Just when you think you have your network under control, there’s always something — or someone — creating a bit more complexity than you thought you had to deal with. One thing that’s often overlooked is third-party vendor connections into network environments.

Whether you know about them or not, such connections likely exist today, and they’re probably creating more risks than you’re willing to tolerate. They may come in the form of VPN connections, web services or even something more rudimentary, such as a remote desktop or a third-party remote PC access tool.

The reality is that vendors, business partners and customers connect into your LAN or cloud environments. You probably just haven’t discovered them yet.

Bad Connections

On the surface, these outside connections may seem harmless. The odds are certainly in your favor that intentions are good, but you know which road is paved with that approach.

It doesn’t matter how well you know these outside parties, what security policies you have in place or how strong your contract is. Your network can be compromised if one of these inbound connections facilitates something like a curious user on the other end or, perhaps worst of all, malware or an attacker who has gained a foothold into that outside environment and now has a path into yours.

It really doesn’t matter what type of connection they have; all that matters is that the connection is there. It could provide someone with unfettered access to your network that is, in all likelihood, unmonitored and unaudited. Like many seemingly resilient organizations we’ve heard about in the past, this type of unauthorized access can literally bring an organization to its knees. So what can you do about this security risk?

The solution is along the lines of the common issue that few people seem to be addressing: You have to know your environment and understand the risk in order to do something about it. Many IT and security shops simply manage things in the short term, putting out fires day by day. They fail to look at the bigger picture and gain control of their environment from a higher level.

Monitoring Third-Party Vendor Connections

The following steps can help you gain some semblance of control over third-party vendor network connections:

  • Perform an inventory yourself, and speak with department managers and data owners to help you determine where these connections are coming from and going to, who has been granted access and so on.
  • Perform a firewall rulebase analysis to look for rules allowing inbound connections you may not have been aware of.
  • Run vulnerability scans on your external-facing hosts — including cloud-based environments — to look for services that are listening for inbound connections. Make sure that you look for all of your known IP addresses. Many people forget about systems here and there, and that’s often how these inbound network connections get overlooked.
  • Determine whether your enterprise password policies apply to accounts on inbound network connections. What about malware protection, personal firewalls and software update checks similar to the promises of network access control in years past?
  • Decide if you need to establish additional security standards and enforce them via technical controls, such as DLP, cloud access security broker and SIEM technologies.
  • What internal processes are involved in provisioning inbound network connections and account setup? What are the gaps and how can they be improved?

Stay Alert

Your own internal network environment is complicated enough. The last thing you need is someone else’s inbound connection creating unnecessary risks for your business — but you cannot secure the things you haven’t yet acknowledged.

It’s important not to overlook third-party network connections. Make this exercise part of on your ongoing information security assessments and audits. Given the interconnectedness of the business world in which we operate, things are only going to get more complicated.

More from CISO

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022.While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your processes,…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…