Third-party cyber risks – and how ExeonTrace can provide complete system transparency

BSI warns against Kaspersky

On the 15th of March, the German Federal Office for Information Security (BSI) issued an official warning against the use of the Russian anti-virus software Kaspersky (Source). The reason for the warning is the far-reaching system authorisations of the anti-virus software, which come with considerable cyber risks in the current geopolitical situation. According to the BSI, this can involve IT vendors "conducting offensive operations, being forced to attack target systems against their will, or themselves becoming victims of a cyber operation and without their knowledge being spied on or misused as a tool for attacks against their own customers."

Third-party systems as a security challenge

The current warning from the BSI is an example of the challenge that third-party systems inevitably bring with them. For the context of this post, it does not matter where the software (and also the hardware) is produced - what is relevant are the far-reaching authorisations that third-party systems very often have in networks. In addition, there is often little transparency about what data third-party systems transfer from and into the company's network. Past cases (such as Sunburst) have also shown that third-party providers can be hacked themselves and consequently import malware into corporate networks. As a result, it is relatively easy for third-party providers to – intentionally or accidentally – smuggle malware into corporate networks.

System transparency with ExeonTrace

Exeon's NDR solution, ExeonTrace, is an effective and easy-to-implement means of monitoring data flows in networks and thus analysing data transfers from third-party systems. ExeonTrace analyses third-party systems' communication patterns and makes previously hidden movements visible. Since ExeonTrace includes log data of numerous network components for its analysis, the software is manufacturer-agnostic and thus allows a neutral evaluation of network activities. Security-relevant anomalies are detected and evaluated fully automatically so that security teams can then handle them efficiently.

Conclusion

Modern networks have a multitude of third-party systems in use. In the past, Chinese solutions were often viewed critically. However, in the current geopolitical situation Russian providers are more in focus. This shift shows how quickly the security-relevant priorities towards third-party providers can shift. Taking these priorities into account presents security teams with significant challenges. By closely monitoring complete networks and providing holistic transparency on activities of third-party providers, Exeon enables security teams to quickly and effectively react to security-relevant anomalies.