A large portion of virtually every business enterprise today relies heavily on different types of infrastructures whose backbone is based on networking. Maintaining the security of those networks is as important as the security of your company data and communications systems. Many corporate systems - such as systems dealing with digital communications, e-commerce, transactions, trading, marketing, data storage, billing, etc. - rely on networks, whether in the form of email, telephones (i.e. VOIP), smart-devices, servers, routers, endpoint devices, and more.
Many critical corporate cyber-security systems are also directly integrated with network systems, such as VPNs, firewalls, network encryption systems, and web applications. Network security statistics show that in 2015, 66 percent of significant, sensitive data was stored on-site. Your company's network may have points or segments that directly expose your sensitive servers to the world via connections to the public internet. If your company has a website, then the web server and web application server - that are many times linked to backend systems - could allow a cyber-criminal to obtain unauthorized access to your servers if proper security controls are not in place, which can result in a data breach. If your company has host systems that can access the public internet, then Next Generation Firewalls, Network Intrusion Detection systems (IDS), etc. are necessary controls.
The configuration of your network, as well as its architecture, is equally important as a lack of patches, in conjunction with network misconfigurations, can create security holes that can be exploited. Thus it is imperative for you to intimately know the design and architecture of your entire corporate network including knowledge of your servers, the placement and use of your routers and switches, and how everything is configured. Because network designs and implementations change, it is important for your company to keep abreast of all changes to make sure that no security holes are introduced into your corporate systems, especially when there are hardware or software changes in your environment (i.e. updating or changing your network design, changing router configurations, hardware firewalls, servers, and other network devices).
The best way to actively remain up to date regarding your network is to monitor all network software and hardware. Networking services and applications are very dynamic in nature, which means that they become moving targets for cyber criminals, and also means that attack surfaces are constantly changing. Without network monitoring and full knowledge of the attack surface it is impossible to defend your network from cyber-attacks. This is why constant network monitoring and network security testing must be conducted, and we are fully equipped and trained to carry out such tests in order to detect vulnerabilities.
IT networks operate as communication channels for data to be transmitted and received. Business networks operate as interconnected systems - from private backend host systems to the public internet - and as noted before, segments of your network that are connected to the public internet allow an entrance into your backend systems.
Thus your networks must maintain a tight seal of cyber-protection, which entails that all systems must be up to date, tested, and patched. This is because a single misconfigured server, insecure device, unpatched network device, server, router, etc. can introduce a hole that can allow your entire system to be compromised. More importantly is the fact that hackers often utilize the principle of pivoting when compromising a system, which essentially is the offensive mechanism for gaining access to a network system and utilizing that system to connect to - and breach - other systems that are connected to it.
Thus a cyber-criminal could potentially conduct a multitude of indirect attacks to compromise your entire corporate network by attacking one system after another in order to ultimately gain higher levels of access to more sensitive systems which can result in data breaches, data extraction, and data theft.
Auditing your network systems consistently is one of the major ways that your company can stay one step ahead of cyber criminals, by identifying and correcting vulnerabilities that can lead to data breaches.
There are a number of methods and protocols that can be used to maintain complete data security. For instance, the SANS Institute released a report of the 20 top critical security controls to use in order to mitigate cyber-threats. CSC1 and CSC2 stress the necessity and importance of having a complete device and application inventory so that all devices and software in use can be identified as either authorized or unauthorized. This simple step can have powerful results in the process of maintaining network security.
When your company undergoes initial network scanning of devices, ports in use, services running, etc. the baseline report can be set and later used for assessments when further testing is carried out, which can be used to show changes over time. If a new server shows up unexpectedly it can be identified during an audit and compared with the baseline assessment. In another example, a service may be accidentally enabled.
A routine audit, in conjunction with keeping an updated inventory, gives your company a complete picture and in-depth view of your corporate network, while providing information on network changes made and revealing all network attack surfaces, which greatly improves security due to knowing where the risks and threats exist.
Unpatched systems allow vulnerabilities present in a system to be exploited by cyber-criminals, thus it is of the utmost importance to consistently test your network systems in order to find any potential security holes so that they can be corrected. A myriad of publicly-available security exploits and payloads, matching certain systems and vulnerabilities, is widely available in many hacker communities. In addition to this, misconfigured systems often result in security holes that present an increased attack surface in an IT infrastructure.
It is thus important to identify the necessary services that each network device in your company needs to run, along with the appropriate ports, while also conducting routine audits and using the principle of hardening network systems to disable unnecessary ports and services to reduce your company's attack surface.
A system with unnecessary open ports that is also running services and functions that are unneeded (all of which can easily be ascertained by a hacker in the vulnerability and port scanning stages) can present an easy target to an attacker. This can allow sensitive data to escape into public systems in an otherwise secure system.