To begin, let me re-ask the question: What if an unauthorized user has access to the network? Instead of focusing on how they gained access, let’s assume they are already on the network. What could they potentially access?
Consider what your organization’s critical assets are on the network and how they are accessed. Remember, just because a user doesn’t have access to an application interface doesn’t mean they can’t access the resources or data. Break down the types of users accessing these assets, such as:
- User Access
- App Administrator Access
- Network Administrator Access
- Service Account Access
- Supporting Applications Access
- Guest Access (users without access or those who shouldn’t have access)
- Other (access unique to your organization)
You might think that having Multi-Factor Authentication (MFA), Just in time, or vault-based access provides sufficient protection. However, additional forms of identification methods can be compromised. All it could take is a vulnerability in a database server where identity information is stored. Understanding the different types of access and identity is crucial for implementing a defense-in-depth strategy. Remember, once a hacker obtains a user’s credentials, it’s only a matter of time before privilege escalation occurs.
Using a factory assembly line analogy, just as each station has a process in assembling an item that will be used as part of the overall product, consider the processes that allow an asset or application to function. Observing how it is accessed and used, both visually and through network components, is essential. This is where application dependency models become important.
Most modern applications don't reside on a single host but have multiple dependencies across the network.
Most modern applications don’t reside on a single host but have multiple dependencies across the network. Some of these dependencies may be off-site, through third parties, or even in the cloud.
Once you’ve identified these elements, pinpoint the weakest link–this is often what hackers target. If identifying the weakest link is challenging for your organization, consider a penetration test of the asset by a trusted cybersecurity partner. KNZ has excellent partners who can assist with application or asset penetration tests.
After identifying the weakest link(s), you can begin the process of implementing the necessary security layers to protect the asset and your network infrastructure components.
In the final part of this series, we will discuss deploying these security layers to assist with safeguarding the asset.
Missed Part 2? Read it here.
First time here? Take a look at Part 1.
About the Author:
Chris Price is an experienced executive deeply committed to nurturing and empowering team members to realize their fullest potential. My passion lies in technology thought leadership, and my career has been dedicated to providing guidance and leadership in aligning technology with business objectives. In recent years, we’ve observed a significant evolution in technology, particularly in digital solutions, which have the potential to differentiate businesses and confer a competitive advantage in their respective industries. In this new era of digital business, organizations must embrace transformation. Within my team, we possess the expertise to guide organizations through the disruptions brought by digital innovations, offering innovative ideas and state-of-the-art technology to navigate these changes effectively.
