Best Practices for Defending Your Data from Rebel Scum

Many things seem impenetrable until a “small vulnerability” is exploited. The phrase “small vulnerability” almost sounds like an oxymoron when you think about it.  Take the fable of one Luke Skywalker and the Death Star.  In the story, Luke exploited a small two-meter-wide thermal exhaust port in the Death Star’s design to destroy the ultimate weapon and break the Galactic Empire in its moment of triumph. To make matters worse, the Empire was warned about this “small vulnerability,” but the Galactic bureaucrats reasoned that the risk was small and the whistle-blowers were overestimating rebels’ chances.  

Every fable has a lesson: The one here is that an organization is only as strong as its weakest link. No vulnerability is too small and no risk is worth taking when your entire business is on the line. This should sound all too familiar if you follow business and security news.  Time and again the story remains the same; Business X is warned of a potential risk, but takes no action because the risk is “small” or the solution costs too much. Then someone exploits this weakness only to cost Business X way more money than the actual fix would have cost if addressed from the beginning. In the aftermath Business X’s reputation is further damaged when it’s revealed that they knew about the vulnerability all along and did nothing.

One element remains constant: when you have something someone else wants they will never stop looking for ways to take it from you.  The gate didn’t stop the barbarians and the Death Star was no match for the “rebel scum.”  When a motive presents itself to an interested party – be it a tactical victory in an intergalactic war or the theft of critical data – such vulnerabilities will be discovered and exploited. It’s not a matter of if, but when.

Considering the time, effort and expense the modern enterprise invests in IT security and specifically data loss prevention (DLP) to gain visibility into and control of the network environment, isn’t it shocking to learn that most organizations don’t extend these capabilities into its encrypted networks?

While next-generation firewall (NGFW) technology has improved the intelligence of IT security efforts by enabling some content inspection, there are still “small vulnerabilities” not being addressed. For instance, while NGFW control of SSL is granular and can take place in real time, the lack of a detailed audit trail represents a substantial security risk.

NGFWs focus on real-time content inspection often overlooks forensic analysis. Without content indexing future search functionality is impossible which makes the entire process rather useless unless you have staff monitoring encrypted traffic 24/7. Additionally, NGFWs only offer command-level logs of SSH sessions, lacking support for graphical protocols such as RDP and do not provide a means of supporting shared account mapping, or key or password vaults.  A modern enterprise requires a modern security strategy.

In short, NGFWs are valuable tools, but leave privileged access management (PAM) vulnerabilities in place that by no means should be considered too small to address.

The inability to inspect encrypted traffic, apply DLP policy and provide a tamper-proof audit trail represents a tremendous vulnerability in modern cybersecurity strategy.  For many enterprise businesses this is the proverbial thermal exhaust port. The threat could present itself as a malicious insider, à la Edward Snowden, or tomorrow’s headline-worthy security breach. The moral of the story: Don’t wait for an audit failure to take action, because by that point it might be too late. 

The best defense is a holistic, inline approach that includes Active Directory integration, shared account mapping, encrypted channel monitoring, DLP enablement, real-time alert functionality, session termination and thorough audit capabilities to addresses the comprehensive PAM needs of the modern enterprise.

Don’t get Death Starred by overlooking seemingly “small vulnerabilities.” These can be capable of bringing even the mightiest of empires to its knees.

The bad news is that you can’t control J.J. Abrams’ mind as he directs the upcoming Star Wars VII film.

The good news is that your enterprise can still avoid the Death Star’s fate by following these best practices.

About the author: John Walsh is a Software Engineer and a member of R&D at SSH Communications (News - Alert) Security where he has focused on core product development and technical support. John has over 10 years of experience in software design in the IT security industry. Prior to joining the company, he worked at IBM (News - Alert) where he designed and developed a number of key software features for security products such as LDAP, Firewall, and Java Cryptography. John holds a BS in Computer Science from Binghamton University as well as an MS in Management Information Systems from Marist College.