20-year-old exploits and TikTok streams threaten business security, new SASE report from Cato Networks finds

“Cato’s converged SASE solution allows us to bring together security observations with network analysis from live traffic. In the first quarter, we saw how corporate security executives can’t focus on newly discovered vulnerabilities at the expense of older, more mundane risks, ”says Etay Maor, Senior Director of Security Strategy at Cato Networks. “Threat actors are constantly looking for unpatched, EOL (end of life) and legacy systems, vulnerabilities that are two to nearly 20 years old. And while several governments have raised privacy concerns with TikTok, and eventually banned this app from their networks and devices, too many corporate networks continue to carry TikTok streams. “

Legacy security defenses fail because old exploits are the most common threat

As the industry focuses on alien attacks – like the SolarWinds breach – the real risk to businesses comes from older exploits, some dating back 20 years. “While businesses should always keep abreast of the latest security patches, it’s also vital to ensure that old systems and well-known vulnerabilities from years past are also monitored and patched,” says Maor. “Threat actors try to take advantage of neglected vulnerable systems.”

Our research has shown that attackers often look for end-of-life and unsupported systems. The Common Vulnerabilities and Exposures (CVEs) identified by Cato were exploits targeting software, namely vSphere, Oracle WebLogic, and Big-IP, as well as routers with remote administration vulnerabilities.

Patches can fix the problem, but companies find it difficult to stay on top of patches, and legacy security systems are often insufficient to stop threats. In addition, threat actors constantly modify their signatures and characteristics to avoid detection.

Application vulnerabilities expose many businesses to attacks

During its analysis of network traffic, Cato identified several security risks. Microsoft Office and Google continue to dominate, but there has been widespread use of remote access software, such as Remote Desktop Protocols (RDP), Virtual Network Computing (VNC), and TeamViewer.

If not properly secured, these applications can be targeted by threat actors with disastrous results, as recent attacks against the virus have shown. Florida water supply system, Molson coorsand Colonial Pipeline. “The prevalence of remote access software is troubling from a security perspective. Many attacks against critical infrastructure have involved attackers exploiting vulnerabilities and weak passwords in these very many pieces of software. If companies need to run such software, special precautions must be taken to ensure their security ”. Maor said.

Corporate networks also continue to be powered by consumer apps, the most popular being TikTok which had millions more feeds than Google Mail, LinkedIn, or Spotify. In recent months, Cato has also seen a significant increase in Robinhood and eToro transactions – likely due to the recent GameStop-Reddit-Wall Street. The data transmitted to these trading applications has overtaken the most popular applications such as CNN, The New York Timesand CNBC.

“The increase in consumer applications not only consumes bandwidth, but poses a security risk for businesses,” Maor said. “As the type of data and application flows change, the way threat actors exploit vulnerabilities also change and, as a result, the way businesses secure their networks must change as well.”

Threats come from countries other than Russia or China

To stay ahead of attackers, companies often block traffic from certain countries, such as Russia and China. Such an approach is ineffective. Cato’s analysis shows that in the first quarter of 2021, most threats did not come from China or Russia. In fact, more and more malware attacks are coming from United States Than any other country.

“Blocking network traffic to and from ‘usual suspects’ won’t necessarily make your organization more secure,” Maor said. “The threat actors host their Command & Control servers on” friendly “grounds, including in the United States, Germany, and Japan. “

Machine learning algorithms identify network characteristics of security threats

To fully understand network and cybersecurity trends for its report, Cato Networks analyzed nearly 200 billion network flows from more than 850 companies worldwide on Cato’s global private network between January 1, 2021, and March 31, 2021.

Around 16 billion security events have been identified and transmitted to the Cato Threat Hunting System (CTHS). This proprietary machine learning platform identifies threats through contextual network and security analysis. By understanding and identifying network patterns of cyber attacks, CTHS alerts you to security threats often undetected by existing cybersecurity software.

In total, CTHS identified 181,000 high-risk flows, which led to 19,000 threats verified by Cato’s security team. The highlights of this analysis have been captured in this report. For more information, download a copy of The Cato Networks SASE Threat Research Report at https://go.catonetworks.com/SASE-Threat-Research-Report.html.

About Cato Networks

Cato is the first in the worldSASE platform, the convergence of SD-WAN, network security and Zero Trust Network Access (ZTNA) into a global, cloud-native service. Cato optimizes and secures access to applications for all users and locations. With Cato Cloud, customers easily migrate from MPLS to SD-WAN, optimize connectivity to on-premises and cloud applications, enable secure internet access to branch offices anywhere, seamlessly integrate cloud data centers into the network, and connect mobile users with Cato SDP client and clientless access. options. With Cato, the network and your business are ready for the future.

Infographics – https://mma.prnewswire.com/media/1516354/Cato_Networks_1_Infographic.jpg
Infographics – https://mma.prnewswire.com/media/1516353/Cato_Networks_2_Infographic.jpg

SOURCE Cato Networks

Related links


Source link

About Thomas Brown

Check Also

Record number of COVID cases reported in 2 Australian states

SYDNEY – The Australian states of Victoria and Queensland reported record levels of new daily …

Leave a Reply

Your email address will not be published. Required fields are marked *