Ingress and Egress Controls Limit What Bad Actors Can Do
Enterprise data and IT asset security requires controls that limit what enters and exits the network. Ingress controls help minimize malicious incoming traffic while egress controls keep insiders from sharing data or other intangible assets with unauthorized parties.
Traditionally, such solutions were rule-based (and rules still matter), however, increasingly vendors are adding AI to their products to improve their effectiveness and extend their capabilities.
Handling Ingress Threats
Enterprises use ingress filtering to keep suspicious traffic out of the network. Routers and firewalls include packet filtering capabilities that sort based on the information included in headers. Some considerations include:
- Has the IP address been spoofed?
- Are the firewall rules so weak that a bad actor can easily spoof an internal IP address?
- What is the reputation of the IP address?
- Does the traffic suggest a Distributed Denial of Service (DDOS) attack?
- Are blacklists and whitelists effective and up to date?
Generally speaking, rule definitions matter greatly.
Handling Egress Threats
Enterprises also use data filtering to stop egress threats. While it’s necessary to monitor corporate email for signs of unauthorized data sharing, it’s not the only way for data to leave the building. Other forms can be images captured with a camera (or other IoT device which includes a camera), on a thumb drive, file sharing sites, file transfer protocol (FTP), hard disk drives or Hypertext Transfer Protocol (HTTP) transfers. Clearly, some of those means can be controlled electronically, while others require physical security.
Either way, what’s at stake are the company’s crown jewels and reputation since stolen intangibles are valuable on the black market and their theft is an effective (but illegal) way to get revenge on the company. Business plans, product plans, intellectual property, healthcare records, and the personally identifiable information (PII) are all fair game. Sadly, enterprises have been slow to acknowledge the prevalence of insider threats, both intentional and accidental. However, that’s changing thanks to Zero Trust and Defense in Depth postures, and Cyber Awareness training for company employees.
For example, advertising agency account executive accidently cc’ed a journalist on a threat which revealed that the agency’s client, a car manufacture, had just learned of a less-than-optimal rating of one of its car components which contradicted the ad campaign messaging. The agency was recommending that the car manufacturer ignore the report. Luckily, for the ad agency, the journalist brought the inadvertent mistake to the attention of the agency and trashed the email. An investigative reporter might have published the information.
Of course, not all data exfiltration is done by insiders. It’s also done by outside actors who may have infiltrated the company many months ago to do some sort of recognizance work such as identifying high-value assets to steal or high-value targets to phish or socially engineer. They may also use their access to introduce malware into the environment.
How to Minimize Ingress and Egress Threats
- Make sure your security architecture adequately addresses ingress and egress threats.
- Make sure your security policy addresses and enforces ingress and egress threats.
- Have an incident response plan in place.
- Monitor networks, applications, and user accounts for odd behavior.
- Use firewalls. The next-generation models have been designed with today’s world in mind, so they provide content inspection, network monitoring, packet filtering, a Secure Sockets Layer (SSL) virtual private network (VPN), and Internet Protocol security (IPsec). Make sure your firewall rules advance the security policy.
- Use Security Information and Event Management (SIEM) to log traffic coming in and out of the firewall. Since these tools are designed to work across different systems and networks, they can help reduce the number and impact of breaches.
- Identify the enterprise’s most valuable assets, including data, and make sure they’re protected.
- Minimize data loss with Data Loss Prevention (DLP tools)