Just when you think you have your network under control, there’s always something — or someone — creating a bit more complexity than you thought you had to deal with. One thing that’s often overlooked is third-party vendor connections into network environments.

Whether you know about them or not, such connections likely exist today, and they’re probably creating more risks than you’re willing to tolerate. They may come in the form of VPN connections, web services or even something more rudimentary, such as a remote desktop or a third-party remote PC access tool.

The reality is that vendors, business partners and customers connect into your LAN or cloud environments. You probably just haven’t discovered them yet.

Bad Connections

On the surface, these outside connections may seem harmless. The odds are certainly in your favor that intentions are good, but you know which road is paved with that approach.

It doesn’t matter how well you know these outside parties, what security policies you have in place or how strong your contract is. Your network can be compromised if one of these inbound connections facilitates something like a curious user on the other end or, perhaps worst of all, malware or an attacker who has gained a foothold into that outside environment and now has a path into yours.

It really doesn’t matter what type of connection they have; all that matters is that the connection is there. It could provide someone with unfettered access to your network that is, in all likelihood, unmonitored and unaudited. Like many seemingly resilient organizations we’ve heard about in the past, this type of unauthorized access can literally bring an organization to its knees. So what can you do about this security risk?

The solution is along the lines of the common issue that few people seem to be addressing: You have to know your environment and understand the risk in order to do something about it. Many IT and security shops simply manage things in the short term, putting out fires day by day. They fail to look at the bigger picture and gain control of their environment from a higher level.

Monitoring Third-Party Vendor Connections

The following steps can help you gain some semblance of control over third-party vendor network connections:

  • Perform an inventory yourself, and speak with department managers and data owners to help you determine where these connections are coming from and going to, who has been granted access and so on.
  • Perform a firewall rulebase analysis to look for rules allowing inbound connections you may not have been aware of.
  • Run vulnerability scans on your external-facing hosts — including cloud-based environments — to look for services that are listening for inbound connections. Make sure that you look for all of your known IP addresses. Many people forget about systems here and there, and that’s often how these inbound network connections get overlooked.
  • Determine whether your enterprise password policies apply to accounts on inbound network connections. What about malware protection, personal firewalls and software update checks similar to the promises of network access control in years past?
  • Decide if you need to establish additional security standards and enforce them via technical controls, such as DLP, cloud access security broker and SIEM technologies.
  • What internal processes are involved in provisioning inbound network connections and account setup? What are the gaps and how can they be improved?

Stay Alert

Your own internal network environment is complicated enough. The last thing you need is someone else’s inbound connection creating unnecessary risks for your business — but you cannot secure the things you haven’t yet acknowledged.

It’s important not to overlook third-party network connections. Make this exercise part of on your ongoing information security assessments and audits. Given the interconnectedness of the business world in which we operate, things are only going to get more complicated.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…