The Overlooked Elements of InfoSec: Solving the Unknown Unknowns

Written by

If there’s a golden rule around InfoSec, it probably amounts to “you have to know what exists on your network to effectively protect it.”

While it’s evident that security professionals today are putting tremendous efforts into protecting networks from breaches and intrusions, those events seem all but unavoidable. For many network security pros, it appears that this is a losing battle, after all it seems, no network is truly safe from intrusions.

Many have discovered that it will take more than supposedly impenetrable firewalls, assumed unbreakable VPN encryption, the latest SSL technology and intrusion prevention systems to protect data. The key to success comes in the form of having proper intelligence as to what is happening on the network.

As former Secretary of Defense Donald Rumsfeld famously said, there are “unknown unknowns.” When it comes to your network, it’s these unknown unknowns that can do the most damage in the event of a breach. A problem illustrated by recent intrusions on large corporate networks that went undetected far too long. Simply put, security administrators did not know what was happening on the network.

As modern networks evolve into “all-things-cloud”, the attack surface as well as the number of unknowns increases exponentially. Add to that Shadow IT, where employees outside of the IT department may move data using unapproved information flows, and information security professionals are now less informed about what is happening on their network than ever before.

While some may say the solution to those problems comes in the form of strong corporate policy against unauthorized data transfers, the truth of the matter is that many employees often ignore those policies, viewing them as hindrances to achieving their goals.

Information security professionals can solve the problem of the “unknowns” by leading the charge into network discovery and traffic forensics to better harden the network against intrusions. The trick here is, rather than fighting employees as they transfer data or download applications in their shadow IT efforts, organizations need to simply get better at understanding what is actually happening on their networks regardless of employee actions.

This can be done by gathering the appropriate intelligence by using tools that can assist in the discovery of services running on the typical network. However, with over 131,000 inbound and outbound ports available on the typical TCP/IP network, manually investigating the traffic on those ports is impossible.

Thankfully, there are ways administrators can improve their intelligence-gathering capabilities, including by leveraging security tools that can attain visibility across all TCP and UDP ports (including scanning for evasive threats and hidden ports and protocols).

Advance scanning gives administrators the critical intelligence to comprehend what is actually happening on the network, enhancing their ability to identify potential security threats, including shadow IT.

Beyond basic port scanning, administrators must also deploy the tools that can identify command and control callbacks – which is critical knowledge for thwarting attacks such as network probes and port scans. The security tools in use should also be in a constant state of discovery, looking for changes on the network that result in new services being accessed or offered.

To properly protect networks, information security professionals need to understand their networks better, which will also help them create policy-based automated defenses to stop attacks before they impact operations.

What’s hot on Infosecurity Magazine?