Do you lose sleep thinking about possible vulnerabilities in your organization’s IT infrastructures? You aren’t alone if you do. According to a survey of 200 security professionals at the 2017 RSA Conference, 80 percent of them were more concerned about digital security in 2017 than they had been in 2016. The top three concerns reported at the conference were: 1) intellectual property theft, 2) reputational harm, and 3) legal trouble.
Analyzing Common Weak Points in IT Infrastructures
Let’s look at a few of the commonly overlooked network security vulnerabilities that IT teams should address:
1. Firewall Misconfigurations
IT research firm Gartner estimated that through the end of this decade, 99 percent of network firewall breaches would be caused by misconfigurations rather than inherent flaws. There are a lot of possible mistakes that can be made with firewalls, ranging from the omission of a single character when establishing their parameters to a lack of scrutiny of their log outputs for your security devices. Despite the many ways in which something can go wrong here, the result is typically the same: The network is left exposed to traffic that can skirt your firewall rules.
2. Insufficient Encryption Requirements
This issue is particularly problematic with mobile devices, although it can also affect assets such as laptops that may be in use from remote sites and not protected with a virtual private network or full-disk encryption. Login credentials contained in emails, passwords stored in web browsers, and VPN connections may all be cached on one of these devices, and as such would be vulnerable to theft. Requiring data encryption is an important step in supporting any bring-your-own-device initiative.
3. Out-Of-Date and Unpatched Applications and Devices
Effective patch management is crucial for closing the exploits in widely used software and firmware. Patches from vendors such as Adobe and Microsoft are routine, so much that the latter became famous for its Patch Tuesday updates. However, patches are not consistently or expeditiously applied. The 2016 Internet Security Threat Report from Symantec revealed that 75 percent of websites had unpatched vulnerabilities, demonstrating the struggles that admins often have in keeping everything up-to-date.
4. Difficulties in Endpoint Segmentation
For ideal network security, endpoints should be segmented into security groups based on rich contextual information about them. This approach helps stop the lateral movement of threats across the corporate network. There are some common obstacles on this front, though, such as relying too heavily on IP addresses or having to set up a VLAN. Newer solutions such as Cisco TrustSec provide software-defined segmentation that is more convenient than the VLAN route. TrustSec segments devices without requiring a complete overhaul of your network. It is also an open architecture compatible with the Internet Engineering Task Force and Opendaylight.
Protect Your Network With IT Security Solutions
Left unaddressed, these vulnerabilities can pave the way for a costly data breach. Your company could be on the hook for hundreds of thousands, or even millions, in lost business and other damages if a threat successfully spreads through your IT infrastructures.
The good news is that you can rely on LaSalle Solutions to provide expert guidance and technical solutions for your network. Our consultants will work closely with your teams to understand key business drivers and other organizational requirements, so that you ultimately get a security offering that is an ideal fit for your company. Learn more today on our security page to get started.