Network Security
Nov 17, 2023

Security Field Day 10

It's that time of year again when the security delegates from Tech Field Day descend on Silicon Valley (well, in this case, descend virtually on Silicon Valley) to hear about the cool new things vendors are doing in the security space. This year, I was fortunate to be one of the presenters at XFD10 along […]

It's that time of year again when the security delegates from Tech Field Day descend on Silicon Valley (well, in this case, descend virtually on Silicon Valley) to hear about the cool new things vendors are doing in the security space. This year, I was fortunate to be one of the presenters at XFD10 along with my partner in crime, Matt Honea, Head of Security and Compliance at Forward Networks. Together, we walked the delegates through how bad actors are becoming more intelligent and how Forward Networks can assist in identifying issues, leading to faster resolution times.

The State of the Security World

Matt discussed how threat actors are more brazen than ever when targeting their victims. Which, for lack of a better word, is horrendous!

Why does it seem that every news headline is “ {{ Insert large company name here }} was breached!”? Our technology footprint (and attack surface) is drastically expanding and increasing in complexity. The proliferation of SaaS apps holding sensitive company data, the move to the cloud, and the explosion of mobile apps, wearables, and devices all create new vulnerabilities.

Matt pointed out that in the ten years between 2013 and 2023, the number of vulnerabilities increased 5x from ~5000 to ~25,000. As a small sample, I decided to take an inventory of my family and see how our technology footprint has expanded, specifically thinking about mobile apps, devices, and wearables. I threw my hands up and stopped counting once I hit 50 devices for a family of four. From cell phones to tablets to watches and IoT devices, it is easy to see how the attack surface has exploded. If you extrapolate this to a large enterprise, tracking the constantly changing footprint is almost impossible.

The Game Changer: Network Digital Twin for Network Security

Given the current level of complexity, NetOps teams need software support to understand the hybrid multi-cloud network, its devices, their connectivity, exposure, and vulnerabilities. I got to show the delegates how Forward Networks provides unprecedented visibility into the network and gives operators the data they need to assist in a security incident (or alert) and detect configuration deviations that could cause a security incident. Here, we will look at common attack types, the protection recommendations, and how Forward Networks can help identify and aid in the remediation.

Third-Party Vulnerability

Synopsis:

  • A software company issued an advisory and a patch with a severity rating of 9.8/10.
  • If the software was on the internet, it was exposed.

Recommendations:

  • Find out exposure and patch.
  • Disable and contain traffic to the server.

How Forward Networks could assist:

  • Ensure that no open ports are going to the server hosting the software.
    • By using Forward’s policy checking, engineers can define a policy with the criteria you want to be present (or not be present). At every collection interval, the platform will run these policy checks and alert if a deviation occurs.
  • With integrations with Rapid7 and Tenable.SC, Forward Enterprise can set an exposure point and show what switchport that host is connected to and what that host has access to. You can also launch a path view between the host in question and other hosts in the environment that the host can access so you can visualize the path and plan remediation efforts.
    • This is also extremely helpful when dealing with a malware/ransomware incident. The hardest part of any recovery is knowing what the compromised host can access. In seconds, you can know what the compromised host can access and see a path view to plan remediation more tactfully.

Social Engineering

  • An attacker gained access to an administrator account and reset MFA.
  • Deployed ransomware into infrastructure.

Recommendations:

  • Identify and protect Tier 0.
    • Have a framework in place to constantly validate access.
  • Having the ability to stay up to date on vulnerabilities and knowing if that device carries traffic to the internet for connecting directly to the internet.

How Forward Networks could assist:

  • Forward Networks automatically creates a security posture matrix that is always up to date. This matrix enables engineers to easily determine the potential for lateral movement between protected areas of the network.
  • Using the Forward Networks vulnerability management application, the organization can see what vulnerabilities are present in their network based on their operating system. The platform highlights configuration-based vulnerabilities and shows which devices are affected and which line(s) should be remediated for that specific vulnerability. Recommendations are prioritized by the severity of the vulnerability.

Cryptomining Breach

  • An unknown number of victims, many running on public Linux servers
  • Brute force SSH to install backdoors and mine for cryptocurrency

Recommendations:

  • Identify rogue devices
  • Layer 7 firewall rule protection

How Forward Networks could assist:

Forward Enterprise supports L2 - L4 searches and enables engineers to search L7 information, like URLs, UserIDs, and Application IDs.

  • Using the Forward Networks Network Query Engine (NQE), engineers can write queries to extract the data that means the most to you; in this case, we can write a query looking for rogue device vendors and alert if these devices are found on the network.

Forward Networks demonstrated at XFD10 how its network visibility and configuration management platform can effectively address security challenges posed by advanced threat actors. Through specific attack scenarios and recommendations, Forward Networks showcased our capability to detect and remediate such incidents, providing invaluable assistance in safeguarding networks against sophisticated threats. If you would like to watch our #XFD10 presentation, you can click this link: https://techfieldday.com/appearance/forward-networks-presents-at-security-field-day-10/

Do you have any comments for us? Share them on social media

Mike Lossmann

After 18 years of experience as a network engineer, Mike Lossmann is now a Technical Product Marketing Manager at Forward Networks.

Subscribe to our newsletter

Make sure you don't miss a post by signing up here for our monthly 'Moving Forward' newsletter

Related Posts

Browse all posts
Top cross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram