Plugging network leaks

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Plugging network security leaks is an essential responsibility for companies, private organizations and technology professionals. Achieving that goal requires discovery tools that scour every asset, including those not currently under management, and also map connectivity between institutions involved with an organization's sensitive information around IT compliance, corporate security, product development, critical infrastructure protection and other relevant issues.

Identifying potential vulnerabilities -- starting with an emphasis on data leak prevention -- is the only effective way to isolate and eliminate threats, which range from the use of malicious software and accidents to coordinated attacks by hackers and cybercriminals. Eliminating these leaks can often mean the difference between safety and massive data breaches, where businesses lose tens of millions of dollars and compromise confidential material.

[ ROUNDUP:The worst data breaches (so far) 

CLEAR CHOICE TEST:How to keep your network in tip-top health]

Again, visibility into every host, node, network connection and form of intellectual property is critical, and most existing options do not provide this level of visibility. Performing an active probe and mapping everything on a network (rather than summarily scanning a range of things which is a more typical approach) provides you with a comprehensive overview of an entire routed infrastructure (including "stealth" assets such as hidden devices that do not respond to queries) so you can easily spot -- and fix -- leaks before they become serious problems.

However, the challenge is twofold: Once you have plugged the leaks, you need to find a service that fills the gap in existing network, security and risk management processes. Meeting this challenge enables IT experts and support staff to balance compliance and change, maintain service and availability, strengthen security and save money.

The benefits of meeting this second challenge are that it validates policies across a company's enterprise, enhancing productivity and minimizing the risks (inadvertent or otherwise) that can weaken an organization. This capability has added urgency with today's mobile workforce, where employees use smartphones and tablets to transmit data, exchange information and connect with multiple networks from remote locations.

Types of discovery

For leak discovery, it is crucial to reveal unauthorized connections between a network and another network, subnet or the Internet, because companies need to know whether access is outbound, inbound or both. Leak discovery highlights unknown connections to other organizations -- like legacy divestiture connectivity -- or to the Internet. Coupled with service discovery, which identifies Web services, wireless access points and IP applications on hosts and devices (including those not owned by a company or its employees), there is now a thorough means of locating forms of data leakage. This type of discovery testing establishes a default set of potentially vulnerable ports, which can be changed or augmented by the user.

Then you need to add device discovery because, as described above, companies and organizations must probe specific devices using techniques that identify the device type, model number, vendor, operating system and version. These devices can be sources of data leakage. Imagine the proverbial road warrior who travels frequently for sales meetings and business conferences -- which require an added layer of security. The same rule applies to perimeter discovery, which probes the hosts on a network to isolate the forwarding traffic out of an entity's network. This benefit will show the hosts that are forwarding traffic, including those hosts forwarding to unknown and possibly undesired IP addresses.

Finally, this solution to plugging data leaks should be lightweight and safe for use on large networks -- even during production hours, operating essentially at the level of network "noise" and using only properly formed packets to elicit benign responses. Intuitive reports and color-coded maps generated by these tools present an impressive overview of the leaks and potential threats confronting a network. Summarizing this information is a good scorecard for businesses to use, a means towards establishing a more secure environment.

Following these steps is a necessary beginning in the effort to eliminate data leaks, backed by proven tools that address the interests of various organizations. Accomplishing that goal should be a top priority.

Read more about lan and wan in Network World's LAN & WAN section.

Join the CSO newsletter!

Error: Please check your email address.

Tags service discoveryleak discoveryrisk managementsecurityperimeter discoverybusiness managementdata leak preventiondevice discoverydiscovery toolsLAN & WANnetwork security

More about LAN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Markulec, president and chief technology officer, Lumeta

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place