Two days is all it takes to break into a network

It takes just two days to break into a company’s internal network. In 93 percent of cases, an external attacker can breach an organization’s network perimeter and gain access to local network resources, concludes a study by Positive Technologies.

“In 20 percent of our pentesting projects, customers asked us to check which unacceptable events might be feasible as a result of a cyber-attack. We identified an average of six unacceptable events. According to our customers, events related to the disruption of technology processes and service delivery, as well as the theft of funds and important information represent the greatest danger,” comments Ekaterina Kilyusheva, head of research and analysis at Positive Technologies.

Once an attacker has obtained credentials with domain administrator privileges, they can obtain many more credentials to move laterally through the corporate network and access key computers and servers. According to the study, most organizations do not have network segmentation by business processes, and this allows attackers to develop multiple attack vectors simultaneously.

“To build an effective protection system, it is necessary to understand which unacceptable events are relevant for a given company,” Kilyusheva adds. 

To make it more difficult for an attacker to advance across the corporate network toward target systems, there are a number of interchangeable and complementary measures organizations can take, including separation of business processes, the configuration of security controls, enhanced monitoring, and increasing the attack chain. The choice of which technology solutions to use should be based on the company’s capabilities and infrastructure.

Monitoring the network helps identify breaches

A network monitoring software is mainly used by network administrators. But it is also very useful for security teams. By continuously examining network uptime, availability, and response time, they can identify unusual activities and alert whenever anything suspicious or malicious is detected. For example, it will alert enterprise professionals when an access point goes offline or any suspicious packets are detected, and thus help them keep cybersecurity threats under control.

Comprehensive network monitoring is therefore vital for maintaining network security. It helps to keep a constant eye on firewalls, antivirus software, and backup software and to be warned automatically in case of problems.

Choosing the right network monitoring system makes all the difference in the accuracy of the digital infrastructure’s operation.

Here you have a list of 5 useful network management tools:

  • Manage Engine OPManager – uses intelligent alerts to reduce false positives, eliminating alert fatigue in larger networks. The only downside to this tool is that it is very time consuming to learn. Being a feature-rich tool, it requires time to go through all the aspects and configurations. Also, it integrates well into the ManageEngine ecosystem with its other products.

  • PRTG Network Monitor – PRTG network monitoring software acts as an early warning system against suspicious activity and anomalies in your network traffic. It monitors all IT-related resources that connect to your network, including firewalls, switches, servers, routers, databases, websites, and even USPs. Its configuration is dynamic, so its monitoring capabilities can increase or decrease according to the size of the business or other requirements of your organization. In addition, it offers network recording, which allows you to monitor and check network traffic for unusual behavior. It also helps determine which data and computers are affected by network attacks that have already occurred. By evaluating data files, downtime can be reduced substantially.

  • Tanaza – provides security layers that protect hardware from cyberattacks and allows management of remote access points, networks, and SSIDs. In addition, it can manage thousands of networks and access points in the cloud from different vendors from a single control plane.

  • EventSentry – enables enterprises to monitor the performance of their IP-based devices. Key features include monitoring server health and network performance through log management and compliance. It has a wide range of features such as pulse monitoring, SNMP, and Syslog monitoring. The only drawback is limiting false positives, which sometimes becomes a challenge.

  • SpiceWorks – tracks infrastructure devices such as switches and routers for input/output rate, packets per second, and packet loss. Enables independent limits by system or device.

IT security should be an important consideration when starting any new project – and not just for those responsible for security and data protection. IT administrators and software developers should also always be up-to-date. And while management can pass on specific tasks, they should also keep up to date with all security developments.

By simplifying IT structures and keeping the number of tools you use to a minimum, you will already be doing a lot to prevent potential attacks. All software creates gateways, either alone or when run with other programs. By keeping things simple, you will close off potential gateways and thus prevent hackers from finding a way in. A rule of thumb: the more complex your infrastructure, the more vulnerable your system.

Nowadays, you have to assume that software is defective and that bugs will create gateways. So-called exploits use weak points to gain access to external computers and install malware. These exploits are saved in “exploit kits” and sold to interested parties with convenient user interfaces. As a result, weak points can be “exploited” during attacks with little or no expense.

If you discover a weakness and notice that a patch or update is available, install it as soon as possible, preferably via an automated update distributor that covers all workstations in your company. By doing so, you will minimize the risks posed by software failures, even if these failures cannot be fully eliminated. A company always runs the risk that a hacker will learn about a bug before its software developers do.