Mark will share really cool information from his pen tests – including how he was able to gain control to the entire facility of major metropolitan by exploiting a single server. How is this possible? Well, as Mark will share – once an attacker gets control of a PC he or she are really in the dark – and one of the first things an attacker does is run a scan of all endpoints which are accessible from the compromised machine to see what is around. In Mark’s words, nothing is more frustrating to an attacker than realizing he can’t really get anywhere because of effective network segmentation.
Last week we held a webinar with our good friends from Qualys (you can view the recording here). The webinar discussed the integration between Qualys and AlgoSec that enables Application-Centric Vulnerability Management. One of the questions from the audience asked what happened to device hardening? Why is everyone only talking about things such as advanced threat prevention when it comes to security practices.
This week's network security tip goes back to the core of defining your firewall policy:
"Create a rule before the last rule that blocks broadcasting without logging. It resolves huge logging issues in firewall management.”
I recently had the opportunity to sit down with Conrad Menezes to discuss some of the current and future networking and security trends and challenges facing organizations. Conrad held senior executives roles spanning both security and networking at companies such as Sears and American Express. In our conversation, he provided some great insight on topics such as the modern threat landscape, dealing with application overload in the data center and what software-defined-networking (SDN) can mean for organizations.
In our final post on the security policy management maturity model (if you've missed the others in our series, please check out Part 1- Initial, Part 2- Emerging and Part 3- Advanced), we look at the best-in-class or "Visionary" organization. An organization at this level takes a different approach to looking at its security infrastructure. Instead of looking at devices from strictly a firewall/security perspective, visionary organizations are making decisions from the perspective of critical business applications in the data center. All key stakeholders across security, network operations and application teams have visibility of the business requirements and the security implications and are aligned through streamlined and automated business processes. Characteristics of an organization taking an application-centric approach include:
In my previous post on the security policy management maturity model, we examined what an Emerging organization (level 2) looks like. Steps to automate security policy analysis and audits were implemented, but the security policy was only optimized, compliant, etc. at a point-in-time, because changes continue to introduce risk and policy bloat.