decrypting myths
As with other types
of threats, a multi-
layered defence is
key to protecting
against threats
arising from third-
party access.
Morey Haber, Chief Technology
Officer and Chief Information Security
Officer, BeyondTrust
Monitor and examine
vendor activity
First, it’s imperative to scrutinise
third-party vendor activity to enforce
established policies for system access.
You want to understand whether a
policy violation was a simple mistake
or an indication of malicious intent. You
should implement session recording
to gain complete visibility over a
given session. And finally, you should
correlate information so that you have
a holistic view that enables you to spot
trends and patterns that are out of
the ordinary. Here are some ways to
approach monitoring:
• Inventory your third-party vendor
connections to understand where
68
•
•
•
•
•
these connections come from, what
they are connected to and who has
access to what
Look for firewall rules that permit
inbound connections for which you
are unaware
Perform vulnerability scans on your
external-facing hosts to search
for services that are listening for
inbound connections
Validate that your enterprise
password security policies
apply to accounts on inbound
network connections
Implement policies and standards
specific to third-party issues and use
technical controls to enforce them
Monitor for any security deficiencies
and then address them
It’s imperative to
scrutinise third-party
vendor activity to
enforce established
policies for
system access.
Limit network access
Most of your vendors only need access
to very specific systems, so to better
protect your organisation, limit access
Issue 15
|
www.intelligentciso.com