Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

Ingress and Egress Controls Limit What Bad Actors Can Do

Add bookmark
Lisa Morgan
Lisa Morgan
08/03/2021

Enterprise data and IT asset security requires controls that limit what enters and exits the network. Ingress controls help minimize malicious incoming traffic while egress controls keep insiders from sharing data or other intangible assets with unauthorized parties. 

Traditionally, such solutions were rule-based (and rules still matter), however, increasingly vendors are adding AI to their products to improve their effectiveness and extend their capabilities. 

Handling Ingress Threats

Enterprises use ingress filtering to keep suspicious traffic out of the network. Routers and firewalls include packet filtering capabilities that sort based on the information included in headers. Some considerations include:

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.

  • Has the IP address been spoofed? 
  • Are the firewall rules so weak that a bad actor can easily spoof an internal IP address?
  • What is the reputation of the IP address?
  • Does the traffic suggest a Distributed Denial of Service (DDOS) attack?
  • Are blacklists and whitelists effective and up to date?

Generally speaking, rule definitions matter greatly.

Handling Egress Threats

Enterprises also use data filtering to stop egress threats. While it is necessary to monitor corporate email for signs of unauthorized data sharing, it is not the only way for data to leave the building. Other forms can be images captured with a camera (or other IoT device which includes a camera), on a thumb drive, file sharing sites, file transfer protocol (FTP), hard disk drives or Hypertext Transfer Protocol (HTTP) transfers. Clearly, some of those means can be controlled electronically, while others require physical security. 

Either way, what's at stake are the company's crown jewels and reputation since stolen intangibles are valuable on the black market and their theft is an effective (but illegal) way to get revenge on the company. Business plans, product plans, intellectual property, healthcare records, and the personally identifiable information (PII) are all fair game. Sadly, enterprises have been slow to acknowledge the prevalence of insider threats, both intentional and accidental. However, that is changing thanks to Zero Trust and Defense in Depth postures, and Cyber Awareness training for company employees. 

For example, advertising agency account executive accidently cc'ed a journalist on a threat that revealed that the agency's client, a car manufacturer, had just learned of a less-than-optimal rating of one of its car components which contradicted the ad campaign messaging. The agency was recommending that the car manufacturer ignore the report. Luckily, for the ad agency, the journalist brought the inadvertent mistake to the attention of the agency and trashed the email. An investigative reporter might have published the information. 

Of course, not all data exfiltration is done by insiders. It's also done by outside actors who may have infiltrated the company many months ago to do some sort of recognizance work such as identifying high-value assets to steal or high-value targets to phish or socially engineer. They may also use their access to introduce malware into the environment.

How to Minimize Ingress and Egress Threats?

  • Make sure your security architecture adequately addresses ingress and egress threats.
  • Make sure your security policy addresses and enforces ingress and egress threats.
  • Have an incident response plan in place.
  • Monitor networks, applications, and user accounts for odd behavior.
  • Use firewalls. The next-generation models have been designed with today's world in mind, so they provide content inspection, network monitoring, packet filtering, a Secure Sockets Layer (SSL) virtual private network (VPN), and Internet Protocol security (IPsec). Make sure your firewall rules advance the security policy.
  • Use Security Information and Event Management (SIEM) to log traffic coming in and out of the firewall. Since these tools are designed to work across different systems and networks, they can help reduce the number and impact of breaches.
  • Identify the enterprise's most valuable assets, including data, and make sure they are protected.
  • Minimize data loss with Data Loss Prevention (DLP tools).
Tags: Ingress Threat Egress Threat DLP Data Loss Prevention PII Personally Identifiable Information CSH CS Hub Cyber Security Hub IT asset FTO IoT

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy