Prevention is better than cure

by Mark Rowe

Secure remote monitoring helps guard from cyber-attacks, writes Julien Orsini, CISSP System Engineer EMEA, at the secure remote access product firm Opengear.

In the current crisis, secure remote access into the corporate network helps businesses configure systems, automate day-to-day operations, and ensure business continuity in the event of an outage. That is critical for any organisation, as the resultant downtime can lead to reputational damage and financial loss and even threaten its long-term survival.

Many factors are leading to an upsurge in outages. Organisations are adding layers of complexity to networks and that often results in more vulnerabilities – from ISP carrier issues to fibre cuts to simple human error. Added to this, network devices are becoming increasingly complex.

As software stacks have to be updated more often, they become more vulnerable to bugs and cyber-attacks. On the one hand, there is a risk of external attacks by cyber-criminals intent on exploiting weaknesses in the corporate network, or external bots looking for vulnerabilities. On the other, there is a growing threat from business employees themselves. The causes are as diverse as the risks – from disgruntled employees who open the doors to cyber-criminals to good-faith users who inadvertently download malware by clicking on an email link.

The sheer diversity of these cyber-threats makes them especially difficult for organisations to counter. Secure remote monitoring and secure remote access therefore become ever more important. So how can organisations use these approaches and tools to better protect themselves against cyber-attacks and mitigate their impact when they do occur.

Any effective cyber-security process needs to focus on prevention, and any such focus needs to start by identification. In the event of an attack, the main challenge might, for example, be to identify illegitimate connexions from authorised ones. This identification could be done in various ways. It could be monitoring sensors to detect when a simple malfunction has taken place. Alternatively, it could be about getting a handle on more nefarious activities, using tools for anomalous behaviour detection or traffic pattern detection.

With a resilient network and resilient access to it, organisations will be able to monitor the network effectively. This helps them identify divergences from the norm such as individuals not following security policies or networks behaving in an abnormal manner, which may be the precursor to an attack.

Having remote monitoring is key to help mitigate the growing risk of malicious traffic, by detecting irregularities that may be the precursor to malicious activity. Whatever the problem, though, this kind of monitoring can help organisations quickly identify the precise nature of the issue they are facing and start to proactively prevent it from happening.

Delivering a solution

Following this remote diagnosis, they can then use Smart Out-of-Band (OOB) management to establish an alternative path into the network and then start working on resolving the problem, without having to send in engineers to visit the relevant site and fix affected devices in person – something which has been all but impossible during the pandemic in any case. The OOB management network is separate from the main production network so even if the business is infected internally, it will still have a healthy OOB management network.

When an attack does get through, it is key for organisations to be able to see their system logs. One key benefit of OOB in this context is the ability of the Smart OOB appliance to pull the event logs directly from connected devices and forward these to a central SIEM or Security Analytics platform for early detection and prevention of a targeted attack such as Distributed Denial of Service (DDoS).

The ability to access logs from impacted devices quickly and securely can help pinpoint root causes and allow remediation to begin faster as well as reducing the consequential downtime.

OOB allows admins to maintain and manage components such as servers, WAN and security devices and resolve malfunctions via remote access. If there is an issue with connectivity, out-of-band solutions offer a failover solution, with cellular often providing an alternative to wired connectivity.

Deploying Smart OOB management platforms can also address security issues in innovative ways and their deployment has several advantages. The first is a simpler way to deploy multi-factor authentication that just needs to be integrated into the console server to be enforceable across the security appliance layer. Second, Smart OOB console technology can act as a system of record for all configuration changes and patches with changes sent over an alternative pathway. An update failure that leaves the device unreachable via the production IP network can often be rectified via this same OOB connectivity.

In short, having an effective Smart OOB management network in place will enable the business to securely access the affected network and devices, resolve problems and support business continuity. In addition, a network automation or NetOps approach can also help in automating responses to specific malicious occurrences. It will additionally provide real-time visibility of events regardless of the production state.

It is important to highlight here, however, that no network remote monitoring or remote access approach will ever be able to prevent all cyber-attacks. What they can do is give administrators early warning of issues and where outages do occur to maintain access to critical resources and security devices even if the network isn’t accessible or available. That is a major benefit which today is increasingly used and appreciated.

Related News

  • Interviews

    CSSC roll out

    by Mark Rowe

    As part of a national roll-out, an intelligence sharing system is being launched in the East Midlands, preparing businesses for the task…

  • Interviews

    Distributed control rooms

    by Mark Rowe

    David Griffiths, Director, Market Development EMEA at Christie, writes of a new era dawning of data management for distributed control rooms. Data…

  • Interviews

    Business security dates

    by msecadm4921

    On October 25 and 26, Warsaw is the venue for the fourth SASMA Business Security Conference 2012. It’s titled, “Meeting the undesirable…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing