Are company CISOs (Chief Information Security Officers) aware of the vulnerabilities of the networks they are using to transmit valuable and proprietary data through their chosen communications networks?
Anyone directly using the Internet exposes their IP address, location and network identity. Any external connection used by your company is a potential source of attack on your data and systems. Even more problematic, typical networks are fixed, static and easily located. By the time you discover a network breach, you’ve already lost the battle. Your adversaries have found your network…they know who you are, where you are located and have harvested invaluable metadata for a future attack.
Since the advent of the Internet and worldwide connectivity, how we are all inter-connected has changed drastically, but the underlying network infrastructure has progressed little from what was implemented 50 years ago. Have you ever asked or questioned how your network connectivity is implemented? Is your network exposing potential cyber-attack vectors?
There is a 90% chance of someone knowing the exact routing of any particular data transmission.
Reports of network and endpoint data exploitation are in the news almost daily:
- “Attacker hit VPN firm Avast through its VPN”
- “NSA warns VPN vulnerabilities exploited by nation-state hackers”
- “DHS Alerts to Remote Vulnerabilities in Multiple VPN Applications”
- “Capital One Reports Data Breach Affecting 100 Million Customers, Applicants”
- “Top VPNs secretly owned by Chinese firms”
- “Exclusive: China hacked eight major computer services firms in years-long attack”
An Internet Exchange Point (IXP) is where Internet networks come together to peer or exchange traffic between their networks. Peering is a process by which two networks connect and exchange traffic. There are only a few large global peering points around the world.
Because of this limited and well-established topology for network transmissions, nation-states and organized crime, even individual hackers, prefer to target attacks at the closest router locations. These networks have become a huge malware transmission vehicle.
Only 10% of malware is normally detected …90% of malware gets through.
Carriers are points of attack for adversaries in order to identify the carriers’ customers and as a point of attack for their network management data. Subscriber information located in data center/carrier records are a great source to help identify the specific circuit that is being used by the target customer.
Carrier network infrastructure is the single, most logical point of attack for any given target.
As a result, users are open to the vulnerabilities of the carrier’s infrastructure; e.g. malware infested routers.
Many enterprises aren’t even aware of the risks they are accepting with their endpoint and network configurations. Although risk managers implement very complex and expensive processes to mitigate all kinds of other enterprise risks, they often overlook their network vulnerabilities. Just as in any other risk mitigation policy, you need “insurance” against loss.
We all carry different types of insurance policies. Hopefully we never have to claim against them but when we do, they are there to help mitigate costs. The same is true with enterprise network risks…why wait to actually be attacked to then worry about how you are going to react and what the costs will be to your organization?
Enterprises need to look beyond their current configurations and reactionary processes. NetAbstraction is unique in that the company provides a proactive foundation for smart enterprise privacy. By transparently distributing network communications within and across multiple clouds, and regularly churning the underlying network infrastructure, NetAbstraction effectively hides your enterprise’s network.
The dynamic shifting of communications across multiple commercial providers and use of multi-hop transport, make actual user information, origin location and identities a nearly impossible target to find for hackers, search engine optimization companies and other privacy threats. “If they can’t find you…they can’t attack you.”
Enterprises must start thinking about their networks proactively instead of reactively, and consider reducing their “network risk insurance” costs.