Every organization is at risk, including those in the federal sector where a recent joint Cybersecurity Advisory from the NSA, CISA and FBI pointed to enemies altering network device configurations to enable and scale attacks.
Proactive security for compliance
A proactive approach is important for meeting compliance standards. Trusted compliance standards and risk management (RMF) frameworks such as PCI DSS v.4.0 increasingly mandate continuous monitoring and assessment of all network devices as foundational components of delivering security from compliance.
The study also found that 75% of cyber security leaders surveyed reported that their organization relied on compliance to deliver security and almost every respondent surveyed claimed to be meeting their security and compliance requirements.
However, organizations need to think beyond this if they want to stay ahead of attacks and minimize the risk of breaches to the network. Auditing annually in order to meet compliance means that misconfigurations following audit could reside in the network for months, leaving the attack surface wide open.
Automation is the way forward By following a proactive approach, organizations should detect and monitor configuration drift and compliance posture over time. This is a skilled and time-consuming job but automation tools such as Nipper Enterprise can be used to automate the assessment of the configuration of every network device, every day.
Nipper Enterprise identifies misconfigurations and analyses the risk and the impact if an issue is exploited. Findings are prioritized based on ease of exploitation and network impact and are reported with device specific remediation advice.
Visit https://info.titania.com/impact-of-exploitable-misconfigurations to read the full report on the impact of exploitable misconfigurations on network security.
New SEC Rules for Public Companies Reporting Cybersecurity Incidents to be Finalized in April