CIO Influence
CIO Influence News Security

ExtraHop Benchmarking Cyber Risk and Readiness Report Highlights Prevalence and Risks of Internet-Exposed Protocols on Organizations’ Networks

ExtraHop Benchmarking Cyber Risk and Readiness Report Highlights Prevalence and Risks of Internet-Exposed Protocols on Organizations’ Networks

More than 60% of organizations expose remote control protocol SSH to the public internet, while 36% of organizations expose the insecure FTP protocol

ExtraHop, the leader in cloud-native network intelligence, released findings from the ExtraHop Benchmarking Cyber Risk and Readiness report showing that a significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet. Whether intentional or accidental, these exposures broaden the attack surface of any organization by providing cyberattackers an easy entry point into the network.

“Ports and protocols are essentially the doors and hallways that attackers use for exploring networks and causing damage”

Since the Russian invasion of Ukraine, governments and security experts around the world have noticed a significant increase in cyberattack activity. The Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies such as ENISA, CERT-EU, ACSC, and SingCERT have strongly encouraged enterprises to focus on strengthening their overall security postures, starting with reducing the likelihood of a damaging cyber intrusion. One key recommendation made by these agencies is that organizations disable all unnecessary or insecure ports and protocols.

Latest ITechnology News: GridGain Appoints Eoin O’Connor as New President and CEO

In the new report, ExtraHop conducted an analysis of enterprise IT environments to benchmark the cybersecurity posture of organizations based on open ports and sensitive protocol exposure so that security and IT leaders can assess their risk posture and attack surface visibility relative to other organizations.

Key Findings

  • SSH is the Most Exposed Sensitive Protocol: Secure Shell (SSH) is a well-designed protocol with good cryptography for securely accessing remote devices. It is also one of the most widely used protocols, making it a favorite target for cybercriminals looking to access and control devices across an enterprise. Sixty-four percent of organizations have at least one device exposing this protocol to the public internet.
  • LDAP Exposure is High: Lightweight directory access protocol (LDAP) is a vendor-neutral application protocol that maintains distributed directory information in an organized, easy-to-query manner. Windows systems use LDAP to look up usernames in Active Directory. By default, these queries are transmitted in plaintext giving attackers an opportunity to discover usernames. With 41% of organizations having at least one device exposing LDAP to the public internet, this sensitive protocol has an outsized risk factor.
  • Exposed Database Protocols Open Doors for Attacks: Database protocols enable users and software to interact with databases, inserting, updating, and retrieving information. When an exposed device is listening on a database protocol, it exposes the database as well. Twenty-four percent of organizations have at least one device exposing Tabular Data Stream (TDS) to the public internet. This Microsoft protocol for communicating with databases transmits data in plaintext, making it vulnerable to interception.
  • File Server Protocols At Risk: In looking at the four protocol types (file server protocols, directory protocols, database protocols, and remote control protocols), the vast majority of cyberattacks occur in file server protocols, which involve attackers moving files from one place to another. Thirty-one percent of organizations have at least one device exposing Server Message Block (SMB) to the public internet.
  • FTP is Not As Secure As it Can Be: File transfer protocol (FTP) is not a full-service file access protocol. It sends files over networks as a stream and offers practically no security. It transmits data, including usernames and passwords, in plaintext, which makes its data easy to intercept. While there are at least two secure alternatives, 36% of organizations expose at least one device using this protocol to the public internet.
  • Protocol Usage Differs by Industry: This is indicative of different industries investing in different technologies and having different requirements for storing data and interacting with remote users. When considering all industries together, SMB was the most prevalent protocol exposed.
    • In financial services, SMB is exposed in 28% of organizations.
    • In healthcare, SMB is exposed in 51% of organizations.
    • In manufacturing, SMB is exposed in 22% of organizations.
    • In retail, SMB is exposed in 36% of organizations.
    • In State and Local Government, SMB is exposed in 45% of organizations.
    • In tech, SMB is exposed in 19% of organizations.
  • Organizations Continue to Leverage Telnet: Telnet, an old protocol for connecting to remote devices, has been deprecated since 2002. Yet 12% of organizations have at least one device exposing this protocol to the public internet. As a best practice, IT organizations should disable Telnet anywhere it is found on their network.

Latest ITechnology News: Mission Cloud Services Achieves AWS Service Delivery Designation for Amazon QuickSight

“Ports and protocols are essentially the doors and hallways that attackers use for exploring networks and causing damage,” said Jeff Costlow, CISO, ExtraHop. “That’s why knowing which protocols are running on your network and what vulnerabilities are associated with them is so important. This gives defenders the knowledge to make an informed decision about their risk tolerance and take actions — such as maintaining a continuous inventory of software and hardware in an environment, patching software quickly and continuously, and investing in tools for real-time insights and analysis — to improve their cybersecurity readiness.”

Latest ITechnology News: Avast One to Extend Home Network Protection and Online Safety Guidance Across Platforms

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Presidio Expands Splunk Services with the Acquisition of Kinney Group Business

Business Wire

Nokia Selected by T-2 Slovenia in Five-Year 5G Deal as Sole Supplier

CIO Influence News Desk

Keeper Security Appoints Gerardo A. Dada as New Chief Marketing Officer to Accelerate Market Expansion in 2022

CIO Influence News Desk