Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
In modern network environments focused on cloud technology, organizations have undergone a significant transformation in the development and deployment of their IT assets. The introduction of cloud technology has simplified and expedited the deployment process, but it often lacks centralized change management. The cloud's shared responsibility model enables quick deployment and scaling but can pose security risks if not properly managed and understood. However, this newfound ease also presents a challenge in effectively managing these assets.
Gone are the days when IT assets were confined behind on-premises firewalls, where administrators manually configured security settings. In those rigid environments, deploying new internet-facing assets required a complex change management process involving collaboration between network and security teams to optimize functionality and security. However, with the shift to cloud and hybrid environments, this burden has been reduced. Now, anyone with the appropriate administrative privileges can deploy new internet-facing assets on the cloud and connect them to the internal network without extensive optimization.
While the increased efficiency and scalability offer benefits, they often result in a lack of visibility and control over IT assets. As organizations strive to scale rapidly, they frequently lose track of the number of assets operating within their networks. These invisible and unmonitored assets can serve as entry points for threat actors, facilitating sophisticated cyberattacks. It is common for these types of assets to act as initial entry points or enable lateral movement during penetration testing and red teaming exercises.
In the realm of cybersecurity, it is impossible to secure assets that are invisible or unknown. Therefore, effective asset management becomes a paramount concern in today's cloud-first business model. Unfortunately, due diligence is often overlooked during the digitization and cloud expansion processes across various industries. Business pressures, project deadlines, and key performance indicators drive organizations to add new assets to their IT infrastructure without conducting proper penetration testing or security assessments.
Consider a scenario where a business deploys a new SSH server to provide third-party contractors with access to critical resources. If the SSH server is not proactively secured, any underlying vulnerabilities and risks may go unnoticed. Threat actors are quick to exploit such vulnerabilities, using automated malicious bots to scan the web for unpatched or vulnerable assets, leading to potential cyberattacks.
Furthermore, security teams often fail to recognize that third-party applications used by external entities to connect to an organization’s servers should be considered integral parts of the wider IT asset landscape. This oversight can also be attributed to the proliferation of remote working. Since the pandemic, more businesses have embraced remote work, resulting in increased usage of remote access solutions. The rapid move to remote and hybrid working meant the adoption of remote access and BYOD solutions had to be expedited and in some cases that security debt still needs to be paid. This type of rapid shift often circumvents change management processes creating blind spots within an environment.
Another challenge can arise from disengagement between network and IT security teams. Operating in isolation, these teams often lack a comprehensive understanding of the organization’s assets. Network teams tend to prioritize network availability and performance, leading to the deployment of new servers or applications without involving the security team for assessment. Meanwhile, security teams, already facing staffing shortages, struggle to keep up with identifying new assets across the broader network, leaving vulnerabilities unaddressed and increasing the risk of ransomware attacks and other security incidents.
To address these issues, organizations must place emphasis on effective asset management. A robust asset management strategy integrated into business processes enhances the security team’s operational efficiency. It provides a clear overview of the assets to monitor, enables optimization of security policies for different assets, and facilitates the configuration of existing solutions for better security. This, in turn, maximizes the return on investment from security solutions and professionals and ensures compliance with relevant regulations such as PCI-DSS, HIPAA, and NIST.
Implementing a successful asset management plan requires a systematic approach. Like being a shepherd counting the sheep in a flock, the first step is to inventory the entire network, identifying every device, software, firmware, and server. This may include scanning the cloud infrastructure, internet-facing systems, and even physically inspecting on-premises infrastructure. Once the initial inventory is compiled, it must be regularly updated and maintained to track authorized changes and identify any rogue or unexpected assets on the network.
Additionally, organizations should incorporate threat-hunting practices into their asset management approach. Regular penetration tests and vulnerability scanning across all assets are crucial to identifying and addressing threats and vulnerabilities promptly. These activities can have the additional benefit of fining rogue devices, but also are more effective when an effective asset management process is in place. However, for some businesses, conducting extensive inventory processes and regular threat-hunting exercises may be challenging due to resource constraints and a shortage of skilled security professionals. In such cases, third-party Managed Detection and Response (MDR) services can be leveraged. These services provide access to global Security Operations Center (SOC) teams that can ensure visibility across on-premises and cloud security infrastructure, offering round-the-clock monitoring and timely vulnerability detection without the overhead and challenges of building and managing your own SOC.
Effective asset management is essential for maintaining security maturity and resilience in the face of evolving cyber threats. It should be a top priority and foundational layer for business leaders when implementing cybersecurity policies. By prioritizing asset management, organizations can enhance their security posture, optimize existing security investments, and meet compliance requirements, ultimately safeguarding their digital assets and operations in the cloud, on-prem, or hybrid environment.
This article originally appeared in CPO Magazine.
Damian Archer is VP, Consulting & Professional Services Americas at Trustwave with over 15 years of experience in the security industry and holds the CREST Certified Infrastructure Tester (CCT INF) credential. Follow Damian on LinkedIn.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.