How A Network Security Scanner Can Save Your Company

By Eric M. Feliciano ·

Today, environments range from one server to complex infrastructures with hundreds of servers and sites. Even sites with one server can be difficult to manage, making security information and management often not a priority.

With advanced cyber attacks rapidly evolving, not only are they targeting those for revenge, but also to simply troll an organization. We are seeing well planned attacks that not only affect the company, but any information they have gathered. This information could be yours or someone you know.

Recently IBM came across a new piece of malware designed to steal sensitive information from infected computers.  This malware has been named “CoreBot” and it uses a plugin system that allows its creator to easily add new data theft capabilities.  According to IBM, this malware target is saved locally by web browsers, FTP clients, email clients, virtual wallets, certificates and various forms of data stored on applications.  CoreBot is also capable of downloading and executing additional threats once the host is infected.

It has but not currently in use domain generation algorithm. This is useful to the attacker because it allows the malware to talk back to its servers using dynamically generated domains.  This makes it more difficult for security professionals to block the operation and prevent other cyber attacks against it.

Avid Life Media parent company of Ashely Madison has issued a reward of $500,000 for information leading to the arrest of the hacker or group behind their recent network breach.  This attack not only resulted in leaked information, but two lives as well.  It has been reported that two suicides have taken place due to this information being made public.

Employees learned about the malicious attack once they logged in to their workstations and were greeted by a message delivered by the attack.

A Network Security Scanner, working in conjunction with a SIEM, could save companies from both financial loss and public embarrassment and if installed and configured with best practices in mind, can prevent such attacks.  These scanners can locate vulnerabilities across the network and detect them on both physical and virtual devices.  The scans offer valuable information to the changes in your infrastructure, which are not always documented or made for the benefit of the company.  Not all attacks occur from the depths of the web, some occur due to lack of employee knowledge of the current workings of these threats.  Some attacks are orchestrated by a disgruntled employee who has all the access they would need to destroy your network.

When properly scanning your environment, you can detect such attacks or weak points that could be used against the company.

Discovering what’s in your network is important, at times documentation is set aside and not all assets are accounted for.  Rogue systems can lead to missed virus scans, security updates and used as an open door for a cyber attack.  Identifying systems with potential risks will prevent the attack from taking place.  Once you identify devices with potential vulnerabilities, you can begin to assess their risks and plan on a remediation plan based on impact of those devices.  Scheduling these scans will allow for better management of the infrastructure and provide a deep view of what could be potentially a threat.

Security auditing should not be overlooked; this is a critical area of any infrastructure.  Once a major cyber attack occurs it can lead to massive financial loss.  Sony encountered a cyber attack during the holidays which led to company information being leaked, unsatisfied customers with disrupted services and a tainted image.