Embeddedadvisor
US
APAC
EUROPE
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Go to...
  • Home
  • Insights
  • Whitepaper
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
  • Categories

  • Wireless Technology
  • Embedded Design and Solutions
  • Automotive
  • Electronics Design and Solutions
  • Aerospace
  • More
      • Imaging & Machine Vision
      • IP Design
      • Medical Devices
      • PCB Design/Engineering
      • Test/Measurement
      • Telecom
      • Wearables/Sensor
      • Consumer Electronics
      • Memory/Storage
      • IoT
      • Industrial Computing
Go to...
  • Categories

  • Wireless Technology
  • Embedded Design/Solutions
  • Automotive
  • Electronics Design/Solutions
  • Aerospace
  • Imaging & Machine Vision
  • IP Design
  • Medical Devices
  • PCB Design/Engineering
  • Test/Measurement
  • Telecom
  • Wearables/Sensor
  • Consumer Electronics
  • Memory/Storage
  • IoT
  • Industrial Computing
×
#

Embedded Advisor Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Embedded Advisor

Subscribe

loading

THANK YOU FOR SUBSCRIBING

  • Home
  • Insights
  • Wireless Technology
Editor's Pick(1 - 4 of 8)
left
Upgrading Network Switches To Meet The Demands For Wireless Connectivity

Kathy Lang, CIO, Marquette University

Frustrations of a Healthcare CIO

Mark Crandall, CIO, Consulate Health Care

Digital Transformation of Healthcare with Mobile Technology

Dan Dodson, System Director, IT Innovation, UNC Health Care

Like it or not, Wireless-Craving Millennials are Changing Business

Matt Carter, President-Enterprise Solutions, Sprint

An Insider's View of the Wireless Industry--Past, Present and Future

Mike Vanderwoude, SVP-Wireless Markets, Cincinnati Bell

Eliminating the Risk of Your Wireless Network

Richard Timbol, ISSM/CISO, Davis Polk & Wardwell LLP

Next-Gen Wireless Trends Every CIO Needs to Know

Dr. Derek Peterson, CTO, Boingo Wireless

Rich Communication Services (RCS) are Here - What you Need to Know

Chris Drake, CTO, iconectiv

right

Understanding Network Security

By Mike Holcomb, Director of Information Security, Fluor Corporation

Tweet

Mike Holcomb, Director of Information Security, Fluor Corporation

Find Your Own Vulnerabilities - Before Attackers Do

Networks today are continually evolving landscapes where systems, applications, and the other “things” of IoT can be connected in an instant. While each of these can help an organization realize any number of its business goals, each can include vulnerabilities that provide attackers with a pathway in which to gain access to a company’s systems and data. Often, to help find these vulnerabilities and understand the potential associated impact, organizations can engage outside parties to perform costly vulnerability assessments and penetration tests. While bringing in outside parties to perform these types of security testing does have its place, such as in supporting compliance efforts or obtaining an outside measurement of an organization’s overall security posture, often businesses do not put enough effort into finding and remediating their own vulnerabilities across authorized and unauthorized systems within their own environment.

Attackers Will Eventually Get On Your Network– Limit and Detect Them!

If one of your team members was to fall for a phishing attack and provide an external attacker with access to the internal network, how easily would the attacker be able to find other vulnerabilities to spread their control throughout the environment?

Whether a malicious attacker from the outside or a well-intentioned internal employee circumventing security controls, there is someone on your network at this moment doing something they shouldn’t which presents a real threat to the organization. Vulnerabilities can be exploited in order to gain initial access to the environment and then to spread control to other aspects of the enterprise. By proactively finding and addressing vulnerabilities before an attacker can find and exploit those, organizations limit the ability of hackers to gain access to other systems. At the same time, delaying an attacker’s success provides security teams with the time needed to detect the attackers, remove them from the network before any further damage can be done and prevent the same issue from re-occurring in the future.

