Recorded Future - How to Bolster Network Perimeter Defenses With Security Intelligence

Cybercriminals continue to utilize remote code execution attacks that target edge devices as a way to breach network perimeters. To prevent these types of breaches, network security teams need to evolve their approach toward bolstering security postures at the edge.

Recorded Future’s security intelligence philosophy introduces three principles that work in harmony to help network security teams strengthen the policies and controls that govern and protect their network perimeters. By proactively planning and incorporating the principles of security intelligence, organizations can minimize the impact of cyber threats and improve the resilience of their IT networks.

The State of Perimeter Security

The use of IoT networks, personal devices, and the public cloud has exploded in recent years. While these activities take place outside of network perimeters, they also greatly increase the amount of activity that takes place on premises and in private clouds — inside of network perimeters. At the same time, perimeter security is susceptible to advanced cyber threats that can sometimes evade detection.

All of this makes protecting network perimeters more difficult than ever for security professionals, especially when non-IT management teams may hear that “the perimeter is gone” in various “digital transformation” marketing campaigns. In reality, at the operational level, there are simply too many data packets flowing into and out of the network for resource-strapped teams to keep up with. The perimeter is not, in fact, dead. If you are a network system administrator, you know this all too well.

How to Amplify Perimeter Security Effectiveness With Security Intelligence

So, what is security intelligence, and how does it amplify the effectiveness of network perimeter security teams? In short, adopting this philosophy empowers security teams to expose unknown threats and provide information that enables better decision-making. By producing a common understanding of external and internal threats, as well as threats related to third-party ecosystems, security intelligence can provide the context network security teams need to accelerate risk reduction exponentially across the entire perimeter.

This new philosophy could have a major impact on how effectively network security teams are able to defend their organizations’ perimeters. And it comes just in time, as network perimeters are becoming more vulnerable to remote code execution attacks that target publicly available edge services, which provide opportunities for breaching network perimeters.

Many edge services are vulnerable to attacks due to inconsistent patching and a lag in updating both the operating systems and the applications running on their servers. That means more and more attacks are getting through network perimeters and finding their way inside organizations — both on premises and in the cloud.

That’s why it’s now critical to leverage the security intelligence philosophy — or, more pointedly — the solutions that help teams take back control of their perimeter. Adopting this philosophy allows you to drive your perimeter security policies and controls with confidence, whether you are building them from scratch or simply tuning them up as the business needs and supporting operating environment expand or change.

The Principles of Security Intelligence

The security intelligence philosophy includes three principles that each stand alone to improve individual organizational needs, or work together to holistically accelerate your security effectiveness. Together, these principles can guide your network security team in building a comprehensive security strategy that leads with the perimeter, but also addresses the entire operating environment of which the perimeter is often the gatekeeper:

  1. Threat intelligence provides context around the who, what, and why of potential cyberattacks by utilizing machine learning and automation to consume and analyze massive amounts of threat data and technical research from open, closed, and dark web sources. By correlating relevant, real-time insights from all these sources with internal network data, perimeter security teams can drive faster and more informed security decisions specific to their on-premises and cloud environments.
  2. Brand protection enables security teams to quickly identify what’s being targeted by malicious threat actors and respond to reputational attacks against their brand, as well as the digital risks of the company and its customers. This includes fake accounts, services, apps, APIs, and websites that are set up to attract redirected traffic and provision inappropriate content that can harm organizations and their customers.
  3. Third-party risk management helps analyze and mitigate risks originating from ecosystems that share sensitive information with suppliers, partners, contractors, agents, temporary workers, and other third parties. Keeping a close eye on the third-party supply chain is critical — breaches to one entity can quickly infiltrate an entire ecosystem.

By leveraging the security intelligence principles, your network and perimeter security teams can improve threat analysis, vulnerability management, fraud prevention, and incident response capabilities.

Applying Security Intelligence to Perimeter Policies and Controls

You can apply security intelligence to several aspects of your organization’s perimeter security strategy. For example, consider an email gateway that accepts communications from designated locations, devices, and protocols. If the network security team receives intelligence from the dark web that a hacker is using a particular protocol and port to commit fraud, the team can adjust the policies and controls on that gateway before a compromise occurs.

Or, in another case, you might grant VPN access to third-party partners who place orders online for your products. If open source monitoring analysis enhanced through your intelligence feed indicates that one of the partners has been compromised, you can adjust the risk level and the policies for that particular partner. Or, if the entire VPN service has been breached, you can shut down that third-party service and re-route the traffic through another secure channel until the attack is mitigated.

In another example, firewalls can only do their job if they have access to the latest threat indicators; static rules just don’t cut the mustard these days. By integrating security intelligence with your existing security technologies, such as your next-gen firewall, you can identify and implement new, dynamic rules to ensure users and systems are protected from the latest malware, ransomware, phishing, and malicious URL attacks.

Digital Asset Protection for You and Your Supply Chain

Along with the continuous enhancements of digital transformation technologies, a host of new security risks will surely come along. With cyberattacks coming from IoT networks, mobile devices, public clouds, partner and customer integrations, and even internal threats, a sophisticated approach to improving perimeter security postures and cyber resilience is more critical now than ever.

Proactive security planning that incorporates the three principles of security intelligence will minimize the impact of cyber threats and bolster resilience. By addressing cybersecurity across your entire organization, including your own network perimeter and any third-party vendors you utilize to make it all work, your security team can enable your company to maintain its competitive advantage — by better protecting your digital assets — internally and across your supply chain.

Start making your move toward security intelligence today — download the second edition of “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program” and find out how the three core principles of the security intelligence philosophy can provide a comprehensive approach to your perimeter threat-mitigation strategy.

The post How to Bolster Network Perimeter Defenses With Security Intelligence appeared first on Recorded Future.



from Recorded Future https://www.recordedfuture.com/security-intelligence-network-defenses/

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more