August 30, 2016 By Kevin Beaver 3 min read

Just when you think you have your network under control, there’s always something — or someone — creating a bit more complexity than you thought you had to deal with. One thing that’s often overlooked is third-party vendor connections into network environments.

Whether you know about them or not, such connections likely exist today, and they’re probably creating more risks than you’re willing to tolerate. They may come in the form of VPN connections, web services or even something more rudimentary, such as a remote desktop or a third-party remote PC access tool.

The reality is that vendors, business partners and customers connect into your LAN or cloud environments. You probably just haven’t discovered them yet.

Bad Connections

On the surface, these outside connections may seem harmless. The odds are certainly in your favor that intentions are good, but you know which road is paved with that approach.

It doesn’t matter how well you know these outside parties, what security policies you have in place or how strong your contract is. Your network can be compromised if one of these inbound connections facilitates something like a curious user on the other end or, perhaps worst of all, malware or an attacker who has gained a foothold into that outside environment and now has a path into yours.

It really doesn’t matter what type of connection they have; all that matters is that the connection is there. It could provide someone with unfettered access to your network that is, in all likelihood, unmonitored and unaudited. Like many seemingly resilient organizations we’ve heard about in the past, this type of unauthorized access can literally bring an organization to its knees. So what can you do about this security risk?

The solution is along the lines of the common issue that few people seem to be addressing: You have to know your environment and understand the risk in order to do something about it. Many IT and security shops simply manage things in the short term, putting out fires day by day. They fail to look at the bigger picture and gain control of their environment from a higher level.

Monitoring Third-Party Vendor Connections

The following steps can help you gain some semblance of control over third-party vendor network connections:

  • Perform an inventory yourself, and speak with department managers and data owners to help you determine where these connections are coming from and going to, who has been granted access and so on.
  • Perform a firewall rulebase analysis to look for rules allowing inbound connections you may not have been aware of.
  • Run vulnerability scans on your external-facing hosts — including cloud-based environments — to look for services that are listening for inbound connections. Make sure that you look for all of your known IP addresses. Many people forget about systems here and there, and that’s often how these inbound network connections get overlooked.
  • Determine whether your enterprise password policies apply to accounts on inbound network connections. What about malware protection, personal firewalls and software update checks similar to the promises of network access control in years past?
  • Decide if you need to establish additional security standards and enforce them via technical controls, such as DLP, cloud access security broker and SIEM technologies.
  • What internal processes are involved in provisioning inbound network connections and account setup? What are the gaps and how can they be improved?

Stay Alert

Your own internal network environment is complicated enough. The last thing you need is someone else’s inbound connection creating unnecessary risks for your business — but you cannot secure the things you haven’t yet acknowledged.

It’s important not to overlook third-party network connections. Make this exercise part of on your ongoing information security assessments and audits. Given the interconnectedness of the business world in which we operate, things are only going to get more complicated.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today