"To help find these vulnerabilities and understand the potential associated impact, organizations can engage outside parties to perform costly vulnerability assessments and penetration tests"

Master the Basics of Vulnerability Management – Proactively Perform a Self-Assessment

Even if an organization only performs one task in addressing cybersecurity risk, it should be to put into practice. The basics of vulnerability management which are outlined in the National Institute of Standards and Technology’s SP 800-40 document— Creating a Patch and Vulnerability Management Program.

1. Scan

Start by using an automated vulnerability scanner to perform a vulnerability scan across your known networks, both external and internal. If you haven’t performed vulnerability scan before, conduct a scan without administrative credentials to see exactly what an attacker would—whether they were scanning your external-facing network from the Internet or had gained a foothold on the internal network.

A number of automated vulnerability scanners exist to choose from, including open source, free to use solutions such as OpenVAS and paid versions with more sustainable, enterprise-class solutions from companies such as Tenable, Rapid7, and Qualys.

2. Prioritize

The challenging part of vulnerability management is remediating any discovered vulnerabilities with limited resources. While a scanner can detect vulnerabilities, it’s our team members that have to invest their time and effort in fixing discovered issues. Understanding that the time of our team members is limited, we cannot simply fix everything at one time. To help channel our efforts, organizations should focus on addressing those vulnerabilities that present the highest amount of risk (represented by a vulnerability’s CVSS score) to the organization first, followed by fixing those issues which present the next highest level of risk and so on. While a base CVSS score might not be perfect for your organization’s particular environment, it’s a great place to start and can be very effective in helping companies prioritize their remediation efforts.

3. Remediate

Remediation requires communication between the system owners and those performing vulnerability scans in order to remediate any discovered issues which should be fixed. In certain situations, discovered vulnerabilities might not be fixed at all or resolution could be delayed. If the cost associated with fixing vulnerability outweighs the perceived risk associated with the vulnerability, the business can decide not to fix the issue. In this case, the known risk and the decision not to address it should be documented for future reference.

4. Verify

Once remediation work is completed, any fixed vulnerabilities should be re-tested to ensure it was indeed addressed. Unfortunately, not all remediation work is successful the first time and, if not checked, could still present risk to the environment.

Performing vulnerability management can help organizations greatly strengthen their overall cybersecurity posture by limiting the options hackers have for attacking an organization, while also providing security teams the time needed to detect and defend against such attackers. Make sure to take the time to find your own vulnerabilities and address those that present risk to your organization—before an attacker does.

Read Also

An Insider's View of the Wireless Industry--Past, Present and Future

An Insider's View of the Wireless Industry--Past, Present and Future

Mike Vanderwoude, SVP-Wireless Markets, Cincinnati Bell
Eliminating the Risk of Your Wireless Network

Eliminating the Risk of Your Wireless Network

Richard Timbol, ISSM/CISO, Davis Polk & Wardwell LLP
Next-Gen Wireless Trends Every CIO Needs to Know

Next-Gen Wireless Trends Every CIO Needs to Know

Dr. Derek Peterson, CTO, Boingo Wireless
Rich Communication Services (RCS) are Here - What you Need to Know

Rich Communication Services (RCS) are Here - What you Need to Know

Chris Drake, CTO, iconectiv

Weekly Brief

loading
Top 10 Wireless Technology Solution Companies - 2018

Wireless Technology Special

Featured Vendors

  • VeEX: Testing the Future of Connectivity
    VeEX: Testing the Future of Connectivity
  • NAS Wireless: Turnkey Installations for Defining Success
    NAS Wireless: Turnkey Installations for Defining Success
  • PRYME: Spearheading Tech-Enabled Radio Communications
    PRYME: Spearheading Tech-Enabled Radio Communications
  • Red Lion: Increasing Visibility into Factory Floor
    Red Lion: Increasing Visibility into Factory Floor

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

Copyright © 2021 Embedded Advisor. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.
follow on linkedin follow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

wireless-technology.embeddedadvisor.com/cxoinsights/understanding-network-security-nid-207.html?utm_source=google&utm_campaign=embeddedadvisor_topslider