By now you’ve likely heard about the Vault 7 release, in which WikiLeaks dumped thousands of files that it claims came from a top-secret CIA network. The cache included bombshell allegations that the CIA created exploits that could open back doors on many end user and network devices — and then lost control over that code, leaving companies vulnerable to attack. Among the leaked exploits is a security vulnerability that affects more than 300 models of Cisco switches. You can read more about the backstory by going to the Cisco blog.
To its credit, Cisco immediately identified steps customers should take if affected by this latest threat. The vulnerability was resolved, and engineers throughout the industry will move on to face other challenges — until, that is, we get hit with the next volley in a steady attack on our network security defenses. For partners, the current Vault 7 situation should be an incentive to take a closer look at our – and our customers’ – infrastructures. It’s a lot like when one of our neighbors reports a house break-in and everybody on the block double-checks their locks; only in our case, we scan for potential issues in all devices that touch the network.
With this in mind, here are five takeaways from Vault 7.
- Be proactive about security. It’s worth the cost and effort of frequent reviews to be the first to spot vulnerabilities. Nobody enjoys being in reactive mode, especially your customers.
- Know your network to avoid surprises. This sounds basic, but the days of simple Visio diagrams are over. Topologies are getting more complex as traditional and software-defined WAN technologies proliferate, not to mention the bandwidth demands of voice and video applications. For this reason, you need a big picture – or end-to-end – topological view of your network and devices to identify vulnerabilities and potential issues before damage is done.
- Explore the discipline of network situational awareness. For that big-picture view to make sense, you also need constant situational awareness of what’s going on in the network. This is related to being proactive; otherwise, you end up with myopic decision making about what stays, goes or is a potential threat to the network. Everything in context.
- Be ready to counter. When a threat is detected, quickly change device paths to limit the potential risk. This is a lot like knowing the shortcuts in your neighborhood when a street is under construction. If there aren’t any workarounds, like the situation with the Vault 7 leak, you should be able to play back historical views and analyze network flows at any given point in time to get to the source of the issue.
- Automate where possible. Don’t just monitor devices and applications; have a system in place that recommends – and possibly implements – resolutions before a potential problem impacts network performance.
Complete visibility of your network environment will help you to see in real time if someone or something is exploiting the flaws that are present in any and all network gear. Fortunately there are many resources to identify these types of security vulnerabilities and provide continuous insight into your enterprise infrastructure.
Darren T. Kimura is the Executive Chairman at LiveAction, which recently expanded its partner program. In this capacity he leads the Board of Directors and provides advice and counsel to the CEO and LiveAction leadership on the company’s strategy and strategic partnerships.