The Threats to Network Security Are Rising – What’s an Enterprise To Do?

Businesses are grappling with new threats to network security, as rising challenges from evolving malware to the emerging Internet of Things landscape and beyond put networks and sensitive data more at risk. Jeff Finn, CEO of zvelo, offers his insights into the state of network security today, and what businesses need to be aware of in addressing these threats.

• Q. What are you seeing as a few of the most critical challenges facing network security right now?

A. While the network security industry has no shortage of technology solutions, today’s challenges can’t be met by technology alone. Many of the largest network security problems are attributable to failures of people and/or processes. To secure an organization properly, a comprehensive security policy is needed that addresses the people, processes, and technology issues that are critical to an organization’s daily operations.

The processes an organization uses to complete work on a daily basis must not remain only “tribal knowledge.” Rather, they should be well documented, approved by governance, and sufficiently communicated to all. An organization’s security analysts serve as the front line of defense against attackers and are essential components of a sound, holistic security program. Also, increased emphasis should be placed on training – not just annual security awareness training but any and all additional security training that is relevant to the evolving network security environment throughout the year.

• Q. Have you been able to quantify a rise in malware, viruses, and other security threats targeting consumers and employees? Just how bad is it out there?

A. We are witnessing a sharp rise in the diversity of malware variants directed at IoT devices. One recent IoT malware variant actually goes as far as to “brick” the device by erasing the firmware (essentially ensuring that the vulnerable device never boots again). Malware creators have been in the spotlight since the Mirai IoT distributed denial of service attacks starting in the summer of 2016. We are seeing the source code of those attacks being upscaled, and it now appears to be learning new tricks as it’s re-implemented by new authors. Also, the average IoT device vendor still has a lot to learn from 30+ years of infosec best practices, as these IoT manufacturers continue to release devices that are way too vulnerable to trivial attacks.

• Q. Many consumers know about the potential danger of connecting to insecure public WiFi, but are there threats to us on our own home networks?

A. Today’s malware increasingly attempts to change the DNS servers that are served to all internal clients via our home gateway routers. Once this occurs, all internal clients – including hardwired ethernet clients – start asking an unknown 3rd party (controlled by the malware creator) for name resolution. At that point, traffic to known safe websites can be redirected to evil twin hosts that the malware creator either owns or is getting paid to redirect clients to. From there, it’s easy for advanced malware to start loading malicious payloads onto even non-WiFi devices on your home network. For these reasons, it’s absolutely critical that you change the default password on all internal devices on your home network, and that you consistently keep your IoT devices’ firmware updated at all times.

• Q. What’s a network security customer use case look like for zvelo? How do you fit in?

A. One of the best use cases for zvelo’s data services is with network security vendors. We work with some of the leading Web Filtering, UTM, CASB, Endpoint Security, Mobile Security companies, who integrate zvelo’s content categorization and malicious detection data into their own offerings. We’ve built our solutions around providing optimal categorization accuracy, coverage, lookup speed performance, and real-time updates. For network security customers it has also been important to have flexible integration and deployment options, with full local mirroring, full cloud lookups, or a hybrid local/cloud option. This allows partners to select the right implementation option for their use case and performance needs. In another use case, gateway/router devices can integrate our IoT security solution in order to provide IoT/BYOD device discovery and anomaly detection and alerting. To do these services well, it takes a laser focus and commitment. By utilizing zvelo to focus on these technology challenges, our partners free up valuable resources and focus on go-to-market activities, user experience, channel sales efforts, and core network security engineering initiatives.

• Q. Switching to the IoT: what’s behind the recent rise in malicious (and far-reaching) IoT botnet attacks, and what changes in the industry (or customer behavior) might help counter this threat?

A. Sadly, industry best practice around network security appears to be largely ignored by IoT vendors, resulting in a large majority of current IoT devices with known and/or easily identified vulnerabilities. It almost feels like they are re-learning some of the lessons the infosec community learned and tackled years ago. Because the IoT vendors are focused on shipping a Minimum Viable Product for the cheapest possible price, they are disregarding quality control and shipping products that leave their customers (and our clients) with an extremely hard-to-solve security problem. How do you patch devices that don’t have an interface? Where do customers go for support when the cloud backend supporting an IoT device gets hacked? The IoT industry needs to focus more on quality control with regards to security and actually have their devices penetration tested before shipping.

• Q. As an IoT device categorizer and profiler, how are you able to detect anomalous behavior on a network and determine whether that activity is malicious or not?

A. While we can’t disclose all of our proprietary technology, we’re cognizant of all 7 layers of the OSI model. We’ve built traffic detectors and anomaly analyzers into each of the 7 layers to detect any traffic behaviors that are out of norm and/or contain malicious activity. Because of the massive device, traffic, and web activity data that zvelo technology leverages, we can quickly determine if an IoT device is behaving in a way that is atypical for that particular IoT device model. Further, we are also uniquely suited to enrich our IoT data with other zvelo solutions like bot detectors and website content categorization to assemble an IoT data set unlike any other in the industry. By applying InfoSec, data science, security analytics and statistical anomaly detection techniques, we’re able to get a pretty good read on what’s going on with IoT devices. Through listening to ALL of the layers – and viewing those layers from multiple perspectives – it will be easier to spot anomalies that are occurring at a higher or lower level and are simply well-masked at a single layer.

Jeff Finn is CEO of zvelo, a provider of content and device categorization, as well as malicious botnet detection services. Prior to zvelo, Jeff served as CEO of eSoft, Inc. and as SVP at evolving systems, inc., a company specializing in software solutions for the telecommunications industry. Finn founded and was senior executive of Prairie Systems, where he designed and launched a number of innovative telecommunications software products and services. He also held senior positions at Applied Communications, Inc. Finn began his career with IBM and earned a Bachelor of Science degree from the University of Nebraska, Lincoln.