Exeon recommends consistent monitoring of third-party applications
Zurich, 8 June 2022 - The Swiss IT security company Exeon Analytics warns against trusting third-party applications unconditionally, regardless of whether they are contract developments or standard solutions from renowned manufacturers. The problem with such applications is that they often require extensive authorisations or receive them unnecessarily. At the same time, such third-party software usually acts as a black box without transparency into the individual actions or data streams. "Without consistent monitoring of third-party software, operators often do not know what exactly is happening in their network and therefore cannot comprehensively guarantee IT security," says Gregor Erismann, CCO of Exeon Analytics. "Thus, third-party software can be utilised relatively easily to infiltrate malware, whether intentionally or accidentally. Trust is good, but unfortunately not sufficient for reliable protection."
Consequently, Exeon also recommends that non-KRITIS companies introduce central and manufacturer-independent monitoring of the entire network environment, including third-party applications, in line with the IT Security Act and the corresponding BSI regulations in order to detect anomalies in network traffic promptly. According to Exeon, a holistic picture can be achieved in three steps:
Create an overview: First, a complete inventory of the environment is required, including systems and applications, but also external service providers. Only those with a complete overview of all data flows can understand what is happening in the network.
Define authorisations: For each system, each application and, of course, each user, it is necessary to define which authorisations are required. According to the principle of least privilege, these should be assigned, but only these.
Monitoring: Today's IT environments are constantly changing, and access authorisations often change alongside them. Usually, new authorisations should only be set up temporarily, but in the hectic of everyday life, they are then not taken back. Incorrect configurations are also considered one of the most frequent causes of security problems - for example, when group authorisations are carelessly assigned instead of those for individual users. Detailed monitoring can automatically compare the actual authorisations with the intended ones and thus uncover misconfigurations.Heutige IT-Umgebungen ändern sich laufend und mit ihnen nicht selten auch Zugriffsberechtigungen. Oft sollen dabei neue Berechtigungen nur temporär eingerichtet werden, doch in der Hektik des Alltags werden sie dann nicht zurückgenommen. Auch Fehlkonfigurationen gelten als eine der häufigsten Ursachen für Sicherheitsprobleme - etwa wenn unbedacht Gruppenberechtigungen vergeben werden statt solche für einzelne User. Ein detailliertes Monitoring kann automatisiert die tatsächlichen mit den vorgesehenen Berechtigungen vergleichen und so Fehlkonfigurationen aufdecken.
Complete monitoring is made possible by manufacturer-agnostic NDR solutions (Network Detection and Response). As a comprehensive NDR platform, ExeonTrace from Exeon enables, for example, the reliable and early detection of attackers who have already overcome the perimeter through AI-based behaviour and traffic analysis. The platform enables comprehensive visualisation of all data flows in the corporate network, including those from third-party systems and applications, and can be seamlessly integrated into existing SIEM or EDR solutions. As a completely software-based solution, ExeonTrace does not require any additional hardware. The integration of system log information also allows the analysis of encrypted traffic, which already accounts for a very large share in many environments.
About Exeon Analytics
Exeon Analytics AG is a Swiss cybertech company specializing in the protection of IT and OT infrastructures through AI-driven security analytics. The Network Detection and Response (NDR) platform ExeonTrace offers companies the ability to monitor networks, detect cyber threats immediately and thus effectively protect their own company's IT landscape - quickly, reliably and completely software-based.
The self-learning algorithms for early detection of cyber attacks were developed at ETH Zurich (Swiss Federal Institute of Technology Zurich) and are based on more than ten years of academic research. Exeon has received several awards, is internationally active and counts well-known companies such as PostFinance, V-Zug, SWISS International Airlines and the logistics group Planzer among its customers.
Press contact: Gregor Erismann, CCO Exeon Analytics, gregor.erismann@exeon.com, +41 78 797 05 09