As much as 90 percent of internet\ntraffic is now encrypted and, while SSL provides privacy, it also provides\nattackers with an opportunity to infiltrate networks and exfiltrate data. Attackers\nknow that many organizations allow encrypted traffic from \u201ctrusted\u201d websites\nand CDNs to pass uninspected, which is because SSL inspection requires\nsignificant processing power. As a result, SSL is among the most abused channels\nfor hiding malware.<\/p>\n\n\n\n
- The need for segmentation at the application level<\/strong><\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/07\/Deepen-Desai.jpg\")
Deepen Desai, Vice President of Security Research at Zscaler<\/a> and director of ThreatLabZ.<\/a><\/em> <\/figcaption><\/figure><\/div>\n\n\n\n With so many remote employees,\ncontractors, partners, and other third parties connecting over VPNs, often from\nuncontrolled environments, networks are vulnerable, especially without proper\nsegmentation. If one of those systems connecting over VPN or site-to-site VPN\nis compromised, its infection can infiltrate the network and proliferate. <\/p>\n\n\n\n
- IoT security<\/strong><\/li><\/ul>\n\n\n\n
The rapid adoption of IoT has created new\nattack vectors. IoT devices are notorious for poor security and, because\ndevices appearing on networks are often employee-owned, it\u2019s likely that many have\nweak, preset passwords. In a recent study, my team discovered that more than\n90 percent of the IoT traffic from enterprise networks was using unencrypted\nchannels, making it susceptible to man-in-the-middle attacks. The best way to\nprevent IoT devices from exposing your network is to isolate them on their own\nnetwork (to prevent lateral movement) and restrict inbound and outbound\ntraffic.<\/p>\n\n\n\n
- Patch\nmanagement<\/strong><\/li><\/ul>\n\n\n\n
Most enterprise networks are complex,\nso setting up an effective patch management process can be challenging. Large networks\noften include unsupported operating systems, which further complicates patching\nby adding manual steps\u2014often leaving systems vulnerable longer. In the case of\nWannaCry, such vulnerabilities had devastating consequences. Automated patching\nhelps by pushing patches and providing consistent coverage against certain\nexploits. To block attackers\u2019 attempts to probe for unpatched devices, you need\nan effective intrusion prevention system. <\/p>\n\n\n\n
- Employee training<\/strong><\/li><\/ul>\n\n\n\n
Most users understand the risk of\nclicking suspicious links or opening attachments from unknown senders. But what\nabout those that appear to be from a trusted source, like Amazon or Apple?\nAttackers are skilled at developing phishing sites that look just like legitimate\nsites, and they can often make URLs deceptively similar using domain squatting.\nIt\u2019s imperative for employees to have ongoing training that includes awareness\nof recent attack methods. Armed with knowledge, they provide a key layer in\nenterprise defense.<\/p>\n\n\n\n
Malicious actors will continue to target\nenterprise networks with phishing schemes and other sophisticated attacks. It\u2019s\nincumbent upon enterprises to ensure a defense-in-depth security strategy by\nusing the most effective technologies available and employing best practices to\nprevent intrusion or minimize its effects. One of those best practices that\nevery business should be following today is to ensure multifactor\nauthentication (MFA) is enabled. MFA provides more than one method of\nauthentication from independent categories of credentials to verify the user\u2019s\nidentity for a login or other transaction. Most enterprise applications support\nMFA and users are familiar with the process.<\/p>\n\n\n\n
- Employee training<\/strong><\/li><\/ul>\n\n\n\n
- Patch\nmanagement<\/strong><\/li><\/ul>\n\n\n\n
- IoT security<\/strong><\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/07\/zscaler-building-1000x694.jpg\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"