We’ve seen numerous headlines reporting companies falling victim to cyberattacks. Usually, there’s a human error involved, when an unsuspecting employee opens an infected email and infiltrates ransomware on the network. Unfortunately, it doesn’t stop there.
Cyber threats have now grown to be so sophisticated that they can use one company’s network to infect another one. So, now it’s more important than ever to protect your assets not only for the well-being of your company but also for your business partners.
For this reason, we talked with the CEO at Network Perception – a company that offers network audit and compliance software – Robin Berthier, about how network visibility can improve a company's cybersecurity posture and what are the most prominent threats to look out for.
Tell us about your journey throughout the years. How did the idea of Network Perception originate?
Network Perception started as a research project funded by the Department of Energy and the Department of Homeland Security at the University of Illinois. The initial research consisted in formally verifying that organization-wide network access policies were correctly implemented by distributed local firewalls.
The founding team worked closely with industry partners for years to understand their challenges and develop the next generation of network verification and visualization technology. This technology was packaged into a desktop application called NP-View that has the unique capability of being lightweight and robust, providing compliance and security teams the fastest way to verify complex firewall rulesets in minutes rather than days. The application was adopted by the North American Electric Reliability Corporation, NERC, which is the regulating body for the electric industry in North America, to conduct their Critical Infrastructure Protection audits.
NP-View evolved as an on-premises server-based solution to enable organizations to transition from a point-in-time review of their critical network into continuous verification and visualization through automated workflows. Today, NP-View is available in three editions: NP-View Essential, NP-View Professional, and NP-View Enterprise.
Can you introduce us to your NP-View product? What are its key features?
NP-View is a software solution designed to secure critical assets with intuitive, proactive, and continuous network segmentation visualization and verification. Its key features are:
- Working offline, as it only requires copies of network device configurations to run
- Providing instant network topology visualization without having to connect to the network
- Producing instant network risk assessment by identifying incorrect network segmentation and overly permissive accesses.
The network visualization is highly intuitive and interactive to provide value to both technical and non-technical users. It also simplifies the firewall review process by unifying ruleset representation across all major firewall vendors.
What are the most common threats carried out via insecure networks?
The insecurity of networks increases risks in two ways. First, it exposes vulnerable assets to malicious actors. Second, it enables adversaries to conduct lateral movement by pivoting from one compromise asset to the next to expand their reach into the most critical zones of the network. The exposure and the expansion can be mitigated by adopting a principle of least privilege, which means segmenting networks and only permitting access to specific applications and services on a need-to-know basis.
Have you noticed any new threats emerge because of recent global events?
Two prominent threats, ransomware and supply-chain attacks, have significantly increased recently. There has been an inflection point in 2018 when the number of ransomware attacks against critical infrastructure accelerated and culminated in 2021 with the shutdown of Colonial Pipeline operations for 5 days. This is the result of adversaries perfecting their technique to generate profit from cyberattacks, and the realization that targeting industrial facilities led to higher probabilities of getting ransoms paid. The risk of supply-chain attacks became a real concern when the world discovered that 18,000 organizations had been compromised through an infected release of the SolarWinds network management software. The level of sophistication that enabled malicious attacks to compromise the built environment of a large software manufacturer was unprecedented.
In your opinion, why are certain companies still unaware of the risks hiding in their own networks?
Depending on the level of cybersecurity maturity of an organization, networks and the configuration of network devices are either left as plug-and-forget, which means nobody pays attention as long as it works, or left to the purview of a single team who is in charge of everything, from provisioning to maintaining and securing. The result is a pervasive lack of visibility into network architecture and access policies, which leads to a lack of risk awareness. The first rule of network security is that we cannot protect something we don’t know we have to protect.
Besides quality network security systems, what other measures do you think should be a part of every modern company?
Every modern company should adopt a cyber resiliency approach, which means investing in a set of guiding principles to ensure that operations can keep running despite being under constant threat.
The principles of cyber resiliency are the following:
- Compliance verification. We must continuously check that cybersecurity controls are in place and correctly followed.
- Security visualization. We must gain a clear understanding of the environment we have to protect and the dependencies that exist among our critical assets.
- Operational velocity. We must accelerate our ability to identify and respond to cybersecurity incidents.
In terms of tactical solutions, modern companies must adopt multi-factor authentication, network and endpoint security monitoring, and robust change and patch management processes.
What dangers can customers be exposed to if a company they trust struggles to ensure compliance?
Customers can be exposed to malicious infiltration if a company they trust and partner with struggles to ensure compliance. The best example comes from managed service providers (MSPs) that have remote access to all their customer networks. If an MSP fails to remain secure and compliant, then an adversary can exploit their central access to significantly expand their reach. This is why vendor remote accesses should be scrutinized to be permitted on a strictly need-to-know basis and to be revocable instantly if suspicious activities are detected.
In your opinion, what kind of attacks are we going to see more of in the upcoming years? What can average Internet users do to protect themselves?
I believe for-profit attacks will continue to rise, which means that we’ll see more and more individuals and organizations getting ransomed by system-locking malware. To protect themselves, Internet users should:
- Adopt a password manager
- Enable multi-factor authentication everywhere they can
- Invest in a solid backup solution for their data and operating systems
Tell us, what’s next for Network Perception?
This is an exciting time for Network Perception because we are expanding in three directions. Firstly, we are transitioning from a project-based audit application into an operational cybersecurity verification and visualization platform.
Secondly, we are building partnerships with leading security vendors to enrich the NP-View visualization map by ingesting and representing endpoint and vulnerability data through an open API.
Finally, we are announcing new editions of our product this year with the introduction of NP-View Essential, NP-View Professional, and NP-View Enterprise to better support critical industries through all stages of cybersecurity maturity.