When securing a corporate network, one naturally thinks of segmentation and organizing network zones by function, application sensitivity, or required level of access.
Most of the time, the approach involves isolating these zones by setting up firewalls, blocking traffic, and only opening access as specific requests arise.
Threats are evolving, and it quickly feels like defense doesn’t always adapt at the right speed to effectively combat multiple categories of attacks: internal threats, zero-day vulnerabilities on VPN gateways, credential theft, password attacks, network layer exploits, or, more commonly: user errors and social engineering.
Usage patterns are also changing, along with the concept of the perimeter. As companies increasingly shift their infrastructures toward the cloud, how can we adapt our security strategy to make it compatible with this new way of thinking about networks and data management?
The scan had been running for several minutes, and the attacker’s screen displayed a list of listening applications detected on the network. He had entered the post-exploitation phase, meaning he had successfully infiltrated the system and was now trying to extend his control to other devices.
They are everywhere and have been used since the 1960s. Their invention is often attributed to Fernando Corbató, one of the pioneers of time-sharing operating systems.
Originally, they allowed multiple users to share the same machine by partitioning spaces and protecting their data.
As with modern operating systems, each user was assigned an account with a password.
The FIR (Force d’Intervention Rapide or Rapid Intervention Force) had been on-site for just over an hour when the first remediation action was implemented. The idea was to isolate the subnetwork where the infected machines were running before redirecting client traffic to the backup infrastructure. Several endless hours of service interruptions had already passed, and the CISO had lived through the nightmare he had promised himself to avoid when he took the job eight months earlier.
In the previous article Effectively Managing Your Attack Surface (Part 1), we used the tool Uncovery - Advanced EASM to get an accurate view of the attack surface of the information system. The results showed 160 services exposed on the internet network, intended for a well-defined user population. In this article, we will show how to use Chimere to secure all of these services and remove them from the attack surface while keeping them accessible to employees.
To do this, we will use the automatic service enrollment mechanism offered by Chimere and then connect the company's identity provider to the Chimere Manager to provide user access to services.
When you are a CISO or CIO taking on a new position, one of the challenges is to efficiently understand the areas where protection measures and security actions need to be implemented. Esteemed readers of this blog, you know how exposing applications on the internet is one of the most common causes of information system compromise. If this is your first Chimere article, take a look at our previous thoughts on the subject: 10 cyberattacks that exploited the principle of exposure, 3 types of attacks feared by companies, and 3 strategies to protect your information system from internet scans (and resulting attacks)
In this article, we provide a method to identify and manage this exposure, ultimately reducing the risk of compromise resulting from the exposure of your assets on the internet.
Let’s look back at an ambitious program that defines itself as “the acceleration program for future cybersecurity champions,” in the universe of a French giant in the field and at the heart of the “world’s largest startup campus.”
To the entire cyber community, and to everyone, we wish you a very happy 2024! May it be synonymous with success and fulfillment in all your projects.
Application anonymity, network authentication, and exposure elimination are three characteristics intimately linked to the principle of hidden services. In the previous article: What is a 'Hidden Service'? Part 1, we highlighted these three aspects of the mechanism, but they are not alone in bringing interesting properties in terms of network security. In this new article, we found it interesting to highlight four other characteristics, much less known than the first ones, yet providing a real defensive added value.
