You’ve heard it here before — it’s not a matter of if, but when. At that point it’s less about penetration resistance of trying to keep the bad guys out of your network, but how to minimize the damage and get back up and running.
In a second volume to the National Institute of Standards and Technology Systems Security Engineering guide SP 800-160, NIST shows developers how to bolster the security of older legacy IT systems to limit hacker access once they break in.
The document focuses on cyber resilience engineering, which NIST gives four characteristics:
Focus on the mission or business: “Maximiz[ing] the ability of organizations to complete critical or essential missions or business functions despite an adversary presence in their systems and infrastructure.”
Focus on the Advance Persistent Threat: Know your enemy — ” its stealthy nature, its persistent focus on the target of interest, and its ability to adapt in the face of defender actions”
Assume compromise will happen: Today’s systems are so large and complex, penetration resistance isn’t ever 100%, and “a sophisticated adversary can penetrate an organizational system and achieve a presence within a targeted organization’s infrastructure.”
Assume persistence: “The stealthy nature of the APT makes it difficult for an organization to be certain that the threat has been eradicated.”
Uplogix can be another tool in your kit for recovering from when your network gets hacked.
Network recovery means stopping the immediate threat of compromised security by locking down the network or limiting functionality to specific areas, remediating security controls and addressing the disruption and continuity of business issues the event causes. Long term, it’s about fixing the gaps and dealing with regulatory, audit and compliance issues.
It’s not about giving up on penetration resistance; Uplogix can help you move management of network infrastructure out-of-route. By configuring devices to only accept management traffic from Uplogix over the console port, these devices are locked down. Potentially malicious outside traffic aimed at changing configurations, powering down or other unauthorized changes are blocked. Access to Uplogix is highly secure, integrating with TACACS and Radius and incorporating a highly granular authorization system.
After your network has been hacked, Uplogix can operate independently of the network over its dedicated out-of-band connection. Continuous monitoring means quick alerting when there are issues and last-known or golden configurations can be pushed to devices, wiping out malicious changes. The secure out-of-band access ensures access even when the primary network is down or degraded.
Read more about what Uplogix can do for your network after the hack, in our Network Restoration Blueprint infographic.