Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!
Unless you’re under a rock, you know that the WannaCry Ransomware cyberattack swept worldwide headlines last week.
Organizations scrambled to apply the latest Microsoft security patch to their computers to prevent the spread of the attack. It’s estimated that the ransomware attack hit more than 300,000 victims in 150 countries.
The Target incident opened a lot of eyes to the potential impacts of a security breach. While a lot is still unknown, there is significant information available about what happened and it’s worth taking a closer look at steps that enterprise security teams can employ to prevent their organizations from becoming victims of similar attacks.
Based on the reported details, clearly malware, even well-known attack variants familiar to security vendors and researchers, remains highly difficult to detect and deter altogether. The attack that compromised Target’s point-of-sale devices was no cutting-edge advanced persistent threat, but rather a variation on a well-known piece of code available for only $2,000.
These details highlight the fact that despite continued evolution of malware analysis engines and solutions, some percentage of attacks will always evade initial detection and subsequent prevention. That said – what approach could security and IT risk management officials at Target and other enterprises invoke to prevent a repeat of such devastating results?
For starters, there’s absolutely no reason that once a malware threat compromised one of Target’s point of sale systems, or even a small subset linked together for business purposes, this should have resulted in successful compromise of many other POS devices, or even the organization’s underlying core systems.
Whether the campaign was in fact launched via a POS system itself or from deeper within Target’s network, clearly existing security controls that could prevent propagation across the larger environment were not functioning effectively. Without question organizations of this scale have many different types of such network defenses in place (including firewalls, IDS, SIM, DLP etc.), but in this case the attack escalation was not be mitigated.
Every security and IT risk management official reviewing the Target attacks should be asking if their organization is vulnerable to similar campaigns. And, they should examine the enforcement capabilities of their existing network security controls to serve in just such a manner. Security teams should be conducting a tactical attack vector analysis on every available pathway of access existing across their networks that could potentially expose critical systems, including, where applicable, POS devices, among others.
And while it may still be impossible to prevent every malware infection, effective network segmentation and security device policy enforcement can be leveraged very effectively to limit the impact of attacks if they circumvent initial anti-virus controls. No one would still be talking about Target if one store’s POS systems were compromised, versus the reality that the involved attack was able to propagate across its larger network.
Traditional security technologies including firewalls and next generation firewalls will continue to play a critical role in limiting risk of malware infection, as well as the spread and success of modern threats. However, if you don’t have the detailed information to identify gaps in network security – preventing, mitigating and remediating security breaches will remain a significant challenge.
Today’s enterprises already have the security capabilities in place to stop attacks such as the one that affected Target from escalating throughout their environment. They need greater visibility into how those defenses are aligned, arguably in real-time, and more conclusive security intelligence regarding their overall level of IT risk exposure, in general.
The FireMon Security Manager platform was designed for the specific purpose of providing enterprise practitioners with continuous visibility into the current alignment of their network security device infrastructure, as well as the related exposure of underlying vulnerabilities.
By gaining control of network access and isolating every pathway available across infrastructure that could be leveraged to introduce or escalate attacks, organizations can significantly limit their risk of falling prey to attacks such as the one experienced by Target.
Request an in-depth demonstration of FireMon Security Manager today and learn how more effective management of existing network security defenses can prevent and contain attacks, before your organization is forced to react and spend resources looking at past events, instead of stopping those of tomorrow.
So you’ve purchased a new firewall. Now what?
You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.
Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?
How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It
Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.
However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.
FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.
Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.
Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure
Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.