Trustwave report shows why security basics matter

Following on from last week’s blog post on the Verizon Data Breach Investigations Report (DBIR), here are some thoughts on the latest report from Trustwave. The eight Trustwave Global Security Report analyzes hundreds of data compromise investigations done by the firm across 17 countries. The key takeaways?  Alarmingly, 97% of the applications tested by Trustwave have one or more security vulnerabilities, with 10% of those classed as ‘high risk’. The company also discovered that 40% of all data breaches occurred on internal corporate networks, and that the average time from intrusion to detection was a 86 days!

The report makes several key recommendations as to how organizations can improve their overall security posture, including better management of firewall configurations, properly logging and monitoring network activity, and implementing good policies and procedures. How best, then, can organizations implement these recommendations?

Better configuration management

The Trustwave report states that misconfigurations played a role in 17% of all attacks targeting the internal corporate network, as well as 9% of attacks targeting ecommerce systems and 8% of point-of-sale (POS) attacks – figures which agree closely with AlgoSec’s recent survey, which found 20% of organizations had experienced a breach as a result of a manual error in a security process.

Meanwhile, as we’ve previously blogged, Gartner has predicted that, by 2020, 99% of all specific firewall breaches will be caused by misconfigurations, rather than flaws in the firewalls themselves. By automatically managing security device changes, organizations can dramatically reduce the likelihood of a misconfiguration occurring and therefore improve their overall security posture.

But it doesn’t stop there. Firewalls should also be used to maximize security by segmenting the network into silos.  By far the greatest proportion of the damage caused by a successful cyberattack is done after the network has been breached – by the hackers exploring the network laterally, moving from machine to machine and database to database, stealthily collecting valuable information.

Remember that 86 day period between intrusion and discovery? That’s a long time for cyber criminals to be inside your network, snooping out data.  Network segmentation can help stops these exploration expeditions in their tracks.  Indeed, smart network segmentation can protect against a whole host of the malware variants identified in the Trustwave report – from memory scrapers, backdoors and remote administrator tools (RATs) to downloaders and adware.

Proper logging and monitoring of network activity

What does ‘proper’ logging and monitoring look like? One way to consider this issue is to look at how vulnerability scanners work. Traditional vulnerability scanners typically provide an IP address for an identified vulnerability, which allows a certain amount of honing in on its source, but isn’t particularly tied to overall business operations.

At AlgoSec, we integrate with vulnerability scanners to associate vulnerabilities with their respective applications, which enables organizations to prioritize the risk of particular vulnerabilities based on the importance of those applications and overall business need. This is a far more business-centric way of managing and prioritizing security.

Another element of this strategy lies in identifying suspicious traffic on the network according to geographical source – though this must, of course, be used in conjunction with intelligence about normal traffic sources for the business in question. A business with no Asian operation that suddenly receives a flood of Chinese traffic, for example, may choose to block all Chinese IP addresses.

Security from the inside out

In its report Trustwave also highlights the issue of cyber criminals taking data out of your network. Egress filtering makes it difficult for criminals to take data out of your network – once again, helping to minimize the damage following a breach.

Basic principles = advanced information security

Ultimately, while the Trustwave report highlights the dynamic and dangerous security landscape, many of the most serious cyber-risks can be mitigated with intelligent implementation of basic, strong infosecurity principles.   Careful network segmentation and automating device configurations and changes can go a long way towards mitigating the security threats facing businesses today.