Ongoing Vulnerability Detection Vigilance is a Must to Protect Your Network
Over the past several months, NetAlly has posted several blogs discussing methods to lock-down your network and bolster it against hackers via rapid detection of potential vulnerabilities: How to perform a cybersecurity vulnerability assessment, How to detect rogue devices, and How does CyberScope use Nmap for vulnerability scanning? Each offers best practices, general guidelines, and tool recommendations on how to implement an effective enterprise-wide cybersecurity strategy for those who may not be well versed in all the topics. One-item, that brings together everything discussed in these blogs but not highlighted was an overall sharing, collaboration, and reporting platform that offers a single, easy-to-use interface to accomplish this. Link-Live™, a license-free platform that comes with all our testers, is that tool providing ways to make vulnerability scanning straight forward for everyone. In this blog, we’ll show how if you are not an expert in vulnerability scanning, you can still materially contribute to protecting the network using Link-Live.
Everyone Needs to be Concerned About Network Vulnerabilities
Regardless of your IT role, it’s all hands-on deck when it comes to securing your network and endpoints. This is true even if you are a neophyte with many of the concepts associated with finding vulnerabilities—this is often the case for those on the networking team. If you are such an individual, your knowledge of the infrastructure can provide valuable insight and situational awareness into the security posture with just a bit of help with a standard process, easy workflow, and basic vulnerability scanning knowledge.
So, where would this perspective fit in the larger security ecosystem? Let’s first define the two broad categories of solutions. On the networking side, there are numerous solutions on the market to help here: firewalls, intrusion detection and prevention systems (IDS/IPS), virtual private networks (VPNs), and network access control (NAC), among others. Likewise for endpoints, tools include antivirus/anti-malware, endpoint detection and response (EDR), application control, and patch management.
Visibility, especially at the edge network is often—either because of budget constraints or technological limitations—impaired. Periodic and ongoing network discovery with integrated vulnerability scanning by those responsible for network management can be helpful here. The catch is vulnerability scanning itself. Nmap commands and NSE scripting can be complex for those starting out but there is a way to eliminate this obstacle.
The Criticality of Documented Processes
If you’re responsible for network management, you know the environment is dynamic with ongoing changes to the infrastructure, segmentation, and provisioning; never mind the constant churn of endpoints. In this world, it’s crucial for vulnerability detection that defined processes are clearly articulated and more importantly followed.
Top Four Benefits:
- New hires and training of staff – “Institutional knowledge” is well and good for veteran team members to possess but doesn’t help new team members unless it is shared across the organization. Documenting processes facilitate this transfer of years of knowledge.
- Team communication and collaboration – The ability of team members to share and learn from one another is critical, in particular when it’s a simple method to reduce stress and improve the moral of frequently overworked staff. It also aids in ensuring processes and workflows are fully implemented and can scale as the network infrastructure grows.
- Standardization with consistent workflows – Repeatability is the key, and a breeze with uniform workflows, ensuring identical tasks are completed the same which minimizes the likelihood of errors and oversights. These two items are crucial for cybersecurity. A simple easy to solve vulnerability such as an unauthorized port open—for example—can easily expose the network to hackers if not quickly detected and fixed. Standardization is also a boon for team efficiency and productivity enabling the group to run at peak performance while also serving as a path to automation initiatives. Here too, continuous improvement and group optimization can become an ongoing and beneficial aspect of these initiatives while also aiding in implementing best practices.
- Documentation, Accountability and Compliance – These are very important follow-up activities when it comes to vulnerability scanning. Being able to capture for reference later and/or when reporting status to upper management starts with records of what was done and when it was completed. For cybersecurity there are invariably industry frameworks, legal requirements (and exposure) as well as organizational policies that must be adhered to and when required evidence to support actions. In all these examples, documentation is key.
Bridging the Knowledge Gaps Between Network and Security Teams
One of the best ways to ensure peak security defenses is by enabling cybersecurity and networks teams to work more closely. A good first step is to bridge the gaps in knowledge between them and the siloing of key data. Depending on the business, there may be little or considerable distance to overcome. Setting aside larger, organizational structural changes, there are smaller actions that can make a big, positive difference.
Examples of these developing common metrics and goals. The list is endless but could include incident response time, network performance, or downtime. Defining acceptable values for these metrics, which can be made more stringent over time is a great way to foster cooperation and improve overall IT health.
Another is common tools or dashboards accessible to both teams. With everyone looking at the same data, it is much easier to see current health and potential areas of deviation that may suggest an issue. Finally, sharing documentation and some of the underlying expertise can certainly improve overall network health and security posture.
How Link-Live Can Help
Based on the blog discussion so far, Link-Live can be a great first, shared go-to tool for the network and security teams by making vulnerability scanning with Nmap commands and Nmap Scripting Engine (NSE) files easy for all. Once everyone has a login collaboration, sharing, and reporting is a breeze. Beyond the recently announced dashboard-based analysis console available for review in this video, there are multiple ways Link-Live (in conjunction with CyberScope) can help.
First, by streamlining the management of Nmap resources including the ability to quickly disseminate and share exact version files. Ensuring identical Nmap execution (and the comparing of results) is a must for consistency, and it begins with using the same commands running on CyberScope via distribution from Link-Live.
Using Link-Live, a single internal or external expert can generate Nmap commands or scripts locally to address the specific needs of the organization. Once created, they can be uploaded to Link-Live and then “pushed” to CyberScope for use across the entire organization to staff that may or may not have in-depth understanding of Nmap. Here’s a great webinar from industry expert Chris Greer on how easy it is to run Nmap on CyberScope.
Once vulnerability scanning is completed and results from CyberScope are uploaded to Link-Live it’s a simple process to quickly view Nmap output. Link-Live Discovery Analysis console now includes an Nmap view along with summary, tabular, and topology map. These four views offer an outstanding, combined network and cybersecurity perspective that is useful for both teams to review, thereby facilitating a more holistic viewpoint.
Selecting the Nmap tab yields results tied directly to the Nmap output. Let’s filter on “errors”, which immediately shows a summary of vulnerabilities with the highest alert status that need addressing.
Click on the switch highlighted provides more detailed information on the Terrapin SSH vulnerability:
If required, a team member can view the actual Nmap output as well.
In Summary
Everyone needs to help with cybersecurity. Breaking down the possible barriers between network and security teams is one of many effective steps that can facilitate this. Among the many things that need to be addressed is proper documents and bridging the knowledge gaps between teams. One small, relatively simple way to achieve this is via tools like Link-Live that makes the process easy. With its integration of network and vulnerability data in one, clear console security and network teams can quickly begin building productive interactions that improve cybersecurity health and reduce exposure to undetected vulnerabilities.