The old adage “the best offense is a good defense” is applicable far beyond the recent Super Bowl victory. It’s a message at the bedrock of our work at Tanium. In order to properly secure your network, you must know what you’re actually protecting. In a rare public appearance, Rob Joyce, head of the National Security Agency’s (NSA) Tailored Access Operations (TAO) team recently brought this reality to light at Usenix’s Enigma conference.
The core responsibility of TAO is to break into non-US computer networks run by overseas companies and governments, so it is safe to say that Joyce has experience compromising countless types of networks all over the world. Through all of this he has come to realize the following: “If you really want to protect your network you have to know your network, including all the devices and technology in it,” he said. “In many cases we know networks better than the people who designed and run them.”
Even more troubling, according to a report from The Register, “He cited cases where NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed. When the NSA hacking squad comes back, he said, the first thing they do is investigate previously reported flaws and it’s amazing how many remain unpatched even after the earlier warning.”
“…NSA hackers have performed penetration testing, issued a report on vulnerabilities, and then when they go back two years later to test again found the same problems had not been fixed.”
Many companies are continuing to use outdated tools that no longer, or in this case never did, protect their networks. Not only must you stay up to date on the endpoints that enter your network, but also how each endpoint is managed and protected. Last year’s Verizon Data Breach Report noted 99.9% of attacks exploited issues that were known for more than one year, which means a patch was widely available but not deployed to critical systems.
“A lot of people think that nation states are running their operations on zero days, but it’s not that common,” he said. “For big corporate networks persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive.” Tanium empowers security and IT operations teams with the power to know and take action against every endpoint in 15-seconds at enterprise-scale. To learn more about putting insights like Joyce’s into action, visit tanium.com/see-the-truth.
Like what you see? Click here and sign up to receive the latest Tanium news and learn about our upcoming events.