In July 2018, CDW rolled out the third iteration of our complimentary Threat Check service. This service is designed to minimize the effort required by our customers to complete the assessment. Threat Check customers are provided a fully loaded security appliance that they simply connect to their networks. The appliance works in the background, passively collecting information about security threats and analyzing it with a suite of cutting-edge tools, including Splunk Enterprise, Cisco FirePower, Tenable Nessus Network Monitor and Carbon Black CB Response.
Since the new version of the service rolled out, we’ve conducted hundreds of these assessments across a wide variety of companies and industries. In every case, we’ve been able to provide our customers with new insights into the current state of their cybersecurity postures. We’ve also pulled together results from all of these assessments and found some common themes that occur across our customer base. Let’s take a look at the top five issues identified during Threat Check engagements.
1. Cleartext Passwords on the Network
This is a startling finding in an era in which all IT professionals understand the importance of both credential security and the use of strong encryption. Many of our Threat Check deployments found unsecured administrative interfaces to network devices, servers and other components that send credentials back and forth in cleartext. If our appliance is able to observe this traffic, so is an attacker who has gained an initial foothold on the network through a malware infection, a social engineering attack or other means. Organizations should immediately replace cleartext authentication with strongly encrypted alternatives.
2. Cryptomining Infections on Servers and Endpoints
Mining cryptocurrency is one of the easiest ways for attackers to monetize compromised systems. This becomes an even more critical issue in the era of elastic cloud computing resources, where a successful attack can quickly rack up very large computing bills. Organizations should adopt next-generation endpoint security controls designed to protect against the initial infections that can lead to large-scale cryptomining attacks. Additionally, a full defense-in-depth strategy, with layered controls throughout the environment, can help limit the impact of these attacks.
3. Outdated Security Policies
During a Threat Check engagement, we also interview technologists to get a sense of the organization’s security posture. We consistently find that organizations have not updated their security policies to reflect the current threat landscape. For example, we often find systems that fail to enforce modern password complexity standards. Organizations should regularly review the policies they have in place and update them as necessary to ensure they are consistent with the latest security best practices.
4. Use of Anonymous VPN Services
We’re finding a rapid increase in the use of anonymized VPN services from endpoints in our customer organizations. While some of this traffic is simply employees trying to bypass content filtering, other anonymized traffic could be indicative of malware command-and-control mechanisms. Organizations should implement controls that can analyze and block the use of these services to ensure their systems and data are fully protected from compromise.
5. Unused Security Features in Email Platforms
Finally, we see that organizations aren’t using all of the security features included in their email platforms. For example, they often accept default settings that allow the download of email content to any authenticated mobile device, rather than restricting this access to devices covered by the organization’s mobile device management platform. We recommend that organizations carefully review the security settings of their email services, as well as any other cloud-based software platforms they use. Additional email security controls should also be considered to provide a greater depth in securing the accounts of frontline personnel.
We invite you to take a look at your own network in light of these findings. Are any of these issues present on your network? If you don’t know, then maybe a CDW Threat Check is right for you.
This blog post brought to you by: