web analytics

Spy vs spy: Security agencies help secure the network edge – Source: www.networkworld.com

spy-vs-spy:-security-agencies-help-secure-the-network-edge-–-source:-wwwnetworkworld.com
Rate this post

Source: www.networkworld.com – Author:

With the rise of attacks on edge devices enabling further incursions by attackers into enterprise networks, it’s time for everyone to step up their security game, say agencies in the Five Eyes alliance

The national intelligence services of five countries have offered enterprises advice on beating spies at their own game in a series of documents intended to help them protect network edge devices and appliances such as firewalls, routers, VPN (virtual private networks) gateways, internet of things (IoT) devices, internet-facing servers, and internet-facing OT (operational technology) systems from cyberattacks.

The Five Eyes alliance brings together the intelligence agencies of Australia, Canada, New Zealand, the UK and the US. The various agencies have each approached the challenge of securing the network edge from a different angle, releasing their reports on Tuesday.

“Foreign adversaries routinely exploit software vulnerabilities in network edge devices to infiltrate critical infrastructure networks and systems. The damage can be expensive, time-consuming, and reputationally catastrophic for public and private sector organizations,” the US Cybersecurity and Infrastructure Security Agency (CISA) said in its introduction to the guidance. “These guidance documents detail various considerations and strategies for a more secure and resilient network both before and after a compromise.”

The new documents are in addition to the US guidelines that helps manufacturers build devices that are secure by design. The Canadian Centre for Cyber Security (CCCS) was the lead on Security Considerations for Edge Devices, which not only provides a detailed list to to-dos for corporate IT, it links to specific guidance on security for remote workers and organizations with bring your own device (BYOD) models, as well as guidance for manufacturers of edge devices.

A solved problem

In a not-so-subtle jab at manufacturers of products with poorly secured network management interfaces (NMIs) it also noted, “It is possible for vendors to harden their products so that they remain secure with NMIs  exposed to the internet. This is a solved problem, and customers should demand vendors harden their devices to secure NMIs.”

Digital Forensics Monitoring Specifications for Products of Network Devices and Applications, led by the UK’s National Cyber Security Centre (NCSC-UK), focuses on minimum requirements for forensic visibility. It details what should be logged, how the logs should be stored and secured, and the requirements for forensic data acquisition in case of an incident.

“By following the minimum levels of observability and digital forensics baselines outlined in this guidance, device manufacturers and their customers will be better equipped to detect and identify malicious activity against their solutions,” it said. “Device manufacturers should also use it to establish a baseline of standard features to include in the architecture of network devices and appliances, to facilitate forensic analysis for network defenders.”

Australia took the lead on two documents: Mitigation Strategies for Edge Devices: Executive Guidance and Mitigation Strategies for Edge Devices: Practitioner Guidance. These guides, led by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), provide a summary of mitigation strategies and best practices on securing, hardening, and managing edge devices effectively, and technical details on seven mitigation strategies for operational, procurement and cybersecurity staff to implement to reduce risk to edge devices.

“The Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC) has noted a concerning increase in the number of incidents involving edge device compromises,” the practitioner guidance said. “Edge devices are internet exposed, typically difficult to monitor and able to access other assets on the network, providing an appealing ingress point and target to malicious actors.”

The final document, led by CISA, is an update of a 2023 guide on Secure-by-Design principles for manufacturers with links to resources on implementation.

“Products designed with Secure by Design principles prioritize the security of customers as a core business requirement, rather than merely treating it as a technical feature,” the introductory web page said. “During the design phase of a product’s development lifecycle, companies should implement Secure by Design principles to significantly decrease the number of exploitable flaws before introducing them to the market for widespread use or consumption. Out-of-the-box, products should be secure with additional security features such as multi-factor authentication (MFA), logging, and single sign-on (SSO) available at no extra cost.”

A big deal… if device manufacturers comply

The guidance for manufacturers particularly excites Frank Dickson, IDC’s group vice president for security and trust. “This is a super big deal,” he said. “It is legitimately huge, especially if device manufacturers capitulate and comply with these requirements.”

“These devices are mission critical,” he added. “and some of these devices have got a ridiculous amount of vulnerability in terms of amount of data [flowing through them].“ Despite that, he noted, many offer no visibility into what’s going on inside, so customers can’t assess whether the manufacturer is doing a good job in updating firmware and being proactive.

Katell Thielemann, distinguished VP analyst at Gartner, is also pleased with the guidance, but noted that it’s merely a start.

“The advisories are positive in that they show that the Five Eyes community is collaborating to bring forth best practices,” she said. And they continue “to remind the community that anything internet connected is by default exposed and a potential target.”

OT is not IT

However, she doesn’t feel that lumping together internet connected firewalls, routers, IoT devices, and OT systems in an advisory is helpful to the community, and “neither is calling them ‘edge devices,’ because it assumes that enterprise IT is the center of the universe and the ‘edge’ is out there.”

“That may be true for firewalls, routers, and VPN gateways, but not for OT systems,” she continued. “These OT systems are Cyber-Physical Systems (CPS) that support value creation production and mission-critical environments. They are not the edge; they are the core of operations.”

Many are internet connected to support remote operations and maintenance, she noted, so “the goal there should be to give advice on how to remote into those systems securely, and the tone of the advisories should be targeted to the production realities where IT security tools and processes are not always a good idea.”

Dickson, too, thinks the guidance is a good first step, but added, “if we allow the logging and visibility for digital forensics, it would be also nice, if there was an issue, that we were actually able to do remediation on that device, some sort of interdiction.”

“It’s been a massive problem for some time,” he said. “The fact that there’s a large, coordinated, action across the multiple Five Eyes countries is extremely significant. It’s strong, it’s loud, it’s appropriate, it’s all good things. Frankly, I was so impressed that that they had been announcing this, that I was just, ‘Thank God, we finally are addressing this issue.’

“All we need to do is have a couple of really large organizations implement [the guidance] as a requirement for buying some of these edge devices in the future and [the problem] will be solved.”

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Original Post url: https://www.networkworld.com/article/3818577/spy-vs-spy-security-agencies-help-secure-the-network-edge.html

Category & Tags: Network Security, Security – Network Security, Security

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos