No organization is an island; everyone has security dependencies on business partners and with the momentum of outsourcing, integrated supply chains and cloud, the increase of third-party risk is accelerating. This interdependency of business relationships means that almost all enterprises share highly sensitive data with entities whose security they do not control. A compromise of any of these entities could cause significant problems for anyone interacting with them.
Many organizations are therefore scrutinizing new business partners as part of their vendor management process in the form of long survey forms about the candidate’s cyber security practices. This is a good start but it’s only a start and at the end of the day decisions about business partners is seldom influenced by the contents of such surveys.
What can cyber security teams do at the technical level to mitigate the risk of 3rd parties? To answer that question, we must start with understanding the relationship with the 3rd party.
- What access does the 3rd party have to our networks whether in the cloud or on-prem and how is authentication and access managed?
- Identify and describe the information flows in terms of direction, content, and security controls
- Scrutinize email-based information sharing between the organization and the 3rd party in terms of trust, content, and initiation of human based operations at either end
- Identify all business processes that result in copies of sensitive data in the hands of the 3rd party and out of your organization’s control
Sometimes you can do a lot and unfortunately sometimes you can do very little – at a technical level – to protect information shared with 3rd parties. But you need to know. Once you understand the relationship from both a business and technical perspective, not only does your level of risk become clearer – more importantly, you can assess how much or how little you can do from your end with technical controls to protect your interests.
In this real training for free event, I will help you assess 3rd party risks and identify the best technical controls for mitigating them, such as:
- Eliminating or reducing copies of data
- Masking PII
- Dynamic access control based on real-time risk
- Leveraging the dark web
- Modern password risk management
- Detection of attacker infrastructure
Detection of attacker infrastructure is one of the most exciting and widely applicable ways to mitigate this risk. Being able to recognize attacker infrastructure like domain names, certificates, IP addresses and the servers behind them, is a powerful weapon for protecting your information and disrupting attacks while the threat actor is just getting started, and that is where Tim Helming from our sponsor, DomainTools comes in. Tim will take over and zero in on how almost all attacks today require the adversary to deploy infrastructure prior to the actual attack. The actual use of the infrastructure can take different forms:
- Email domains
- Malware droppers
- Credential harvesting phony login pages
- Command and control
All this infrastructure requires domain names whether to fool users or simply for malware components to locate attacker infrastructure. Tim will show how to exploit the attacker’s dependence on domain names to get ahead of the adversary.
- There is a window of time from when an adversary registers a domain for use in an attack, and when that domain is actually used. It is often said that this window is just minutes, but that is not always the case, and in fact we are seeing the window get longer.
- If a defender can find out about these registrations immediately, they can take measures to protect themselves and/or their customers against the incipient campaign
- From any given adversary domain, it is often possible to expose a much larger campaign, which gives the defender more protection and more targets for threat hunting or defending ahead.
After our educational sessions, DomainTools will briefly demonstrate how Iris Detect and Iris Investigate are powerful technologies for disrupting attacks before they get off the ground.
Please join us for this real training for free Session.