Cover Your Assets: Two Tips to Prevent Hack Attacks
If you don’t know about a piece of technology on your network, how can you properly secure it to avoid a data breach? Much has been written on this topic. However, in my experience, not many organizations invest in the resources needed to tackle the most significant infiltration points left vulnerable to social engineering.
My discussion with ex-Blackhat Hector Monsegur (a.k.a. Sabu) in January stressed this point. Hector discussed at length the benefits of active asset and patch management programs. These two items alone can prevent most of the hacks seen today. The trouble is our work styles have changed. In addition to the cloud, which creates Shadow IT, employees working from home have created a broader attack server for hackers. This amounts to more stress than usual for system administrators and security engineers, and I’ll admit, even the best asset management programs face challenges during COVID.
But alas! All is not lost. There’s still time to get your house in order and take control of your network. For a “how-to guide,” I’ll refer you to my former colleague, Brooks Houk, who posted a wonderful article on Revolutionary Security’s website in 2019. I’ve taken an excerpt from Brooks’ article, still very much applicable today. .
Why Asset Management is Critical to Your Vulnerability Management Program
by Brooks Houck
The first step, like everything else in IT, is proper documentation and governance. If compliance documents do not dictate a naming convention, your team should develop one that, at a minimum, answers the following questions:
- Purpose – what function does this asset perform?
- Is this a production, development, or test asset?
- Location – is this a physical or virtual asset?
- If it’s physical, what is the general location?
- Type – is this a server or client asset?
Next, decide how the assets should be organized. Does it make sense to segment assets by location? This might work well for organizations that are customer-orientated and require low-latency connections. Another method is to organize by purpose. Should all databases be grouped together? This might make sense from an organizational perspective, but it’s not an ideal placement from a security point of view. At a minimum, assets should be separated by type. Servers and clients run vastly different programs and serve discreet purposes. Your organization must decide what makes sense for its assets.
Finally, create asset tags or groups. Asset tags and groups make it easier to segregate data for remediation teams, ensuring they only receive app data that is relevant to them. This is also a popular feature in some vulnerability scanners that makes it incredibly easy to search and identify different assets on the network and quickly perform precise scans when required.
If you have any questions about asset or patch management, or if you’re looking for IT staff to help support you in these efforts, reach out to us at CIBR Ready and CIBR Warriors. We can assess your needs and provide a step-by-step plan to remediate weaknesses and vulnerabilities, and then support you with consulting, staff augmentation if needed, and simulation training to arm your team with the skills necessary to ensure ongoing protection.
For more information, visit us at cibr.com.