{"id":3100,"date":"2018-02-12T13:59:56","date_gmt":"2018-02-12T20:59:56","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=3100"},"modified":"2019-08-19T13:40:13","modified_gmt":"2019-08-19T20:40:13","slug":"smart-devices-during-a-breach-threat-exposure-and-a-source-of-forensic-data-during-incident-response","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/brief\/smart-devices-during-a-breach-threat-exposure-and-a-source-of-forensic-data-during-incident-response\/","title":{"rendered":"Smart Devices During A Breach: Threat, Exposure and A Source Of Forensic Data During Incident Response"},"content":{"rendered":"<h5 class=\"et_pb_toggle_title\">Smart devices add exposure and threat during a breach and are a source of intelligence and forensic data during incident response.<\/h5>\n<div class=\"et_pb_toggle_content clearfix\">\n<p><strong>Issue<\/strong><br \/>\nA common challenge in any incident response is figuring out how access was gained, which vulnerability or exploits were used, and how to prevent a recurrence. Many breaches are not single events, but the end of a long series of probes, penetrations, and exfiltrations. The reality is that we are often dealing not with \u201ca breach,\u201d but a series of incidents that can have been going on longer than many realize.<\/p>\n<p>The explosion of smart devices creates many more opportunities not only to reveal the information but for attack vectors. A \u201cphishing\u201d email might be read on an employee\u2019s cell phone and not directly breach a corporate system. But, it might install malware on that phone so the next time it is in WiFi or Bluetooth proximity of a business network the malware starts searching for new opportunities. This shifts what would have been an external penetration to an internal one.<\/p>\n<p><strong>Impact<\/strong><br \/>\nThe specific impact to InGuardians customers is relatively low.<\/p>\n<p dir=\"ltr\">The real challenge is in mapping the many additional connections to your networks, and identifying where such connections are logged \u2013 if at all. You cannot effectively investigate the cause or source of a breach if you do not have a clear record of the network.<\/p>\n<p><strong>Recommendations<\/strong><br \/>\nInGuardians recommends regular review of network architecture as it develops, not merely as planned. Systems and connections often grow organically and in creeping increments, and too often expedient solutions are imperfectly documented. It is important to know what the network looks like today, to know where device access logs are stored, and whether they have ever been reviewed.\u00a0 InGuardians highly recommends robust egress filtering and monitoring.<\/p>\n<p>InGuardians also recommends reviewing the policy for the devices managed by your organization. \u00a0Secretary of Defense Mattis is reconsidering DoD\u2019s policies for every personal electronic device that \u201ctransmits a two-way signal\u201d. \u00a0That\u2019s much more than just cell phones, but you should at least know WHAT you allow.<\/p>\n<p><strong>Additional Resources<\/strong><\/p>\n<p dir=\"ltr\"><a href=\"http:\/\/www.nextgov.com\/policy\/2018\/01\/pentagon-reviewing-electronic-device-policy\/145625\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/www.nextgov.com\/policy\/2018\/01\/pentagon-reviewing-electronic-device-policy\/145625\/<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Smart devices add exposure and threat during a breach and are a source of intelligence and forensic data during incident response. Issue A common challenge in any incident response is figuring out how access was gained, which vulnerability or exploits were used, and how to prevent a recurrence. Many breaches are not single events, but [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[169],"tags":[107,134,157,106,159,116,115,128,114,130,129,148],"_links":{"self":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3100"}],"collection":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/comments?post=3100"}],"version-history":[{"count":1,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3100\/revisions"}],"predecessor-version":[{"id":3101,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3100\/revisions\/3101"}],"wp:attachment":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/media?parent=3100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/categories?post=3100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/tags?post=3100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}