Published on April 29th, 2020 📆 | 4498 Views ⚑
0With more staff working remotely network intelligence is vital, online conference told
With more people working from home due to the COVID-19 crisis, network intelligence is more vital than ever, a Microsoft security researcher told an online conference for infosec pros.
âAttackers thrive on chaos, and thereâs no more chaotic time on the internet than right now,â Nate Warfield said Tuesday on the first day of Kaspersky Labsâ webcast Security Analyst Summit.
âYour network perimeter has changed, and itâs likely to have changed for the foreseeable future and possibly forever. The new normal may be the majority of our workforce is working remotely.â
Those workers have vulnerable devices like unpatched computers and routers, and poorly-protected connected devices ranging from smart TVs to refrigerators.
âAttackers know this ⌠and theyâre going to go after your home users to try to back-channel into your corporate network.
âTheyâll find the low-hanging fruit â and a lot of it isnât just low-hanging, itâs lying rotting on the ground. Itâs compost. And itâs important you get rid of it. Itâs important you assess your network regularly. Attackers are doing this already.â
You donât need to port scan your whole network, he said. Free search tools like IoT search engine Shodan and honeypot network BinaryEdge already do that. âAll you need to do is do the right search, ask the right questions to get the right answers from the services out there.â
Warfield is particularly enthusiastic about the potential for a service called GreyNoise Intelligence â which has a free version â that scans for âthings that are spraying the internet with trafficâ like botnets, brute force attacks and port scans.
GreyNoise can be used in a number of ways, he said. For example, an analyst can take a suspicious IP address identified by the service and do a Shodan search. If the source device has a vulnerability that that may suggest it has been hacked and repurposed into a brute force scanner.
The command-line version of GreyNoise has a tool to analyze any log file with IP addresses (like VPN logs) to find suspicious activity from employee devices.
GreyNoise and Shodan can be set up for alerts, Warfield added. (For example, give GreyNoise your networkâs IP range and it will warn if malicious traffic coming out if it. Similarly, Shodan can tell if a service in your network has just been turned on.)
Looking ahead
Warfield was one of several presenters on the first of the free three-day webcasts. At one point 2,000 people had logged in.
Several Kaspersky analysts spoke about vulnerabilities they detected. Another was Sounil Yu, CISO in residence at YL Ventures, a U.S.-Israeli firm that funds cybersecurity entrepreneurs, who painted an optimistic picture for the future of infosec pros after the pandemic crisis eases.
Cloud computing and security led the post-COVID spending priorities of CIOs according to one survey heâs seen. âIâm bullish on security spending,â he said. Few infosec pros have lost their jobs during the crisis, he believes, and that relative stability could make it a draw to the profession.
Asked if the crisis will in some way help resolve the cybersecurity talent shortage, Yu sidestepped it with this analogy: Pets are like data: We protect them, take them to veterinarians when vulnerable. But apparently there arenât enough vets. Which begs the question do we have too many pets or not enough cyber veterinarians âI would argue the bigger issue is do we have too many pets? One of the things I hope for in the digital transformation is that we shoot a lot of pets. If we do that the workforce shortage we have today could potentially be addressed, perhaps even more than if we hired a bunch of veterinarians.â
Kaspersky still hopes to host its annual Security Analysts Conference in Barcelona in November.
Related Download
Sponsor: CanadianCIO
Cybersecurity Conversations with your Board â A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now
Gloss