Angara Security: Continuous External Perimeter Security Monitoring Service

Main article: IT outsourcing

2023: Launch of Continuous External Perimeter Security Monitoring Service

Angara Security launches a service for continuous monitoring of the security of the external perimeter. The company announced this on November 29, 2023.

According to industry research, 88% of information breach incidents occur as a result of perimeter site hacks. This part of the corporate infrastructure, where client services, web resources and network equipment are concentrated, is most often attacked. Many companies use security scanners to monitor vulnerabilities, and then involve their information security specialists to analyze and assess risks.

In the vast majority of cases, cybercriminals exploit vulnerabilities in companies' web resources. The task is complicated by the fact that up to 80% of the IT infrastructure is updated during the year. To build a full-fledged process for identifying and managing vulnerabilities, continuous monitoring of the security of the external perimeter is required.

According to to data Angara Security, the weakest points in the external perimeter of companies are support for TLS the 1.0/1.1 protocol, the use of weak algorithms enciphering SSL ones in and the expiration of the SSL certificate. These vulnerabilities lead to the fact that the connection channel to a remote resource, for example, a website, will be unprotected or browsers will notify users about the insecurity of the resource, which can eventually lead to an outflow of clients.

Anti-rating also includes self-signed SSL certificates, no HSTS header (RFC 6797), use of the Diffie-Hellman module in SSL/TLS <= 1024 бит (Logjam), подпись SSL-сертификата нестойким алгоритмом хеширования.

In addition to the listed vulnerabilities, the top 10 includes parameters such as the use of an unsupported version of the web server, support for a weak set of RC4 ciphers, and a SSL certificate chain that contains RSA keys less than 2048 bits.

The list of new objects of potential attacks is constantly expanding due to the connection of external services, the expansion of application functionality, the introduction of Enterprise, Open source solutions. Each stage of infrastructure renewal carries the risk of new vulnerabilities or misconfigured systems that may affect critical aspects of the company's operations or business processes as a whole.

As part of the Continuous Monitoring service, we provide data that an information security specialist can immediately use to make decisions when managing vulnerabilities on the external circuit, determine the priority of their elimination in the verified report of critical vulnerabilities, and then control the implementation of vulnerability resolution by the IT division, "said Andrey Makarenko, Head of Business Development Angara Security.

Continuous monitoring of the external perimeter allows you to systematically build the process of identifying and managing vulnerabilities. As part of the inventory scan, the solution checks the specified list of IP addresses with the definition of open ports (TCP/UDP), determines the available services on open ports and hosts, as well as their versions, provides a comparative analysis of the detected network nodes, ports, changes relative to the results of the previous scan.

Obtained data are available for viewing in real time in the personal account of the service. The format dashboards reflects the current status of the external perimeter, new discovered and eliminated vulnerabilities and the level of their criticality.

To detect vulnerabilities, network scanners, inventory tools, and web resource analysis are used. All identified vulnerabilities with a criticality assessment of "medium" and higher are verified by Angara Security experts who prepare recommendations to eliminate the shortcomings.

According to the results of a series of pilot projects, full-time information security specialists noted that they managed to reduce the time for forming a task pool for the IT department to fix critical vulnerabilities, implement monitoring of the elimination of vulnerabilities in one-stop shop mode, and also appreciated the user-friendly interface of the personal account.