A Blog by Jonathan Low

 

Aug 18, 2021

How Remote Work IT Has Created New Security Problems and Opportunities

The threat - and the opportunity - may come from IT groups within existing organizations re-orienting to a more external focus on hardware and software vulnerability which will change the way they work and with whom they collaborate and contract. JL

Michael Vizard reports in Venture Beat:

The consumerization of IT is exacerbating a long-standing cybersecurity issue. Enterprise IT organizations employ a wide mix of cybersecurity point products to secure their environments. The challenge is all those point products don’t provide the context needed to identify cyberattacks largely aimed at processes and the people that drive them. Most cybersecurity teams spend an inordinate amount of time integrating cybersecurity point products in the hopes of surfacing relevant context. The issue is they spend more time maintaining those integrations than they do discovering and thwarting cybersecurity vulnerabilities and threats.
Enterprise IT organizations are now facing additional cybersecurity challenges that are a direct result of employees working from home more often, according to Cato Networks, which published a report today that highlights how the consumerization of IT is leading to increased cybersecurity risks. Cybercriminals are targeting devices such as wireless access points that end users commonly use to access corporate networks. By stealing the data that identifies those devices, cybercriminals can create a copy of that identity on another system. “That allows them to suppress an identity challenge,” said Etay Maor, senior director of security strategy at Cato Networks. 
Based on an analysis of 263 billion enterprise network flows between April and June 2021, the report documents how systems like Amazon Sidewalk, a shared network made up of devices such as Amazon Echo smart speakers, Ring security cameras, outdoor lights, motion sensors, and Tile trackers, are finding their way on to enterprise IT networks. 
Spoofing legitimate devices 
The report details how Houdini malware can be used to allow cybercriminals to spoof trusted identities of devices on an enterprise network. Houdini is a well-known remote access trojan (RAT) that intruders can use to exfiltrate data via a user agent field, the request header that enables servers and network nodes to identify the applications, operating systems, and devices on an enterprise network. 
The challenge is that legitimate applications also employ a user agent field, so it’s not practical to turn off those user agent fields, said Maor. In fact, the only way to identify this type of threat is to correlate security and network analytics to identify when identity data is exfiltrated by cybercriminals, he added. 
A clue that this is happening is when a device that appears on a corporate network is physically located halfway around the world from where it should be. This threat vector is becoming easier to exploit now that cybersecurity criminals can employ spoofing-as-a-service platforms that have emerged in recent years, noted Maor. 
Protecting devices at work 
In general, the consumerization of IT is exacerbating a long-standing cybersecurity issue. Enterprise IT organizations today employ a wide mix of cybersecurity point products to secure their environments. The challenge is all those point products don’t provide the context needed to identify cyberattacks largely aimed at processes and the people that drive them. In fact, Maor noted that most cybersecurity teams today spent an inordinate amount of time integrating cybersecurity point products in the hopes of surfacing relevant context. The issue is they ultimately wind up spending more time maintaining those integrations than they do discovering and thwarting cybersecurity vulnerabilities and threats. 
Cato Networks is among several providers of secure access service edge (SASE) networks delivered as a service. That approach makes it possible to unify the management of networking and security that makes it easier to surface the context need to identify, for example, device spoofing. 
It’s too early to say to what degree the consumerization of IT might drive organizations to outsource networking and security services rather than continuing to deploy routers, switches, firewalls, and a host of other gear themselves. In addition to acquiring and deploying those devices, organizations need to hire the IT professionals they need to manage and secure those networks. Cato Networks, for example, provides a global SASE service designed to be co-managed by IT teams, but the IT department still needs to manage which employees gain access to what specific applications. 
One way or another, IT is being transformed utterly as consumer devices become a bigger presence on enterprise networks. The issue is whether IT leaders will be able to adjust their approach to securing those networks before cybercriminals find new ways to exploit them.

0 comments:

Post a Comment