ITAM and Network Security
On May 2017, several NHS hospitals were forced to turn away patients due to a massive ransomware cyber attack known as WannaCry. That attack crippled various critical equipment, including computers, MRI scanners, blood-storage refrigerators, and even theatre equipment, thereby endangering people’s lives.
Although not all cyber attacks are as life-threatening as this, many of them can be quite costly. According to a report released by the Department of Culture, Media, and Sport (DCMS), the average cost per attack currently stands at £1,570. That amount is multiplied more than tenfold (actually about £19,600) for large companies. The same DCMS report also revealed that nearly 50% of UK businesses experienced an attack in 2016.
We all know cyber attacks can be mitigated by implementing strong network security. What most of us don’t know is that IT asset management or ITAM can actually play a critical role in enhancing that security. In this post, we explain how.
How to secure an IT network
Let’s start by discussing some of common best practices businesses typically employ to secure their IT networks.
Implement a strict patch management policy
Ransomware attacks are not only deadly. They’re also on the rise. But if there’s one bright spot in all this, it’s that most of these attacks can actually be prevented. In the case of WannaCry, that massive attack could have been avoided had the NHS hospitals adhered to a strict patch management policy.
The WannaCry ransomware, which was able to rapidly propagate by exploiting a vulnerability in the Windows SMB protocol, didn’t attack just any computer system. Rather, it specifically targeted unpatched Windows endpoints. As soon as the victims started applying the patch Microsoft released to address the vulnerability, the rate of the attacks slowed down considerably.
Actually, the patches in question, except for those meant for older Windows versions like Windows XP and Windows Server 2003, were already released 2 months before the attack. We worry so much about zero-day vulnerabilities but, in reality, majority of the exploit scripts out there still target known vulnerabilities – many of which already have patches just waiting to be downloaded and installed.
So, if only organisations have a way of detecting systems that already need patching and promptly apply available patches as soon as such systems are discovered, attacks like this could be avoided.
Reduce the attack surface
Cyber criminals take advantage of various network vulnerabilities to attack corporate networks. Interestingly, many of these vulnerabilities belong to network elements that have no use or are being used without expressed permission of the IT department (a.k.a. Shadow IT).
For instance, some machines may have FTP, Telnet, SMBv1 or other insecure network services that have been enabled but with no official function. Many of these insecure protocols are often exploited by hackers to gain a foothold into your network, extract sensitive data, or infect other systems. SMBv1, for example, was exploited by WannaCry to spread to other systems.
Knowing when and where unofficial ports, applications, and services are running on the network can help you reduce your attack surface. Once these vulnerabilities are detected, you can promptly disable them or, if they’re being used for work (albeit unofficially), you can perhaps recommend a more secure option (e.g SFTP instead of plain FTP).
Enforce the principle of least privilege
The principle of least privilege is a basic information security concept that promotes restricted access to certain data, applications, and network components to only those personnel (and other systems) who really require the privilege in order to perform their jobs or functions.
For example, while everyone can be granted administrative rights to a server, it’s not necessary. A regular office staff can perform his/her duties without being granted admin privileges to the file transfer server. If everyone is granted admin privileges, those privileges can be easily abused. It’s therefore imperative that all employees are only granted the least amount of privileges necessary by default. If additional privileges are needed for a given project, then those additional privileges can be granted on an ad hoc basis.
Manage hardware disposal
Once laptops, desktops, smartphones, tablets, servers, and other similar devices become obsolete or unusable, they shouldn’t be disposed just like other pieces of equipment. These devices likely have sensitive data such as personally identifiable information, trade secrets, financial information, etc., that need to be handled properly. Otherwise, they could fall into the wrong hands and result in a data breach.
In order to avoid unauthorised access to sensitive data in both built-in and external storage devices once those devices have already been disposed, it’s important to streamline your hardware disposal processes. These storage devices should be wiped clean to ensure that previously stored data is completely irretrievable.
Implement business continuity and disaster recovery
As the third element of the CIA (confidentiality, integrity, and availability) triad, availability is a vital cornerstone of any network security program. In order for businesses to constantly meet the demands of their customers and other stakeholders, their services and data must be available when needed.
But what if a power interruption or, worse, natural calamity renders services and data unavailable? That’s why organisations engage in business continuity/disaster recovery (BCDR) planning. BCDR plans enable businesses to prepare for unplanned downtimes and bringing their processes back into operation as soon as possible.
How IT Asset Management can aid in network security
Now that we know some of the basic network security best practices, how does IT asset management fit in all this? Let’s talk about that now.
Identifies unpatched software
Some ITAM solutions have built-in features that scan networks for software that are already due for patching. Once the vulnerable programs are found, you would normally have the option to either execute automated patching or carry out the patches automatically.
One important benefit of performing patch management through these ITAM solutions is that the patching activities are properly documented. This ensures that all pertinent information is always updated and readily available for future reference. By leveraging ITAM solutions, you can eliminate threats that take advantage of unpatched software.
Detects duplicate, insecure and rogue assets to reduce your attack surface
Most automated software asset management scans can detect the type of services running on a particular system. This can be particularly useful for discovering rogue insecure network protocols like FTP or Telnet, which may have been installed by default, through shadow IT, or in support of a previous project.
These automated scans can also help you identify assets that are exactly the same or have duplicate functions. Once you’ve identified assets that are unnecessarily redundant (I say ‘unnecessarily’ because some assets need to be redundant for high availability purposes), you can then disable those that aren’t needed in order to reduce your attack surface.
Restricts user privileges
ITAM provides you comprehensive visibility on your IT assets. Not only will you know what hardware and software you have, you will also know who has access (as well as the level of the access privilege) to what. Some ITAM solutions even have the capability to enforce certain restrictions on software, hardware, and data.
These visibility and restriction-enabling functions can streamline implementation of RBAC or role-based access control – a commonly used method for implementing the principle of least privilege. In addition, that visibility on user privileges will allow you to see if people no longer connected to your organisation are still able to access your IT assets, and enable you to take appropriate action.
Mitigates risks associated with hardware disposal
A complete hardware asset management program manages each hardware asset throughout its entire life cycle, from acquisition to disposal. ITAM hardware disposal already includes data wiping or destruction, thereby eliminating the risk of data leaks from disposed hardware.
Before members of the BCDR team can architect an effective BCDR plan, they need to know a lot of information regarding the company’s IT assets, like:
● Where specific assets are located;
● How assets are related with one another;
● How each asset is configured;
● How much each asset costs;
● Where business-critical data are stored;
● And so on.
All this information can be factored into the BCDR plan in aid of prioritisation and other decision-making exercises.
In order for cyber security professionals to be effective and efficient in thwarting cyber attacks, they need to make informed decisions. In addition to threat intelligence, they also need to know which systems require patching, run insecure software, allow unauthorized access, and so on. A lot of this information can be obtained from IT asset management systems.
ITAM is not only for supporting strategic decision making. It can also complement various network security risk mitigation plans.