Your Vendors: Cold Beer or Malicious Attack Vector?

Your Vendors: Cold Beer or Malicious Attack Vector?

  • By Jeff Swearingen
  • Feb 04, 2014

Your Vendors: cold Beer or Malicious Attack VectorThe word vendor may be most frequently associated with a guy selling beer or tossing bags of peanuts at your local stadium. Good times. Back at the office, there’s an entirely different kind of vendor: the one whose software is the backbone of your business operation.

Vendors are an important and potentially devastating population of users that should be handled with extreme care. Even a mid-size hospital will have 100 or more third parties that require remote access to service and support the MRI machine, the patient billing system and/or the electronic medical records platform.

Target disclosed that a vendor credential was a key component of its breach. A compromised administrator login was used to install malware that scooped credit card data and transferred it to a remote server. How did the attackers get network access to exploit the login? This story begins much earlier than what’s being reported.

There are two key things that make vendors very different than employees. First, one vendor may have thousands of individual technicians. Without the right controls, a login given to Tom on Tuesday may be used by Wendy on Wednesday. Credentials are not only stored in the vendor’s CRM system, they’re written on sticky notes affixed to monitors around the world.

Secondly, vendors require admin rights to their systems. As we learned in the Target breach, the network privileges granted to an admin are extremely powerful.  Your employees can view a sales report; your vendors can copy a database.

So, what to do? Here are my five golden rules for managing vendor access:

  1. Be aware. Vendors are not typical users and should be treated as very special guests.
  2. Have a realistic policy. Insist on individual logins and demand accountability, but don’t expect a technician to send you a copy of her passport. It’s not going to happen.
  3. Integrate policy in your purchasing process. Remote access should be negotiated before the vendor needs it. If your POS system is down, your IT staff (or someone else) is going to open a door that may be left open. The best time to negotiate access methodology is when the software is being purchased (amazing how accommodating the salespeople are at that time) or when your maintenance/subscription agreement is being renewed.
  4. Control the platform. If left to their own devices, a vendor may choose a remote support method (often a simple screen-sharing tool) that meets their needs more than yours. Your platform should support multi-factor authentication, provision granular access privileges, keep credentials private and audit all activity at the individual user level.
  5. Monitor vendor activity. While it may not be practical to track every keystroke, a consistent audit of vendor remote access should create alarms when a server is accessed repeatedly or large files are being transferred outside the network.

Managing vendor access is a critical component of any network security strategy. With awareness, proper policy and the right platform, it’s possible to avoid a malicious visit from these very special guests.

About the Author

Jeff Swearingen is co-founder and CEO of SecureLink, an Austin, TX-based software company that helps manage the chaotic space between enterprise technology vendors and their customers.

Featured

  • It Always Rains in Florida

    Over the years, and many trips to various cities, I have experienced some of the craziest memorable things. One thing I always count on when going to Orlando is a massive rainstorm after the tradeshow has concluded the first day. Count on it, it is going to rain Monday evening. Expect that it will be a gully washer. Read Now

    • Industry Events

  • Live from GSX 2024 Preview

    It’s hard to believe, but GSX 2024 is almost here. This year’s show runs from Monday, September 23 to Wednesday, September 25 at the Orange County Convention Center in Orlando, Fla. The Campus Security Today and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Whether you’re attending the show or keeping tabs on it from afar, we’ve got you covered. Make sure to follow the Live from GSX page for photos, videos, interviews, product demonstrations, announcements, commentary, and more from the heart of the show floor! Read Now

    • Industry Events

  • Elevate Your Business

    In today’s dynamic business environment, companies specializing in physical security are constantly evolving to remain competitive. One strategic shift these businesses can make to give them the advantage is a full or partial transition to a recurring revenue model, popularly called a subscription service. This approach will bring numerous benefits that not only enhance business stability but also improve customer relationships and drive innovation. Recurring monthly revenue (RMR) or recurring annual revenue (RAR) are two recurring cadence choices that work simply and effectively. Read Now

  • Playing a Crucial Role

    Physical security technology plays a crucial role in detecting and preventing insider cybersecurity threats. While it might seem like a stretch to connect physical security with cyber threats, the two are closely intertwined. Here’s how physical security technology can be leveraged to address both external and internal threats. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3