Guest post by By Deepen Desai
Despite spending billions every year to establish a secure perimeter around the network, organizations continue to suffer the loss of data, time, productivity, intellectual property, and a staggering sum of money to breaches. With all the sophisticated technology that enterprises put in their gateways to block threats, why do breaches persist? I believe the following are among the top reasons why breaches occur:
- Blindness to SSL/TLS traffic
As much as 90 percent of internet traffic is now encrypted and, while SSL provides privacy, it also provides attackers with an opportunity to infiltrate networks and exfiltrate data. Attackers know that many organizations allow encrypted traffic from “trusted” websites and CDNs to pass uninspected, which is because SSL inspection requires significant processing power. As a result, SSL is among the most abused channels for hiding malware.
- The need for segmentation at the application level
With so many remote employees, contractors, partners, and other third parties connecting over VPNs, often from uncontrolled environments, networks are vulnerable, especially without proper segmentation. If one of those systems connecting over VPN or site-to-site VPN is compromised, its infection can infiltrate the network and proliferate.
- IoT security
The rapid adoption of IoT has created new attack vectors. IoT devices are notorious for poor security and, because devices appearing on networks are often employee-owned, it’s likely that many have weak, preset passwords. In a recent study, my team discovered that more than 90 percent of the IoT traffic from enterprise networks was using unencrypted channels, making it susceptible to man-in-the-middle attacks. The best way to prevent IoT devices from exposing your network is to isolate them on their own network (to prevent lateral movement) and restrict inbound and outbound traffic.
- Patch management
Most enterprise networks are complex, so setting up an effective patch management process can be challenging. Large networks often include unsupported operating systems, which further complicates patching by adding manual steps—often leaving systems vulnerable longer. In the case of WannaCry, such vulnerabilities had devastating consequences. Automated patching helps by pushing patches and providing consistent coverage against certain exploits. To block attackers’ attempts to probe for unpatched devices, you need an effective intrusion prevention system.
- Employee training
Most users understand the risk of clicking suspicious links or opening attachments from unknown senders. But what about those that appear to be from a trusted source, like Amazon or Apple? Attackers are skilled at developing phishing sites that look just like legitimate sites, and they can often make URLs deceptively similar using domain squatting. It’s imperative for employees to have ongoing training that includes awareness of recent attack methods. Armed with knowledge, they provide a key layer in enterprise defense.
Malicious actors will continue to target enterprise networks with phishing schemes and other sophisticated attacks. It’s incumbent upon enterprises to ensure a defense-in-depth security strategy by using the most effective technologies available and employing best practices to prevent intrusion or minimize its effects. One of those best practices that every business should be following today is to ensure multifactor authentication (MFA) is enabled. MFA provides more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. Most enterprise applications support MFA and users are familiar with the process.
Deepen Desai is Vice President of Security Research at Zscaler and director of ThreatLabZ.