Distributed Enterprise: How to Measure Security Risks

In the past, enterprise networks rarely spread outside the corporate office. Securing such networks was easy. A combination of firewall, intrusion protection systems and anti-malware suites did the trick. But today’s networks spread out. Many enterprises have branches and global capability centers in different geographies. Outsourcing expands the concept of the distributed enterprise. Post COVID-19, work-from-home has increased remote access to the corporate network. With IoT, thousands of endpoints connect to the enterprise network from distant installations. Many of these IoT things are vulnerable. Today’s distributed enterprise runs on hundreds of hosts and different operating systems.

Side-by-side, cyber vulnerabilities keep on growing. CERT reports about a hundred new security vulnerabilities each week. Managing security becomes impossible using conventional methods.

Cyber attackers launch multi-step and multi-host attacks that penetrate the network incrementally. They may target distributed nodes, gain backdoor entry to the enterprise servers, and subvert the system. The 2019 breach on Checker’s, the popular US drive-through restaurant chain, is a case in point. Cybercriminals slipped in point-of-sale malware that collected customer card numbers and verification codes.

1. Deploy next-generation firewalls

Next-generation firewalls are the essential arsenal in cyber defenses for distributed enterprises. These firewalls offer a host of advanced features, such as

Geolocation capabilities, with the ability to link IP addresses with physical locations.
Checking web-proxy and URL to detect hidden malware.
Reverse-proxy, to safeguard the network identity from attackers.
Sandboxing to isolate and check suspicious traffic.

These firewalls work across the network and offer prompt alerts. Security teams take real-time countermeasures, such as shutting down the affected nodes.

2. Automate security

Today’s enterprises continue to grow in size and complexity. It is impossible to configure the spread out network and all its components manually to meet the security requirements. Automated policy enforcement ensures all devices maintain the same baseline security level. Each network node has the same consistent level of security protocols.

Some of the significant causes of vulnerabilities include:

Leaving the default configurations in place when installing software components.

Not configuring firewall rules to regulate access only to whitelisted users.

Delay in installing application patch updates.

Negligent actions of remote users. For instance, users who experience slow-load cloud platforms may disable endpoint security software.

Network security is often a speed game between the IT team and cyber security. Effective security depends on patching vulnerabilities before discovery by cyber criminals.

The latest automated suites detect and remediate user configuration changes, preventing compliance drift. Timely action preempts phishing attacks and malware intrusion. Regular vulnerability scans and updates keep applications up to date with the latest security patches.

Automation also allows easy scale-up. On adding more locations, the firewalls detect and configure new security software.

3. Centralized network management

The spread-out nature of distributed enterprises mandates a centralized security solution. Most legacy endpoint security and management solutions do not support remote endpoints at the scale needed now. Also, cyber criminals may hack conventional VPS using stolen credentials and session hijacking. Side-by-side, giving privileged access to contractors and other third-party entities risks compromising credentials.

Many enterprises take the shortcut of deploying piece-meal tools. They end up with separate tools at different endpoints. The result is the opaqueness of the network, with cybercriminals slipping through the gaps.

Invest in an integrated platform that offers:

Integrated views of all endpoints, including users and applications in the network, at any point.

User-friendly visualizations for situational awareness. Advanced visualizations provide interactive multi-resolution views. Analysts may drill down to the specific details for any component or node.

Automated flagging and blocking of harmful content and other potential threats.

Proactive management and control of vendor credentials. Eliminate or limit shared accounts, and enforce onboarding.

Access control. Apply the principles of least privileges and whitelisting to restrict access. Use privileged access management tools to limit access to vendors and remote workers on a need-basis. Apply physical or logical network segmentation to restrict unapproved protocols. Direct approved sessions to a predefined route.

4. Deploy advanced network monitoring tools

Network scanning enables real-time monitoring and pre-empts attacks. Intrusion detection systems and event logs detect threats such as DDoS attacks. Real-time remediation tools identify and isolate unprotected devices when a breach occurs. The tool makes fixes to foil the attack without disrupting front end tasks.

Today’s advanced network monitoring tools identify vulnerabilities in real-time. These tools also collect periodic configuration information to detect any unauthorized changes. Extends these scans to:

Third-party vendor connections, to identify the source, the contents of the connection, and users who have access to such nodes.
External-facing hosts, to identify the services and the inbound connections they host.

Today’s complex networks need a proactive approach toward network monitoring. A technique growing in popularity is cyber War games. Cyberwar games involve interactive exercises related to simulated incidents. The exercise unearths what works, what does not work, and how to improve the response.

5. Secure the data

Distributed enterprises have more data in transit, and as such, face enhanced risks. They face breaches of their servers at many locations, and data theft in transit.

The solution is to embed a layer of security in the data layer.

Build security upfront in products and services. Embed security in the design of the product or service.
Implement preventative and detective data protection capabilities at the data layer. For instance, implement digital rights management (DRM) to protect intellectual property. Enforce robust data access governance.
Reduce the value of sensitive data. Encrypt or obfuscate the data to render it useless even if stolen. Destroy sensitive data when no longer necessary for legitimate legal or business purposes.

6. Get governance and administration right

Traditional cyber responses involve assessing the validity of technology controls and incident response plans. Today’s distributed enterprise settings require a broader approach.

But 82% of consumer businesses have not tested cyber response plans involving business stakeholders. About 29% of businesses do not have role clarity on what individual stakeholders should do during an actual cyber breach.

Effective security in distributed enterprises requires:

Setting up cross-functional teams. Establishing a cross-functional committee dedicated to cyber risk. Include the C-suite, functional managers, and other stakeholders in the team. Also, have a dedicated technical team monitor security threats, protect sensitive assets, and respond to breaches in real-time.
Empowering end-users. Empower end-users to control the flow of information. This makes them more accountable for protecting the data.
Ensuring role clarity. When entering into outsourcing that involves sharing data and accessing the corporate network, clarify the role of both parties regarding data ownership and the actions in the event of a breach. Train employees, especially remote employees, on cyber risks and safe browsing habits.
Best practice benchmarking. Assess the security standards and best practices of vendors, outsourcing agents and other external entities with access to the network.
Application of uniform and consistent rules. Mandate third-party vendors, remote employees, and other external users to adopt the same cyber security standards as the main office. At the very least, ensure up-to-date patching and vulnerability scanning of external entities that connect to the network regularly.
Getting the basics right. Old-school data protection hygiene still applies. Apply encryption and other protection to data in transit. Do background checks to identity-proof third-party individuals accessing systems.

As a policy, consider the value addition brought by any new functionality. Ideally, the value addition should outweigh the cost of securing the feature. Otherwise, the C-suite appetite for cyber security measures may fall short of the required investment.

Here are four ways to align governance without affecting security.

Cyber security has become critical for the survival of distributed enterprises. A bad experience at any location, because of cyber-incidents, erodes brand and consumer trust.

Christopher Khor

Christopher provides technology insight as well as advising & coaching services to IT Professionals. He is also an Adjunct Teaching Mentor with SMU Business School. He graduated with an MBA as well as MSc(Computer Science) and has over 30 years of working experience, serving in critical roles such as IT Director and CIO positions. He believes in the power of relationship building and people development through mentoring and coaching organizational success.