A network has up to 65,535 ports, each one a means for hackers to smuggle packets of information out of an enterprise. In simpler times attention of network security officers was devoted to the two most commonly opened ports, 80 for web traffic, and port 443 for encrypted web traffic. Web security systems were built to monitor those incoming and outgoing threads and generally securing activity within an office's four walls.
Then came applications, video, social media, mobile networks, the cloud. Employees began connecting laptop, tablets, mobiles. Ports started to open up.
Web security technology on the market 12-18 years ago, often still used today, never considered the possibility of these products, and were not well designed to monitor the corresponding ports. Stressing the situation are the two different types of protocols, or languages, that computers use to communicate; TCP and UDP. In financial services older technologies were primarily using TCP, but today's high-speed and real-time updates are more likely to use UDP, or User Datagram Protocol, which comes with 65,535 ports of its own, almost none of which was factored into the design of legacy systems. In all, more than 130,000 ports are opening up, introducing threats, and firms need to keep pace with the potential for security breaches.
Think of it in terms of the entrances of a home, says Paul Martini, CEO of iboss, a platform provider giving visibility of everything going in and out of a network, across every single network port. "Port 440 and 80 are the front and back door, but windows are important too." A responsible owner would not leave the house with all the windows opened, but when network security fails to monitor the additional ports they are doing just that. "Once you open additional ports you cant just ignore the fact that they're open."
Financial services organizations are particularly targeted for usernames and passwords, credit card information and the like. Martini says the recently headlined hack by five Eastern European men, who stole 160 million credit card numbers and other personal information over the course of seven years happened unnoticed over UDP ports. He believes these firms were obstructed from earlier discovery by outdated legacy technology and patched security solutions.
The use of cloud adds to the level of risk. In financial services, explains Martini, those financial graphs and the stock changes data is all happening in serves other than the network you're in. "The cloud is outside of your internet, it's a global network, and all these tools are migrating to a centralized data center. The only times these ports come into play is when data comes in and out… Cloud is what drives this risk because as soon as it's introduced into mix, data needs to leave the network, and it creates opportunity for hackers to go through same door to get data they want." The risk of cloud is accelerated because it is going over UDP, and network security may not be closely monitoring that.
In a recent press release, according to Peter Martini, COO and co-founder of iboss, “Cybersecurity and privacy concerns are now front and center, thanks to the NSA revelations and advanced ways hackers can get into networks. These threats include mobile devices too, as malware is focusing on Android and iOS devices. These devices can be compromised when they are outside the network, infecting upon return."
“Today’s network security vendors and most enterprise environments are just not prepared to track, analyze and understand that type of traffic. Since we started shipping our iboss platform a year ago, we’ve replaced many legacy vendor installs at enterprises who need to have more insight and visibility into their networks. Many IT administers just don’t realize what can actually be seen on the network, as outdated technology doesn’t provide that option.”