BrandPost: Three Types of Risky Communications You Should Watch Out For

Three Types of Risky Communications You Should Watch Out For | CSO Online

try {
threshold : 0, // You can set threshold on how close to the edge ad should come before it is loaded. Default is 0 (when it is visible).
forceLoad : false, // Ad is loaded even if not visible. Default is false.
onLoad : false, // Callback function on call ad loading
onComplete : false, // Callback function when load is loaded
timeout : 1500, // Timeout ad load
debug : false, // For debug use : draw colors border depends on load status
xray : false // For debug use : display a complete page view with ad placements
}) ;
catch (exception){
console.log(“error loading lazyload_ad ” + exception);

How do you know who your Internet Assets are talking to? If you don’t have visibility into risky communications your assets and employees are engaging in, you can’t secure your network and your data. Subsidiaries and strategic suppliers only make this more complicated, because while you don’t generally have direct visibility into their networks, risky behavior can still negatively affect your security posture.

Expanse has developed a new way to approach these problems. We partner with global Internet service providers to join observed Internet traffic data associated with our customers’ network activity with our active sensing data. This gives us a unique, birds’-eye view into the prevalence of certain risky network communications problems. These behaviors have a significant impact on organizations’ security postures.

While every network is different, there are specific categories of network activity that negatively affect your security posture and can precipitate a breach. These categories are:

  1. Risky Anonymization Services

Tor is well-known and popular for certain legitimate uses. But it’s probably not something you want on your network because it is often used by malware or for purposes that violate most organizations’ Acceptable Use Policies.

Similar to Tor, there are also commercial VPN anonymization services that disguise a user’s real IP (and thus their identity). While these services are used less frequently by malware, they still pose a risk because they help employees hide the websites they’re visiting from supervision, and the content on those sites from analysis. This means they could bypass your security controls without you knowing.

Anonymization services make it too easy for employees to operate outside of your security controls and are too easily compromised by malicious actors to be something you want on your network.

  1. Anomalous Server Behavior

Clients are human and behave unpredictably. Servers, however, are predictable. They are typically expected to accept inbound connections from the public Internet on certain ports/protocols. Anomalous server behavior should be a clue that something is off.

Deviations from a server’s usual profile can include things like making a lot of outbound connections or connections to unusual ports/protocols. This could indicate a breach or an attempted breach.

Even if no breach has occurred, servers behaving in an anomalous way indicate poor security hygiene that could set you up for a breach in the future.

  1. Cryptocurrency Mining

Cryptocurrency mining consumes a lot of power. It can also be considered theft or misuse of corporate resources for personal enrichment. Because some malware performs cryptocurrency mining, it could also be an indication of a breach itself.

Overall, cryptocurrency mining indicates a lack of control over corporate resources and poor visibility into the corporate network. And if you don’t have full visibility into your network, you can’t be certain of your cybersecurity posture.

It’s critical to be able to detect the communications we discussed above — anonymization services, anomalous server behavior, and cryptocurrency mining — as well as other behaviors like communications to OFAC countries or the use of risky peer-to-peer sharing services. Only with planetary-scale discovery and monitoring of all of your Internet Assets and their communications can you be sure that no risky communications behaviors are taking place on your network.

Follow everything from CSO Online

Copyright © 2019 IDG Communications, Inc.

CSO provides news, analysis and research on security and risk management

Related posts

Leave a Reply

%d bloggers like this: