A good portion of the software and hardware running on or within today’s computer networks is driven by convenience, flexibility and compatibility. The reality is that these features tend to take precedence over everything else, which might seem like a boon for users. But unless an organization can monitor and control all of the apps within its network, it’s only a matter of time before an attacker is able to exploit that same convenience for nefarious purposes.
The devices and programs themselves won’t provide much help. Nobody wants to struggle with a complicated security procedure that slows them down, so a lot of what is being deployed today doesn’t come with robust protections, which might be underwhelming for an end user. Adding security to an application or program may increase costs and slow its deployment to market, something that can discourage companies struggling in the fast-paced and highly competitive world of technology today. Finally, some newer devices, such as those which are part of the billions-strong Internet of Things (IoT) are finding their way onto networks even though they offer minimal security, sometimes only a default password.
These conveniences are greatly expanding the attack surface for most networks – Security teams may not have the ability to accurately measure just how large its potential attack surface has grown, much less work to shrink it back down to a more manageable and less dangerous size.
The Smaller the Better
Before security teams can work to reduce the attack surface, they must gain insight as to how large the threat has become. Working with a security service provider like Tychon, which can detect every application and interconnected device running on a network at any given time, might be a real eye-opener the first time it’s deployed. Any device can become a conduit which attackers can exploit to bypass existing security, and every app or program that doesn’t contribute to the core business is an unnecessary risk being taken for no appreciable gain.
Even servers and endpoints working toward core functionality could harbor hidden vulnerabilities and issues if they are unpatched or misconfigured. According to Verizon’s 2016 Data Breach Investigations Report, most attacks still exploit known vulnerabilities that were never been fixed despite patches being available for months, or even years. Digging a little deeper into the report, we find that, perhaps surprisingly, the top 10 known vulnerabilities accounted for 85 percent of all successful exploits over the past year. It’s a safe bet that the breached organizations didn’t know, or have any visibility into, what vulnerabilities were sitting in their networks ready to be exploited or their associated risks.
When a greatly expanded attack surface combines with age-old vulnerabilities that are still being exploited every day, it creates an untenable situation for almost any cybersecurity team, especially one that doesn’t have a tool to provide complete visibility into network operations or provide context of the organization’s attack surface. Only Tychon can provide a completely holistic view of everything running within a network, and give administrators the power to reduce their attack surface and eliminate vulnerabilities, old and new.
Beefing up Security by Slimming Down the Attack Surface
Once Tychon provides complete visibility into a network, the process of reducing the attack surface and applying good cyber hygiene practices can begin. Tychon shows users the current patch state of every device and software item running on the network. It allows the immediate patching of vulnerable systems which, according to the Verizon report, can stop up to 85 percent of all attacks. Having tools that are adaptable to adversarial tactics is key to rapidly and effectively responding to a constantly evolving threat landscape.
The Tychon solution can also be used to ensure that best practices are being followed across the board. Whether you follow the NIST guide to Dramatically Reducing Software Vulnerabilities, the European Union’s General Data Protection Regulation, the National Industrial Security Program Operating Manual or any number of other industry or government best practices guidelines, Tychon lets you know if any devices are non-compliant, or will fall out of compliance at a later date.
Policies such as least privilege logins can also be enforced to create a better overall cyber hygiene program. That way if a breach should occur, the damage will be minimal and the cleanup speedy.
While Tychon’s technology is a perfect scalpel, when needed, it also becomes an effective hammer. Any application that adds vulnerability to the network without contributing to the organization’s core goals can be disabled, eliminated and prevented from ever returning. Services are no different. Any unneeded services can be turned off, and prevented from ever reactivating. Tychon can even go so far as to delete network shares and change settings to eliminate vulnerabilities.
When the attack surface is completely discovered and then reduced so that only the core functionality needed to conduct operations is left, the balance of power shifts dramatically away from the attackers and back to beleaguered defenders. With a smaller area to defend, there will be fewer alerts overall, fewer leads to chase, and most importantly, a much greater chance of catching a potential threat before it reaches its target.
Tychon is a best-in-class security and asset management solution built by operators for operators. Its functionality comes from a single console that can unify IT and SOC operations. Engineered in partnership with the McAfee Security Innovation Alliance, the suite is digitally signed by McAfee as fully compatible.
< Back to All Blog Posts