How Can I Reduce Network Security Risk – Part 3
Step 3 – Periodically test your defenses to make sure they are actually detecting and blocking threats
I recently wrote a blog Find Your Security Vulnerability Before Hackers Find It For You and I wanted to come back and explore all three steps that I outlined in that post in more detail. This blog will examine the third and final part of that three-point plan.
Step 3 is about testing your architecture to make sure that it is continuing to work as designed. Your network changes throughout the course of a year to adapt to new business requirements. How do you know for sure that your security defenses still work correctly? For instance, did that last software update cause a feature compatibility issue between older products and newer products? Maybe a firmware update did not update correctly? Maybe your upgrade to IPv6 created some new problem in your rate limiting plan or is now causing logging issues. Worse yet, maybe someone made a change (or changes) to the network, and didn’t pass the information on to you and the rest of the security team.
In any case, you need to be able to ensure that your defenses are still working correctly. This is where breach and attack simulation (BAS) can help you safely check your defenses against real-world threats. Basically, you use the solution to attack yourself. Can your network defend against DDoS, WannaCry, Eternal Blue, Not Petya, or Ryuk? Find out now, before a hacker does it for you.
Another use case for BAS is to validate whether security updates and patches were applied correctly. If you installed the patches yourself, then I’m sure that the probability should be high that they are correct. However, maybe you are new to the company. It may be hard to know what patches were, or were not, applied to equipment before your arrival. BAS can help here, especially if the BAS solution has a recommendation engine that suggests fixes for specific types of manufacturer equipment. This can also include software update levels. What was once very time consuming can become a lot simpler and faster.
Finally, a third fundamental use case for BAS is to validate that the proper fixes were applied and that they work as designed. For instance, say that your network is attacked, and the attack is successful. Whether personally identified information (PII) was released or not, you want to fix the security flaw(s) as soon as possible. Once you create a fix, how do you know if the vulnerability has actually been fixed? It can be hard to tell without actually launching an attack against your network to see how the network responds this time. However, once you do this, there is a very real fear that if the fix doesn’t work, you just created a very nasty self-inflicted wound – not something you want to go explain to your boss or the CISO. A BAS solution allows you to safely test your network without the fear of damaging it. Now you can know for sure and can relay that information up the management chain.
If you have any network security concerns, reach out to Keysight or myself, and we’ll show you how you can create the visibility you need to see your network security problems.
See for yourself how Keysight’s solutions can significantly enhance your company’s security architecture!