Last year was a big year for software vulnerabilities. More security flaws were reported in 2014 than ever. Of the more than 7,000 vulnerabilities added to the National Vulnerability Database, an estimated 83 percent of them were found in third-party software. And this trend is likely to continue in 2015.
Combined with the fact that it can be incredibly hard to get insight into what unsanctioned tools and cloud services employees use on a regular basis, enterprise IT teams have good reason to be worried. Without insight, it’s difficult to track data exfiltration, or know when employees may need to reset a password because of a hack affecting a third-party tool.
The good news is, if you subscribe to an OpenDNS Umbrella package, you already have access to a report that can show what services and Internet enabled devices are in your network environment, and even tie these devices to a user.
The worry on behalf of IT teams is what prompted OpenDNS to develop a cloud services discovery tool, which the San Francisco security company released August of 2014. Director of Engineering Dave Cornell and his team saw an opportunity to provide OpenDNS customers with an unprecedented insight into their network environments and what third-party cloud and SaaS tools employees were using.
“Originally we called it the Shadow IT report,” Cornell said in an interview. “The problem we’re solving is that organizations a lot of times don’t know what tools employees are using. They’ll use whatever tool makes their job easier, condoned or not.”
Discovery Now Includes IoT
OpenDNS estimates that its global data centers handle two percent of the world’s DNS requests, which includes cloud services and IoT traffic passing through enterprise networks. Leveraging such a vast knowledge of the Internet the company is able to correlate traffic to cloud app usage like DropBox in near real time. OpenDNS this week released the 2015 Internet of Things in the Enterprise Report, and in conjunction Cornell and his team added a new category to the Cloud Services Report specifically for IoT.
This means IT admins or security professionals auditing for internal security threats can easily determine if the Samsung Smart TV in the conference room down the hall is making calls to Korea, even when not in use.
Considering the risks that come with IoT, and how pervasive they’re becoming in the enterprise, being able to tie network activity from IoT devices–and cloud services in general for that matter–to an employee identity could be incredibly valuable for IT and security professionals short on time.
Easy Deployment and Off-Network Reporting
Cornell says the Cloud Services Report borrows two distinct benefits from Umbrella. One is easy deployment, since the report is included with the existing Umbrella packages, and uses the data OpenDNS already sees as a result, there’s no extra work needed on behalf of IT or InfoSec teams. Once DNS requests are logged, the cloud report will do its work.
The other advantage, Cornell said, is off-network reporting. Many existing cloud reporting tools work through proxies and get data from perimeter appliances like firewalls and IDS. Working with appliances and connecting data to a cloud report can be complex, but it also means they will not be able to catch activity once a device leaves a company’s network perimeter.
It’s Not All FUD
It’s important to note that the report’s most useful applications are not only blocking or preventing certain traffic or employee behavior. It’s also a powerful tool when justifying an IT budget, gauging use of deployed apps, or building a case to sanction a cloud solution employees already use.
Cornell states that IT leaders who make use of the report will be able to draw conclusions based on actual usage. Wondering if your team prefers Webex or Google Hangouts? Take a look at the report and see what employees are using already.
Useful Even When Not Proactive
Security professionals, much as they would like to, don’t have a crystal ball. Unfortunately this means working frantically after a breach has occurred. And if it’s a third-party that had a breach, it can be even harder determining whose login credentials or data may have been compromised. The first step is determining who uses that third-party service.
According to Cornell, this is a powerful use for the Cloud Services Report. “Say company X has a cloud service and had a major data breach,” he said. “And say all customer account logins were exposed. System administrators can use this report to find who was using this service, and advise them to change passwords.” He added that because the tool records activity in near real time, reaction times to ongoing breaches or announcements from third parties can drop significantly.
If you are not a current subscriber and would like to experience the Cloud Services Report and find out what cloud tools and IoT devices your employees are using, Cisco Umbrella allows access through a free trial.