As one half of the illusive 3.0 solution, Attacker View™ gives companies an opportunity to see their unique vulnerabilities to information security threats. This provides an advantage that most organizations have yet to benefit from in the cybersecurity context.
In the early days of Attacker View™ deployments, we’re seeing 2 main types of customer benefits: network operations risks discovered and security risks/attack vectors discovered.
Here are the top 5 network security vulnerabilities Attacker View™ has uncovered:
1. Unexpected Networking Connections
One leading telecommunications provider found some troubling connections throughout its network using the Attacker View™ map.
A particularly interesting discovery was an improper implementation of VLAN segmentation. The CISO believed his team had separated all VLANs within the network, but discovered that machines with two NICs often connected to two different VLANs.
These connections created bridges between the VLANs which attackers could use to advance a data breach, which resulted in a high-risk scenario that the CISO had to fix immediately.
2. File Sharing Is a Bigger Problem than Expected
With 39% of corporate data uploaded to the cloud coming from file sharing, it’s clear that companies should find more ways to make sharing secure. In fact, Attacker View™ showed one global manufacturing company just how troublesome file sharing can be.
There are certain files that are built to be shared and which users across the entire organization have access to. The real network security vulnerabilities appear in the shared files with low connectivity.
For example, the global manufacturing company had a file that contained the RSA keys for all certificate-encrypted information for the entire business. The problem was that the Attacker View™ map showed 15 people with access to this file — 15 people whose access could be exploited, allowing attackers to steal any and all company data.
The global manufacturing company dropped everything to solve this issue, but it may have never noticed the file sharing oversight without the visibility offered by Attacker View™.
3. Unknown Attack Paths
CISOs know that attackers move laterally within the network to advance their data breaches. However, the actual attack paths have long been a mystery –a problem that Attacker View™ was originally designed to solve.
A global manufacturing company was able to use the Attacker View™ map to see the different machines that users had logged into. The map also showed the attack paths drawn from machine to machine, and helped the company understand exactly how attackers could take one set of credentials and move laterally towards their target.
With this information in mind, the global manufacturing company can take steps to secure these vulnerable attack paths, such as deploying a customized deceptions strategy.
4. Hidden Domain Administrators
Domain administrators have the power to access every aspect of the network, which is why they are an attacker’s favorite target to exploit.
While companies believe they know exactly who has domain administrator access, there are often hidden permissions they weren’t aware existed.
One particular law firm used Attacker View™ to identify all of the domain admin credentials on machines throughout its network. While it’s normal to have domain admins on multiple machines, the firm found that over 10% of the hosts had domain admins detected on them.
This issue required immediate attention, given that 10% domain admin detection means attackers have a far greater chance of unlocking total network control during a breach.
5. Mismanagement by Third-Party Vendors
While many network security vulnerabilities related to file sharing originate from employee misuse, there are times when 3rd-party vendors cause unexpected problems.
One large financial institution hired a penetration testing team to help uncover potential network security vulnerabilities. Attacker View™ found that a shared connection between an endpoint server and the Active Directory server originated from the pen test team.
Having a vulnerable connection directly tied to the Active Directory is a major issue, and the CISO had to contact the pen test team to have them immediately cut it off.
Hiring third-party security consultants is common, but Attacker View™ can provide a level of visibility that helps you reduce your reliance on external professionals.
Attacker View™ Provides Immediate Value
As cyber attackers prove to be increasingly capable of bypassing common security measures, it can be difficult to measure the ROI of your security strategy.
However, by using Attacker View™ to identify specific network security vulnerabilities, you can see immediate value and implement a customized Deceptions Everywhere® approach to mitigate previously unknown issues.
If you’re looking for more insight on security vulnerability, join us at the Gartner Risk and Security Management Summit in Maryland on June 13th-16th. Don’t miss out on the keynote from Hanan Levin, VP of Product, who will present post-deception deployment findings from recent case studies on June 16th at 9:15am in Room Maryland B.
Recommended reading for you:
Subscribe to the Proofpoint Blog