Do you really know what’s on your network?
By Forescout
Interview with Wahab Yusoff, Vice President of Asia Pacific and Japan, Forescout.
“It takes just one device to provide the ‘in’ that a hacker or attack needs to corrupt the entire network,” explains Wahab Yusoff, Vice President of Asia Pacific & Japan at Forescout. He shared with GovInsider the importance of device visibility for organisations, and what can be done to secure networks against cyber attacks.
What is device visibility and control?
Device visibility and control is being able to identify, classify, assess and control every device that connects to a network. This includes real-time knowledge of every endpoint of every segment in the network, insight to the state of a network’s security, and automated control that allows security teams to respond quickly to threats.
Why unmanaged network connections are dangerous
Cyber criminals are constantly on the hunt for vulnerable devices, so it is crucial for companies to stay on top of their network connections. Unmanaged and unsecured devices are easy targets for malware attacks, which are costly to repair and can sometimes even be life threatening, when critical infrastructure is compromised.
Unfortunately, government agencies are not unfamiliar with data breaches. “In the UK, ISIS hackers recently managed to intercept classified British Government emails, and they used the information to target some of ex-Prime Minister David Cameron’s most senior advisors,” shared Yusoff.
“And the SingHealth data breach that happened last year involved 1.5 million patients, including Singapore Prime Minister Lee Hsieng Loong,” he adds. Device visibility and control has to be a priority for governments, given their vast database and the sensitivity of the information they carry.
What organisations need to secure their networks
The conventional way of managing network connections is no longer enough. “We used to install a software agent on every device, and this worked well when most devices were static,” explained Yusoff. But since the introduction of mobile phones and other portable devices, device visibility and control have become trickier. Add cloud centres and IoT devices (like sensors and video cameras) - many of which do not support software agents - to the mix, and the issue gets a lot more complicated.
Being able to understand what kinds of devices are connected to the company network is necessary for navigating the complexities of today’s cyberspace. Currently, there are two approaches to device detection: bottom-up and top-down.
The bottom-up visibility approach starts with devices and can provide details about the technological specifics of the devices, while the top-down approach starts at the business process and can provide information about the business context of connected devices.
But there needs to be a new combined approach, emphasised Yusoff. “As cyberthreats increase in numbers and effectiveness, government agencies must rethink how to eliminate intrusions, protect sensitive information and mitigate exposure to cyberattacks,” he said.
What agencies can do today
“The only way an organisation can understand every possible threat scenario in real time is if they have 100% visibility of the entire network and the devices in their business environment,” said Yusoff. This visibility enables companies to understand the context of each device, so they can then decide which security measures to activate. “The main questions that any organisation should ask itself is “Do I know what is on my network? Do I know where my weak points are?”, he said.
Indeed, knowledge is power. Instead of operating blind on a hope strategy, organisations need to better understand the devices on their networks in order to effectively implement security measures and protect themselves against the next cyber attack.
With services like ForeScout’s, organisations can discover and profile devices the moment they connect to the network, even if they do not support software agents. ForeScout can also limit or deny network access to suspicious devices, lowering the risk of data breaches and malware attacks.
It is also important to be able to threats as soon as they are discovered, no matter where they occur in the system. ForeScout is able to implement an automated threat response by sharing real-time security intelligence across systems, which cuts down on both time and manual labour.
Forescout is at GovWare booth #D01 on 1-3 October 2019.
GovWare is the region’s most established premier conference and showcase for cybersecurity, and is the cornerstone event of Singapore International Cyber Week. GovWare 2019 is taking place from 1 – 3 October at Suntec Singapore Convention & Exhibition Centre. Register for the event here.