Network Blind Spots

What Are Network Blind Spots and How Are They Exploited?

Organizations are struggling to identify threats in a timely and actionable way in large part because they lack the necessary visibility into their environment needed to detect malicious actions. According to a recent report by SANS Institute, while 97% of organizations collect logs, only 44% of these organizations review their logs regularly and only 14% feel confident in their ability to accurately analyze large data sets for security trends.

• BYOD. The continued adoption of Bring Your Own Device (BYOD) policies adds to this challenge by introducing hordes of unknown mobile devices to your wireless networks. Personal laptops and mobile devices rarely have the same strong endpoint protection that is required at the corporate level. When an employee connects their personal device to your network, it is a risk to the entire company.
• Shadow IT. Meanwhile, well-intentioned employees may have installed their own server applications or software, such as a webserver, without approval from IT. That employee most likely will not follow best practices in patching regularly to maintain protection against vulnerability exploits.
• Rogue Wireless Hotspots. Employees may also install unauthorized wireless access points to provide more convenient network access in their office. These rogue access points could allow outsiders to more easily attack your protected network, without even stepping foot inside your building. In more serious attacks, the criminal may install their own rogue access point to maintain access after a physical intrusion.
• Botnets. In other attacks, botnets may have installed software that is calling home to the Command and Control server using your network. This Command and Control traffic is often disguised as normal web browsing traffic and can be difficult to detect.

So What Can You Do to Close Network Blind Spots?

Visibility into your network is critical for identifying hidden threats. At a minimum, administrators should establish a baseline of normal network activity and investigate any major deviations from this baseline. WatchGuard Dimension provides this visibility into all network activity with detailed reports and easily reviewed dashboards, allowing IT staff to quickly identify emerging threats.

The WatchGuard Network Discovery service is another important tool for illuminating network blind spots. The Network Discovery server, available on all current WatchGuard Firebox models running version 11.11 of the Fireware Operating System or higher, scans and maps currently connected devices and monitors for new endpoint connections.