Passive scanning crucial to containing BYOD security risk: Tenable

Organisations adopting bring your own device (BYOD) policies and cloud-computing apps should introduce passive scanning of mobile device traffic to identify malware rather than trying to actively scan the devices, a security architect has advised.

Maintaining an effective security perimeter requires assessment of the normal ‘trust relationships’ between network elements – and the ability to monitor ongoing network traffic for changes in those relationships – Tenable Network Security principal architect Dick Bussiere told CSO Australia.

In a mobile context, that means watching the traffic flowing to and from devices to look out for telltale signs of malicious activity. “If you ever try to scan an iPhone using an active scanner, you’re not going to see anything,” Bussiere explained. “However, you can determine what apps are being used on it just by watching the traffic being generated. You can learn a lot by just watching traffic.”

Increasing volumes of monitoring traffic, however, introduces the additional challenge of data proliferation. The solution, in Tenable’s case at least, has been to develop a many-to-one software architecture in which many instances of the company’s Nessus passive scanners are linked to a central monitoring database.

“If you are trying to use manual processes to maintain and completely understand your position from a vulnerability perspective, you cannot keep up any more,” Bussiere explained. “Collecting the data, and putting it into a searchable and query-able database where you can apply big-data principles to vulnerability analysis, allows you to learn certain things about your vulnerability position in a very reasonable time.

A separate log correlation engine also brings in conventional logs from servers and network equipment, adding further information that can be used to spot anomalies. This would, for example, make it easy to spot an external hacker attempting a brute-force password attack on a large number of company servers.

It’s important, Bussiere added, to ensure that analysis efforts mirror the business structure – for example, by grouping devices by owner in a way “that allows you to break the problem up into multiple segments to make it easier to solve.”

This particularly applies to BYOD models, where large numbers of devices will be deployed based on trust relationships not only with the corporate network, but with other devices including virtual servers and Web-based cloud applications.

This shift in application delivery may help ameliorate the inherent risk from mobile devices themselves, but it increases the burden on security administrators to extend their surveillance efforts to online environments. The key here, Bussiere warned, is constant monitoring and early action against any anomalies.

“The move to Web applications might help a bit on the client side, since you don’t have as many apps to worry about on the client side,” he explained. “But keep in mind that the browser is a very big vulnerability all the time. [Web app models] put a lot more pressure on the server side, and require a lot more diligence on the server side. You have a lot more to lose if that single application-based thing goes down.”

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about CSOTenable Network Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts